The security analysis of CI framework _php Example

This paper analyzes the security of CI framework. Share to everyone for your reference, specific as follows:

People who have used the CI framework know that the CI framework can greatly shorten your code. In fact, the CI framework can improve the security of your website.

Preventing attacks on the database

Data entry can cause many problems. Because of the limitations of HTML and the database, the data always contains a specific symbol-for example, ellipses and quotes-may cause your database to be attacked and eventually you will end up with unpredictable results.

The solution is to process the data before it is stored in the database. Doing so would waste some system time and add some extra coding.

The form helper function for CI automatically completes these tasks. So, when you write an input box:

echo form_input (' username ', ' johndoe ');

CI also implicitly performs the following validation functions:

function Form_prep ($str = ')
{
  if ($str = = ')
  {return
    ';
  }
  $temp = ' __temp_ampersands__ ';
  Replace entities to temporary markers so
  ,/Htmlspecialchars won ' t mess them up
  $str = preg_replace ("/& ; # (\d+);/"," $temp \\1; ", $str);
  $str = Preg_replace ("/& (\w+);/", "$temp \\1;", $str);
  $str = Htmlspecialchars ($STR);
  In the case Htmlspecialchars misses.
  $str = Str_replace (Array ("'", ' "), Array (" "," ""), $str);
  Decode the temp markers back to Entities
  $str = Preg_replace ("/$temp (\d+);/", "&#\\1;", $str);
  $str = Preg_replace ("/$temp (\w+);/", "&\\1;", $str);
  return $str;
}

The above function captures special characters such as "&" so that it does not cause confusion when your page is submitted. You should know that some characters can cause problems.

Not all users will be able to enter the required information in a compliant way, and you cannot know who is using the browser to enter information, what they are thinking and doing. You can use CI to prevent input of information that does not meet your requirements. Of course, you don't have to know how CI is doing it behind the scenes, you just need to simply enter the following code:

echo form_input (' username ', ' johndoe ');

More interested in CodeIgniter related content readers can view the site topics: "CodeIgniter Introductory Course", "CI (CodeIgniter) Framework Advanced Course", "PHP Excellent Development Framework Summary", "thinkphp Introductory Course", " Thinkphp Common Methods Summary, "Zend Framework Introduction Course", "PHP object-oriented Programming Introduction Course", "Php+mysql Database operation Introduction Tutorial" and "PHP common database Operation Skills Summary"

I hope this article will help you with the PHP program design based on CodeIgniter framework.