The CodeIgniter framework provides security settings such as XSS and CSRF attacks and SQL injection attacks.
For the configuration file:
In application/config. php
$ Config ['encryption _ key'] = ''; // This parameter must be set to encrypt your own cookies. $ config ['cookie _ secure '] = TRUE; // set to TRUE/* | optional | Global XSS Filtering Global XSS filter to TRUE | optional | Determines whether the XSS filter is always active when GET, POST or | COOKIE data is encountered | */$ config ['Global _ xss_filtering '] = TRUE; // prevents csrf attacks $ config ['csrf _ protection'] = TRUE; $ config ['csrf _ token_name '] = 'mall _ tooken'; $ config ['csrf _ cookie_name'] = 'mall _ cookie '; $ config ['csrf _ expire '] = 7200; // set the appropriate time
Open system/core/Input. php
Set $ xss_clean in the get and post methods to true. Of course, if your site is secure and indifferent, you don't need to set it or explicitly set it when you call get or post to retrieve parameters.
Note the following during development:
1. Use
$this->input->get( 'name', true );
Instead of $ _ GET ['name'];
2. Use
$this->input->post( 'name', true );
Instead of $ _ POST ['name'];
3. Use ActiveRecord query statements instead of select statements.