Security Analysis of CI framework and security analysis of CI framework-PHP Tutorial

Security analysis of the CI framework and security analysis of the CI framework. This article analyzes the security of the CI framework. For your reference, the details are as follows: anyone who has used the ci framework knows that the ci framework can analyze the security of the CI framework and the security analysis of the CI framework.

This article analyzes the security of the CI framework. We will share this with you for your reference. The details are as follows:

Anyone who has used the ci framework knows that the ci framework can greatly shorten your code. In fact, the ci framework improves the security of your website.

Prevent database attacks

Data input may cause many problems. Due to HTML and database restrictions, data always contains specific symbols-for example, omitting symbols and quotation marks-may cause your database to be attacked and ultimately unexpected results.

The solution is to process the data before it is stored in the database. This will waste some system time and add some additional encoding.

The form helper function of CI automatically completes these tasks. Therefore, when you write an input box:

echo form_input('username', 'johndoe');

CI also implicitly executes the following verification functions:

function form_prep($str = ''){  if ($str === '')  {    return '';  }  $temp = '__TEMP_AMPERSANDS__';  // Replace entities to temporary markers so that  // htmlspecialchars won't mess them up  $str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);  $str = preg_replace("/&(\w+);/", "$temp\\1;", $str);  $str = htmlspecialchars($str);  // In case htmlspecialchars misses these.  $str = str_replace(array("'", '"'), array("'", """), $str);  // Decode the temp markers back to entities  $str = preg_replace("/$temp(\d+);/","&#\\1;",$str);  $str = preg_replace("/$temp(\w+);/","&\\1;",$str);  return $str;}

The above function captures special characters such as "&" so that it will not cause confusion when submitting your page. You should know that some characters may cause problems.

Not all users normally enter the required information, and you cannot know who enters the information in the browser, what they are thinking, and what they are doing. You can use CI to prevent entering non-conforming information. Of course, you don't have to know how CI achieves this for you behind the scenes. you just need to simply enter the following code:

echo form_input('username', 'johndoe');