You must practice this function only when you are submitting data. The elective second Boolean parameter can also be used to check image file for XSS attack. This is beneficial for file upload facility. If its value is true, means image is safe and not otherwise.
SQL injection is an attack made on database query. In PHP, we are use mysql_real_escape_string() function to stop this along with other techniques but CodeIgniter provides inbuilt functions and libraries to prevent this.
We can prevent SQL Injection in CodeIgniter in the following three ways −
$this->db->escape() function automatically adds single quotes around the data and determines the data type so that it can escape only string data.
In the above example, the question mark (?) will be replaced by using the array within the second parameter of question () function. The primary benefit of constructing query this manner is that the values are automatically escaped which produce safe queries. CodeIgniter engine does it for you automatically, so that you do not need to take into account it.
Using active records, query syntax is generated by each database adapter. It also allows safer queries, since the values escape automatically.
In production surroundings, we frequently do no longer need to show any error message to the customers. It is good if it is enabled in the development environment for debugging purposes. these errors messages may contain some information, which we should not display to the website customers for protection reasons.
There are three CodeIgniter files related with errors.
the different environment requires unique levels of error reporting. by default, development will show errors, however, testing and live will hide them. there's a file known as index.php in root listing of CodeIgniter, that's used for this purpose. If we pass zero as an argument to error_reporting() function then so that it will hide all of the errors.
Even if you have turned off the PHP errors, MySQL errors are still open. You can turn this off in application/config/database.php. Set the db_debug option in $db array to FALSE as shown below.
Another way is to transfer the errors to log files. So, it will not be displayed to users on the site. Simply, set the log_threshold value in $config array to 1 in application/cofig/config.php file as shown below.
CSRF stands for cross-site request forgery. You can prevent this attack by enabling it in the application/config/config.php file as shown below.
When you are making form using form_open() function, it will spontaneously insert a CSRF as hidden field. You can also manually add the CSRF using the get_csrf_token_name() and get_csrf_hash() function. The get_csrf_token_name() function will return the name of the CSRF and get_csrf_hash() will return the hash value of CSRF.
The CSRF token can be regenerated every time for submission or you can also keep it same throughout the life of CSRF cookie. By setting the value TRUE, in config array with key ‘csrf_regenerate’ will regenerate token as shown below.
You can also whitelist URLs from CSRF protection by setting it in the config array using the key ‘csrf_exclude_uris’ as shown below. You can also use regular expression.
Numerous designers do not know how to handle password in web applications, which is perhaps why many hackers find it so easy to break into the systems. One should keep in mind the following points while handling passwords −
CodeIgniter Related Interview Questions
|PHP Interview Questions||MySQL Interview Questions|
|PHP+MySQL Interview Questions||Drupal Interview Questions|
|MYSQL DBA Interview Questions||PHP5 Interview Questions|
|WordPress Interview Questions||Joomla Interview Questions|
|CakePHP Interview Questions||CodeIgniter Interview Questions|
|PHP7 Interview Questions|
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.