Codeigniter Security Helper – Codeigniter security helper is used to file contains security-related functions such as xss_clean (), which will filter out any codes that may be used in cross-site scripting hack. $this->load->helper(‘html’); is used to load the helper. Here in this tutorial we are going to explain how to use security helper in codeigniter.
Codeigniter security helper example
Let us first see how to load security helper in codeigniter and then use its function-
Load security helper
How to load security helper in codeingniter example:
$this->load->helper('security');
|
Functions:-
There are many functions are available in security helper. Now we will explain one by one with example.
- 1. XSS-clean string
- 2. Sanitized file name
- 3. Hex-formatted hash
- 4. strip image tags
- 5. encode php tags
1. XSS-clean string
Syntax of XSS-clean string function is
Syntax of XSS-clean string function is:-
xss_clean($str[$is_image = FALSE]) |
- $str (string) : Input data
- $is_image (bool) : Whether we’re dealing with an image
- Returns : XSS-clean string
- Return type : String
Parameters:
This function provides cross site script hack filtering.
EXAMPLE
Here is simple example of XSS-clean string.
XSS-clean string in codeigniter example:-
//Controllers part
public function securityCheck()
{
$this->load->helper('security');
$this->load->view('security_view');
}
// Views parts
|
The output of the above example will be something like this –
2. Sanitized file name
Syntax of sanitized file name function is
Syntax of sanitized file name function is:-
sanitize_filename($filename) |
- $filename (string) : Filename
- Returns : Sanitized file name
- Return type : String
Parameters:
This function provides protection against directory traversal
EXAMPLE
Here is simple example of sanitized file name.
Sanitized file name in codeigniter example:-
// Views parts <?php $filename = "solid_coupon"; echo sanitize_filename($filename) ??> |
The output of the above example will be something like this –
3. Hex-formatted hash
Syntax of hex-formatted hash function is
Syntax of hex-formatted hash function is:-
do_hash($str[$type = 'sha1']) |
- $str (string) : Input
- $type (string) : Algorithm
- Returns : Hex-formatted hash
- Return type : String
Parameters:
This function give permits you to create one way hashes suitable for encrypting passwords
EXAMPLE
Here is simple example of hex-formatted hash.
Hex-formatted hash in codeigniter example:-
// Views parts <?php $str = 'hello This Is Solid Coupon';??> <?php $str = do_hash($str);??> <?php echo $str = do_hash($str, 'md5');??> |
The output of the above example will be something like this –
4. Strip image tags
Syntax of strip image tags function is
Syntax of strip image tags function is:-
strip_image_tags($str) |
- $str (string) : Input string
- Returns : The input string with no image tags
- Return type : String
Parameters:
Security function that will strip image tags from a string. It leaves the image URL as plain text
EXAMPLE
Here is simple example of strip image tags.
Strip image tags in codeigniter example:-
// Views parts <?php $string = "welcome"; echo strip_image_tags($string); ??> |
The output of the above example will be something like this –
5. Encode php tags
Syntax of encode php tags function is
Syntax of encode php tags function is:-
encode_php_tags($str) |
- $str (string) : Input string
- Returns : Safely formatted string
- Return type : String
Parameters:
This security function that converts PHP tags to entities.
EXAMPLE
Here is simple example of encode php tags.
Encode php tags in codeigniter example:-
// Views parts <?php $string = "abcd"; echo encode_php_tags($string); ??> |
The output of the above example will be something like this –