CodeIgniter security-Related settings Rollup _php instance

The CodeIgniter framework itself provides security settings such as prevention against XSS and csrf attacks, prevention against SQL injection attacks, and so on.

In the case of a configuration file:

In the application/config/config.php

$config [' encryption_key '] = ';//This must be set to encrypt their own cookies
$config [' cookie_secure '] = true;//set to TRUE/
*
| ------------------------------------------------------------------------
| Global XSS filtering globally XSS filter set to True
|------------------------------------------------------------------------ --
|
| Determines whether the XSS filter is always active as get, POST or
| COOKIE data is encountered
|
* *
$config [' global_xss_filtering '] = TRUE;
Guard against CSRF attacks
$config [' csrf_protection '] = TRUE;
$config [' csrf_token_name '] = ' mall_tooken ';
$config [' csrf_cookie_name '] = ' mall_cookie ';
$config [' csrf_expire '] = 7200;//Set the appropriate time

Open system/core/input.php

Set the $xss_clean in Get and post methods to true of course, if your site is safe and indifferent, it is not set or explicitly set when calling get or post parameters.

The development of the need to note:

1. Use

$this->input->get (' name ', true);

Instead of using $_get[' name ';

2. Use

$this->input->post (' name ', true);

Instead of using $_post[' name ';

3. Use ActiveRecord query statements and try to avoid statements such as Select