?
Solved

php cookie security

Posted on 2011-05-04
5
Medium Priority
?
298 Views
Last Modified: 2012-05-11
Dear Experts,

I'm having a cookie like this to show a banner only once to the user everyday.
should I use a function like htmlspecialchars for security reasons?
thank you

<?php
if(!isset($_COOKIE['countsss']))
{
        $_COOKIE['countsss'] = 0;
}
$countsss = $_COOKIE['countsss'] + 1;
setcookie('countsss',$countsss,time()+60*60*24); //24 hours
?>
0
Comment
Question by:Braveheartli
5 Comments
 
LVL 19

Assisted Solution

by:Greg Alexander
Greg Alexander earned 200 total points
ID: 35690047
I would cleanse everything with mysql_real_escape_string(), you should be good
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1200 total points
ID: 35690362
Here is an example showing how to do it.  You can vary the time between splash pages.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_3314-How-to-Show-an-Introductory-Web-Page-Once-Using-PHP.html

I see nothing wrong with what you have there, but that is not to say that the other code that actually uses the cookie is correct.  If you want to post that part, perhaps we can take a look.  I can think of no reason to use htmlspecialchars().
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 200 total points
ID: 35690440
If you are usin a number in a cookie it's always best to check is_numeric()
0
 
LVL 12

Assisted Solution

by:Mohamed Abowarda
Mohamed Abowarda earned 400 total points
ID: 35690671
Since you are not using database, you don't need to strip html tags.
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 35726414
thank you
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Suggested Courses
Course of the Month15 days, 16 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question