- Download CodeIgniter
- Place the folder into apache htdoc, delete the “user_guide” folder.
- Copy .htaccess to root directory to remove index.php in URL, also edit $config[‘index_page’].
- Edit config.php to set timezone, base_url, encryption key, session, cookie, etc.
- Setting CodeIgniter’s ENVIRONMENT constant in index.php to a value of ‘production’ before publishing.
Web security with CodeIgniter
XSS attacks: xss-filtering
$data = $this->security->xss_clean($data);
if ($this->security->xss_clean($file, TRUE) === FALSE)
// file failed the XSS test
The function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.
SQL injection: escaping-queries
The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don’t have to remember to manually escape data; the engine does it automatically for you.