How is proper way to store an array in a cookie? in PHP Code example: <pre class="prettyprint"><code>$number_ticket=2; $info[7][5]=1; $info[8][5]=1; </code></pre>

To store the array values in cookie, first you need to convert them to string, so here is some options. <h3>Storing cookies as JSON</h3> Storing code <pre class="prettyprint"><code>setcookie('your_cookie_name', json_encode($info), time()+3600); </code></pre> Reading code <pre class="prettyprint"><code>$data = json_decode($_COOKIE['your_cookie_name'], true); </code></pre> JSON can be good choose also if you need read cookie in front end with JavaScript. Actually you can use any <code>encrypt_array_to_string</code>/<code>decrypt_array_from_string</code> methods group that will convert array to string and convert string back to same array. For example you can also use <code>explode</code>/<code>implode</code> for array of integers. <h3>Warning: Do not use serialize/unserialize</h3> From PHP.net <img src="https://i.stack.imgur.com/PeUOC.png" alt="enter image description here"> <code>Do not pass untrusted user input to unserialize().</code> - Anything that coming by HTTP including cookies is untrusted! References related to security <ul> <li>http://php.net/manual/en/function.unserialize.php#refsect1-function.unserialize-notes</li> <li>https://www.owasp.org/index.php/PHP_Object_Injection</li> <li>https://websec.files.wordpress.com/2010/11/rips_ccs.pdf</li> <li>https://www.notsosecure.com/remote-code-execution-via-php-unserialize/</li> <li>https://www.alertlogic.com/blog/writing-exploits-for-exotic-bug-classes-unserialize()/</li> <li>https://hakre.wordpress.com/2013/02/10/php-autoload-invalid-classname-injection/</li> <li>https://security.stackexchange.com/questions/77549/is-php-unserialize-exploitable-without-any-interesting-methods</li> </ul> <h3>As an alternative solution, you can do it also without converting array to string.</h3> <pre class="prettyprint"><code>setcookie('my_array[0]', 'value1' , time()+3600); setcookie('my_array[1]', 'value2' , time()+3600); setcookie('my_array[2]', 'value3' , time()+3600); </code></pre> And after if you will print <code>$_COOKIE</code> variable, you will see the following <pre class="prettyprint"><code>echo '<pre>'; print_r( $_COOKIE ); die(); </code></pre> <pre class="prettyprint">Array ( [my_array] => Array ( [0] => value1 [1] => value2 [2] => value3 ) )</pre> This is documented PHP feature. From PHP.net <code>Cookies names can be set as array names and will be available to your PHP scripts as arrays but separate cookies are stored on the user's system.</code>

Serialize data: <pre class="prettyprint"><code>setcookie('cookie', serialize($info), time()+3600); </code></pre> Then unserialize data: <pre class="prettyprint"><code>$data = unserialize($_COOKIE['cookie'], ["allowed_classes" => false]); </code></pre> After data, $info and $data will have the same content.

Storing PHP arrays in cookies

Tags:

arrays

php

cookies

How is proper way to store an array in a cookie? in PHP Code example:

$number_ticket=2; $info[7][5]=1; $info[8][5]=1;

307

asked Jan 27 '12 10:01

Paul Barrios

2 Answers

To store the array values in cookie, first you need to convert them to string, so here is some options.

Storing cookies as JSON

Storing code

setcookie('your_cookie_name', json_encode($info), time()+3600);

Reading code

$data = json_decode($_COOKIE['your_cookie_name'], true);

JSON can be good choose also if you need read cookie in front end with JavaScript.

Actually you can use any encrypt_array_to_string/decrypt_array_from_string methods group that will convert array to string and convert string back to same array. For example you can also use explode/implode for array of integers.

Warning: Do not use serialize/unserialize

From PHP.net

enter image description here

Do not pass untrusted user input to unserialize(). - Anything that coming by HTTP including cookies is untrusted!

References related to security

http://php.net/manual/en/function.unserialize.php#refsect1-function.unserialize-notes
https://www.owasp.org/index.php/PHP_Object_Injection
https://websec.files.wordpress.com/2010/11/rips_ccs.pdf
https://www.notsosecure.com/remote-code-execution-via-php-unserialize/
https://www.alertlogic.com/blog/writing-exploits-for-exotic-bug-classes-unserialize()/
https://hakre.wordpress.com/2013/02/10/php-autoload-invalid-classname-injection/
https://security.stackexchange.com/questions/77549/is-php-unserialize-exploitable-without-any-interesting-methods

As an alternative solution, you can do it also without converting array to string.

setcookie('my_array[0]', 'value1' , time()+3600); setcookie('my_array[1]', 'value2' , time()+3600); setcookie('my_array[2]', 'value3' , time()+3600);

And after if you will print $_COOKIE variable, you will see the following

echo '<pre>'; print_r( $_COOKIE ); die();

Array (        [my_array] => Array         (             [0] => value1             [1] => value2             [2] => value3         )  )

This is documented PHP feature.

From PHP.net

Cookies names can be set as array names and will be available to your PHP scripts as arrays but separate cookies are stored on the user's system.

answered Oct 09 '22 02:10

Marty Aghajanyan

Serialize data:

setcookie('cookie', serialize($info), time()+3600);

Then unserialize data:

$data = unserialize($_COOKIE['cookie'], ["allowed_classes" => false]);

After data, $info and $data will have the same content.

answered Oct 09 '22 02:10

Narcis Radu

Related questions
                            
                                cleanup php session files
                            
                                Fatal error: Class 'Illuminate\Foundation\Application' not found
                            
                                How to fake $_SERVER['REMOTE_ADDR'] variable?
                            
                                base_url() function not working in codeigniter
                            
                                File Not Found when running PHP with Nginx
                            
                                Check if a specific value exists at a specific key in any subarray of a multidimensional array
                            
                                Can you assign multiple variables at once in PHP like you can with Java?
                            
                                Get array values by keys
                            
                                Add space after every 4th character
                            
                                PHP: How to get referrer URL?
                            
                                Return current date plus 7 days
                            
                                Displaying the Error Messages in Laravel after being Redirected from controller
                            
                                SQL Dialect is Not Configured (Phpstorm)
                            
                                Are private constants possible in PHP? [duplicate]
                            
                                Laravel Eloquent inner join with multiple conditions
                            
                                What is a class in PHP?
                            
                                Remove non-ascii characters from string
                            
                                Apache 2.4.6 on Ubuntu Server: Client denied by server configuration (PHP FPM) [While loading PHP file]
                            
                                Count number of iterations in a foreach loop
                            
                                Listing all the folders subfolders and files in a directory using php

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With