i use the session hash code that represent the user_agent and user_ip
also i use session_set_cookie_params to set remember in login script .
How is my security status ? and it is not better to use setcookie instead set_session_cookie_params in remember me ? What features should I use for better security ?
sorry for my bad english
As mentioned in the comments, you don't really have a secure setup going on. There are endless things to account for regarding security, but a good start would be to account for the following:
A good beginner resource at first would be to check out phpacademy.
I've linked this a couple times also. I think it's a decent example of a PDO login system, which will help you avoid SQL Injection Attacks.
Assuming you have access to your php.ini file, you may want to look into what these commands do. They may or may not fit your needs, but they can be helpful to avoid Session Hijacking / Fixation by not allowing the PHPSESSID variable to be passed via URL and also making it inaccessible via JavaScript.
session.use_only_cookies = 1
session.cookie_httponly = 1
session.use_trans_sid = 0
Brute Force attacks can be mitigated by using proper hashing. To Look into bcrypt or scrypt for more detail. You can also check out this discussion for a little more information on this.