• Home
  • About
  • Job Profile
  • Portfolio
  • Training
Blue Orange Green Pink Purple

Archive for the ‘CodeIgniter’ Category

You can use the search form below to go through the content and find a specific post or page:

Apr 05

Simple PHP Security in CodeIgniter

As web is now the part of our life and we can’t think our daily works without www. For both users and developers, security is a key question. I would like to share some simple security points in this post, which are common.

  • Cross Site Scripting(or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. An example of XSS may be as from user input. Suppose you put <textarea> on your site to get user input. But malicious user give input like this :
<script type="text/javascript">
window.locaton('http://example.com');
</script>

or it may be a unwanted alert message in javascript, which is not expected.So you definitely want to prevent this type of attack. I’m going to show the solution here in CodeIgniter. CodeIgniter has its built in input class.The example is below:

$data= $this->input->post('UserInput');
$data_xss = $this->input->xss_clean($data);

At first, you get user input by post method and now just pass that value to the function. if you print the final value, you will see the javascript code will be replaced by others like [removed].Now you can pass the value to database query or do anything with that value.

  • Use htmlentities( ) for user input . It will convert all applicable characters to HTML entities like below.
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is &lt;b&gt;bold&lt;/b&gt;
echo htmlentities($str);

Some useful links for best practices and security:

  • http://bit.ly/5W1yoi
  • http://bit.ly/c3KxsL
  • http://bit.ly/7I4A

Cheers and practice with best approach. :)

Saif The Green

  • View Saif's profile on LinkedIn
  • Recent Posts
    • RESTful API – The HTTPish …
    • SUSE – another user-friendly desktop Linux distributions
    • SEO meta techniques for a wordpress blog
    • Set favicon in cross browser and more…
    • WordPress custom URL rewrites and tips
  • Archives
    • October 2016
    • August 2016
    • August 2014
    • July 2014
    • April 2014
    • June 2013
    • April 2013
    • March 2013
  • Categories
    • CodeIgniter
    • Javascript
    • Linux
    • MySQL
    • opencart
    • php
    • SEO
    • Software Development
    • Web Development
    • Web Services
    • Wordpress
  • Meta
    • Log in
    • Entries RSS
    • Comments RSS
    • WordPress.org
  • Archives
    • October 2016
    • August 2016
    • August 2014
    • July 2014
    • April 2014
    • June 2013
    • April 2013
    • March 2013
  • Search







Saif The Green is proudly powered by WordPress
Entries (RSS) and Comments (RSS).