PHP Cookies and MySQL

Question

I'm currently trying to make a PHP call to receive a cookie set by the following chunk of code when the user first lands on a page

if (empty($_COOKIE["uuid"])) {
$uuid = uniqid();  // or use a real UUID
setcookie("info", $uuid, $thisAid, $thisSubID, $thisURL, time()+30*24*60*60, "/");
}
else {
$uuid = $_COOKIE["uuid"];
foreach($_COOKIE as $name => $uuid){
// you can check any conditions based on cookie name $name
$cookiequery = "INSERT INTO table_name(WebTraffic) VALUES(" . mysql_escape_string($uuid) . ##")";
mysql_query($cookiequery);
unset($cookiequery);

and then later to add another line to the database when the user hits a specific page to take the values from the cookie and add it to the database

if (isset($_COOKIE["uuid"]))
$values = '';
$sql = "    INSERT INTO WebTraffic (aid, subID, campaignID, URL, uuid) VALUES(";
foreach ($_COOKIE as $name => $uuid)
$values .= "'$uuid'";

$sql .= $values.")";

but neither are working, can anyone point me in the right direction? Thanks!

EDIT: The values are strings set earlier:

$thisAID = $_GET['aID'];
$thisSubID = $_GET['subID'];
$thisCampaignID = $_GET['campaignID'];
$thisURL = $_SERVER['REQUEST_URI'];
$uuid = uniqid(); 

which are pulled from the URL passed

Answer 1

You may need to look at setting a cookie in PHP correctly. the setcookie() function expects up to 6 parameters as follows:

setcookie(name,value,expire,path,domain,secure)

Your setcookie() has 7 parameters in the call and are not following the structure correctly:

setcookie("info", $uuid, $thisAid, $thisSubID, $thisURL, time()+30*24*60*60, "/")

In addition you are checking for an empty cookie named 'uuid' with your code empty($_COOKIE["uuid"]) however you are setting a cookie with the name info.

You would need to re-arrange this to be:

setcookie("uuid", $uuid, time()+30*24*60*60, "/")

However I don't know what the $thisAid, $thisSubID or $thisURL variables contain or are for?

W3 Schools have a pretty good example of setcookie() and there is always the PHP Manual itself

If you would want to use the one cookie to store all of your variables and then build your SQL query then you could either set a cookie seperately for each variable as so:

setcookie("uuid", $uuid, time()+30*24*60*60, "/")
setcookie("thisAid", $thisAid, time()+30*24*60*60, "/")
setcookie("thisSubID", $thisSubID, time()+30*24*60*60, "/")
setcookie("thisURL", $thisURL, time()+30*24*60*60, "/")
setcookie("campaignID", $thisCampaignID, time()+30*24*60*60, "/")

or alternatively set one cookie with a ; symbol to seperate each value as so:

setcookie("uuid", $thisAid . ";" . $thisSubId . ";" . $thisCampaignID. ";" . $thisURL . ";" . $uuid, time()+30*24*60*60, "/")

You could then use the explode() function to split the cookie value apart and then use a foreach loop on this to build your SQL query as below:

    $values = explode( ";", $_COOKIE['uuid'] );

    foreach( $values as $value ) {  $sqlValues .= $value . ","; }

    $sql = "INSERT INTO WebTraffic (aid, subID, campaignID, URL, uuid) VALUES($sqlValues);

Alternatively using multiple setcookie() calls above you could do it as so:

    $sql = "INSERT INTO WebTraffic (aid, subID, campaignID, URL, uuid) VALUES($_COOKIE['thisAid'], $_COOKIE['subID'], $_COOKIE['campaignID'], $_COOKIE['thisURL'], $_COOKIE['uuid'] );

One other thing to note however is you really should be using prepared statements when inserting or retrieving information from a database to avoid SQL injection attacks. Do you know what these are/are you using any prevention techniques to avoid them?