Will using a substring of an MD5 hash like this be unique enough?

What's wrong with using a sequential id? The database will handle this for you.

That aside, 12 characters is still 96 bits. 2⁹⁶ = 79228162514264337593543950336 possible hashes. Even though MD5 is known to have collision vulnerabilities, there's a world of difference between the possibility of a collision and the probability of actually seeing one.

Update:

Based on the return value of the PHP md5 function you're using, my numbers above aren't quite right.

Returns the hash as a 32-character hexadecimal number.

Since you're taking 12 characters from a 32-character hexadecimal number (and not 12 bytes of the 128-bit hash), the actual number of possible hashes you could end up with is 16¹² = 281474976710656. Still quite a few.

<?php  function get_id()  {    $max = 1679615; // pow(36, 4) - 1;    $id = '';    for ($i = 0; $i < 3; ++$i)    {      $r = mt_rand(0, $max);      $id .= str_pad(base_convert($r, 10, 36), 4, "0", STR_PAD_LEFT);    }    return $id;  }?>

Returns a 12 character number in base-36, which gives 4,738,381,338,321,616,896 possibilities. (The probability of collision depends on the distribution of the random number generator.)

To ensure no collisions, you'll need to loop:

<?phpdo {  $id = get_id();} while ( !update_id($id) );?>

No not very unique.

Why not base64 encode it if you need it shorter?