Shulou(Shulou.com)06/03 Report--

This article shares with you the content of a sample analysis of the security of the CI framework. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

The details are as follows:

Anyone who has used the ci framework knows that the ci framework can greatly shorten your code. In fact, the ci framework can improve the security of your website.

Prevent attacks on the database

Data entry can cause many problems. Because of HTML and database limitations, data always contains specific symbols-for example, omitting symbols and quotation marks-that can lead to attacks on your database and end up with unpredictable results.

The solution is to process the data before storing it in the database. Doing so will waste some system time and add some extra coding.

CI's form helper functions do this automatically. So, when you write an input box:

Echo form_input ('username',' johndoe')

CI also implicitly executes the following check functions:

Function form_prep ($str =') {if ($str = =') {return';} $temp ='_ TEMP_AMPERSANDS__'; / / Replace entities to temporary markers so that / / htmlspecialchars won't mess them up $str = preg_replace ("/ & # (\ d+); /", "$temp\\ 1;", $str); $str = preg_replace ("/ & (\ w+); /", "$temp\\ 1;", $str); $str = htmlspecialchars ($str) / / In case htmlspecialchars misses these. $str = str_replace (array ("'",''), array ("& # 39;", ""), $str); / / Decode the temp markers back to entities $str = preg_replace ("/ $temp (\ d +); /", "& #\\ 1;", $str); $str = preg_replace ("/ $temp (\ w+); /", "&\\ 1;", $str); return $str;}

The above function captures special characters like "&" so that it doesn't cause confusion when your page is submitted. You should know that some characters can cause problems.

Not all users will properly enter information that meets the requirements, and you can't know who is using the browser to enter information, what they are thinking and what they are doing. You can use CI to prevent you from entering information that does not meet the requirements. Of course, you don't have to know how CI does all this for you behind the scenes, you simply type in the following code:

Echo form_input ('username',' johndoe'); thank you for reading! This is the end of this article on "sample Analysis of CI Framework Security". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.