Is it save to put array in cookie
Question
$apply_id=1111;
if(isset($_COOKIE['apply'])){
$apply_cookie=$_COOKIE['apply'];
@$apply_cookie=gzuncompress($_COOKIE['apply']);}
else{$apply_cookie=array();}
$apply_cookie = @explode(',', $apply_cookie);
if($apply_cookie === false){$apply_cookie = array();}
else{
$count=count($apply_cookie);
for($n=0; $n<$count; $n++){
if(!is_numeric($apply_cookie[$n])){unset($apply_cookie[$n]);}
}
}
//HAVE COOKIE
if(@in_array($apply_id, $apply_cookie)==TRUE){
echo "COOKIE=TRUE<BR>";
print_r($apply_cookie);
}
else{
//NO COOKIE,DB HAVE RECORDED
$db=TRUE; //QUERY HERE,SET TRUE OR FALSE FOR NOW
if($db==TRUE){
echo "COOKIE=FALSE; DB=TRUE";
$apply_cookie[]=$apply_id;
$apply_cookie=implode(',', $apply_cookie);
$apply_cookie=gzcompress($apply_cookie);
setcookie("apply", $apply_cookie, time()+3600*24*60);
}
else{
//NO COOKIE,NO RECORDED
echo "COOKIE=FALSE, DB=FALSE";
$apply_cookie[]=$apply_id;
$apply_cookie=implode(',', $apply_cookie);
$apply_cookie=gzcompress($apply_cookie);
setcookie("apply", $apply_cookie, $apply_cookie, time()+3600*24*60);
}
}
I set up a cookie to check if user have been applied. If cookie have the record. It will skip the query. If no cookie or no record than query db and update the cookie.
gzcompress (make it smaller)-> explode (array)-> is_number (only allow number) -> in_array (check if it exist)
is this secure enough? (I was using serialize before, but it seems a bit insecure)
It's only check cookie record exist or not, if not do query and update the cookie
1 answers
solution1
2 ACCPTED 2013-06-23 06:26:47
Better solution is:
<?php
$apply_id = 1111;
switch (true) {
case !isset($_COOKIE['apply']):
case ($apply_cookie = @gzuncompress($_COOKIE['apply'])) === false:
case !is_array($apply_cookie = json_decode($apply_cookie)):
$apply_cookie = array();
break;
default:
$tmp = array();
foreach ($apply_cookie as $c) {
if (is_string($c) && is_numeric($c)) {
$tmp[] = $c;
}
}
$apply_cookie = $tmp;
}
if (in_array($apply_id, $apply_cookie)) {
// HAVE COOKIE
echo 'COOKIE = TRUE<br />'.PHP_EOL;
echo nl2br(print_r($apply_cookie, true));
} else {
$db = true;
// HAVE NO COOKIE
if ($db) {
// HAVE RECORDED
$apply_cookie[] = $apply_id;
setcookie('apply', gzcompress(json_encode($apply_cookie)), time()+3600*24*60);
echo 'COOKIE = FALSE, DB = TRUE<br />'.PHP_EOL;
} else {
// HAVE NO RECORDED
$apply_cookie[] = $apply_id;
setcookie('apply', gzcompress(json_encode($apply_cookie)), time()+3600*24*60);
echo 'COOKIE = FALSE, DB = FALSE<br />'.PHP_EOL;
}
}
Note : You have to setcookie before any outputs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.