6. Email class functions
• from() Sets the email address and name
of the person sending the email.
• to() Sets the email address(s) of the
recipient(s).
• subject() Sets the email subject.
• message() Sets the email message body.
• send() The Email sending function.
Returns boolean TRUE or FALSE.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
8. User agent
• User agent class.
• Class functions.
• Example.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
9. User agent class
• provides functions that help identify
information about the browser, mobile
device, or robot visiting your site.
• Agent class is must initialize in your
controller using as following:
$this->load->library('user_agent');
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
13. Security
• URI Security
• Error reporting
• XSS Filtering
• Data escape
• Data validation
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
14. URI Security
• minimize the possibility that malicious data
can be passed to your application.
• URIs may only contain the following:
Alpha-numeric text
Tilde: ~ Period: .
Colon: : Underscore: _
Dash: -
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
15. Error reporting
• it is typically desirable to disable PHP's
error reporting by setting the internal
error_reporting flag to a value of 0.
• This disables native PHP errors from
being rendered as output, which may
potentially contain sensitive information.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
16. XSS Filtering
• CodeIgniter comes with a Cross Site
Scripting Hack prevention filter which can
either run automatically to filter all POST
and COOKIE data that is encountered, or
you can run it on a per item basis
• Loading security helper
$this->load->helper('security');
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
17. XSS Filtering
• xss_clean():
Provides Cross Site Script Hack filtering.
to run automatically every time it
encounters POST or COOKIE data you
can enable it by set this in config file
$config['global_xss_filtering'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
18. XSS Filtering
• sanitize_filename():
Provides protection against directory
traversal.
• Enable csrf protection:
by setting this in config file
$config['csrf_protection'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
19. Data escape
• Escape data before inserting it into
database.
• $this->db->escape()
This function determines the data type so
that it can escape only string data.
• $this->db->escape_like_str()
This method should be used when strings are to
be used in LIKE conditions
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
20. Data validation
• Validating, Filtering, and Prepping data
• We saw this in session 2 : )
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi