Codeigniter Security Helper


Codeigniter Security Helper – Codeigniter security helper is used to file contains security-related functions such as xss_clean (), which will filter out any codes that may be used in cross-site scripting hack. $this->load->helper(‘html’); is used to load the helper. Here in this tutorial we are going to explain how to use security helper in codeigniter.


Codeigniter security helper example

Let us first see how to load security helper in codeigniter and then use its function-

Load security helper

How to load security helper in codeingniter example:

 
$this->load->helper('security');

Functions:-

There are many functions are available in security helper. Now we will explain one by one with example.

  • 1. XSS-clean string
  • 2. Sanitized file name
  • 3. Hex-formatted hash
  • 4. strip image tags
  • 5. encode php tags

1. XSS-clean string

Syntax of XSS-clean string function is

Syntax of XSS-clean string function is:-

xss_clean($str[$is_image = FALSE])		

    Parameters:

  • $str (string) : Input data
  • $is_image (bool) : Whether we’re dealing with an image
  • Returns : XSS-clean string
  • Return type : String

This function provides cross site script hack filtering.

EXAMPLE

Here is simple example of XSS-clean string.

XSS-clean string in codeigniter example:-

//Controllers part
public function securityCheck()
	{
		$this->load->helper('security');
		$this->load->view('security_view');
	}

// Views parts


The output of the above example will be something like this –

2. Sanitized file name

Syntax of sanitized file name function is

Syntax of sanitized file name function is:-

sanitize_filename($filename)		

    Parameters:

  • $filename (string) : Filename
  • Returns : Sanitized file name
  • Return type : String

This function provides protection against directory traversal

EXAMPLE

Here is simple example of sanitized file name.

Sanitized file name in codeigniter example:-

// Views parts
<?php
$filename = "solid_coupon";
echo sanitize_filename($filename)
?>

The output of the above example will be something like this –

3. Hex-formatted hash

Syntax of hex-formatted hash function is

Syntax of hex-formatted hash function is:-

do_hash($str[$type = 'sha1'])		

    Parameters:

  • $str (string) : Input
  • $type (string) : Algorithm
  • Returns : Hex-formatted hash
  • Return type : String

This function give permits you to create one way hashes suitable for encrypting passwords

EXAMPLE

Here is simple example of hex-formatted hash.

Hex-formatted hash in codeigniter example:-

// Views parts
<?php $str = 'hello This Is Solid Coupon';?>
<?php $str = do_hash($str);?> 
<?php echo $str = do_hash($str, 'md5');?>

The output of the above example will be something like this –

4. Strip image tags

Syntax of strip image tags function is

Syntax of strip image tags function is:-

strip_image_tags($str)		

    Parameters:

  • $str (string) : Input string
  • Returns : The input string with no image tags
  • Return type : String

Security function that will strip image tags from a string. It leaves the image URL as plain text

EXAMPLE

Here is simple example of strip image tags.

Strip image tags in codeigniter example:-

// Views parts
<?php
$string = "welcome";
echo strip_image_tags($string);
?>

The output of the above example will be something like this –

5. Encode php tags

Syntax of encode php tags function is

Syntax of encode php tags function is:-

encode_php_tags($str)		

    Parameters:

  • $str (string) : Input string
  • Returns : Safely formatted string
  • Return type : String

This security function that converts PHP tags to entities.

EXAMPLE

Here is simple example of encode php tags.

Encode php tags in codeigniter example:-

// Views parts
<?php 
$string = "abcd";
echo encode_php_tags($string);
?>

The output of the above example will be something like this –


Advertisements

Add Comment

📖 Read More