It is my understanding that a cookie can only contain one piece of data, but in this “remember me” script:
http://www.joe2torials.com/view_tutorial.php?view=66
He sets a cookie named ‘Joe2Torials’ with 2 pieces of data - like an array:
setcookie(“Joe2Torials[username]”, $username, $time + 3600);
setcookie(“Joe2Torials[password]”, $password, $time + 3600);
So there is one cookie but with ‘username’ and ‘password’ in it.
Is this right?
yes it a correct way.
please check following link for more details:
As you can see from the code, it sets two cookies.
Both interpreted into one variable by PHP upon receiving.
It is very important not to mix PHP variables and data that exists outside of PHP program.
$_COOKIE[‘Joe2Torials’] is an array, but there are no arrays, as well as other non-scalar data outside of program.
Cookie itself is HTTP header and nothing more. So, if you take a look at http headers, you’ll see 2 cookie headers. And “Joe2Torials[username]” is just a cookie name, with no special meaning for the brackets.
Parsing both cookies into one variable is just PHP feature.
This tutorial is very bad with security though. Both SQL injection and possibility of password hijacking in this.
Cookied password shouldn’t be used in plain text, but some hash must be applied.
And data that goes to the sql query, must be properly prepared, using mysql_real_escape_string() in this case.