Home>

Anyone who has used the ci framework knows thatThe ci framework can greatly shorten your code.In fact, the ci framework can improve the security of your website.

Preventing database attacks

Data entry can cause many problems.Because of html and database limitations,Data always contains specific symbols—for example,Omitting symbols and quotes—may cause your database to be attacked,In the end, you get unexpected results.

The solution is to process the data before storing it in a database.This will waste some system time,Add some extra coding.

ci's form helper functions do this automatically.So when you write an input box:

echo form_input ("username", "johndoe");

ci also implicitly executes the following validation functions:

function form_prep ($str="")
{
  if ($str === "")
  {
    return "";
  }
  $temp="__temp_ampersands__";
  //replace entities to temporary markers so that
  //htmlspecialchars won "t mess them up
  $str=preg_replace ("/&#(\ d +);/", "$temp \\ 1;", $str);
  $str=preg_replace ("/&(\ w +);/", "$temp \\ 1;", $str);
  $str=htmlspecialchars ($str);
  //in case htmlspecialchars misses these.
  $str=str_replace (array ("" "," ""), array ("'", """), $str);
  //decode the temp markers back to entities
  $str=preg_replace ("/$temp (\ d +);/", "&#\\ 1;", $str);
  $str=preg_replace ("/$temp (\ w +);/", "&\\ 1;", $str);
  return $str;
}

The above function captures special characters like "&",So as not to cause confusion when your page is submitted.You should know,Some characters can cause problems.

Not all users will enter the required information in a regular way.It ’s impossible to know who is using the browser to enter information.What are they thinking,doing what. You can use ci to prevent entering non-compliant information.Of course, you don't need to know how ci does all this for you behind the scenes,You just need to simply enter the following code:

echo form_input ("username", "johndoe");
php
  • Previous Aspnet method of dynamically generating control using text box value
  • Next Interpretation of CI framework source code using Hookphp file to complete function expansion