1. Download CodeIgniter
  2. Place the folder into apache htdoc, delete the “user_guide” folder.
  3. Copy .htaccess to root directory to remove index.php in URL, also edit $config[‘index_page’].
  4. Edit config.php to set timezone, base_url, encryption key, session, cookie, etc.
  5. Setting CodeIgniter’s ENVIRONMENT constant in index.php to a value of ‘production’ before publishing.


Web security with CodeIgniter

URL Security:

XSS attacks: xss-filtering

$data = $this->security->xss_clean($data);

Bitmap injection:

if ($this->security->xss_clean($file, TRUE) === FALSE)
// file failed the XSS test

The function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

SQL injection: escaping-queries

The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don’t have to remember to manually escape data; the engine does it automatically for you.