Managing Applications in CodeIgniter

Jamshid HashimiTrainer, Cresco Solution

http://www.jamshidhashimi.com jamshid@netlinks.af @jamshidhashimi ajamshidhashimi

Afghanistan Workforce Development Program

Agenda

• Managing Applications• Handling Multiple Environments• Security• PHP Style Guide

Managing Applications

• By default it is assumed that you only intend to use CodeIgniter to manage one application, which you will build in your application/ directory. It is possible, however, to have multiple sets of applications that share a single CodeIgniter installation.

Managing Applications

• Renaming application folder – index.php

• Relocating your Application Folder

$application_folder = "application";

$application_folder = "/Path/to/your/application";

DEMO

Handling Multiple Environments

• Developers often desire different system behavior depending on whether an application is running in a development or production environment. – Development– Testing– Production

Security

• URIs may only contain the following:– Alpha-numeric text– Tilde: ~– Period: .– Colon: :– Underscore: _– Dash: -

• Register Globals– During system initialization all global variables are unset, except

those found in the $_GET, $_POST, and $_COOKIE arrays. – register_globals = off.

Security• error_reporting• magic_quotes_runtime• Best Practices

– Filter the data as if it were tainted.• XSS Filter - CodeIgniter comes with a Cross Site Scripting filter.

– Validate the data to ensure it conforms to the correct type, length, size, etc. • CodeIgniter has a Form Validation Class that assists you in validating, filtering,

and prepping your data.

– Escape the data before submitting it into your database.• Escape all data before database insertion• $this->db->escape()• $this->db->escape_str()• $this->db->escape_like_str()

PHP Style Guide

• File Format– UTF8

• PHP Closing Tag• Class and Method Naming• Variable Names• Commenting• Constants• TRUE, FALSE, and NULL• Logical Operators• Comparing Return Values and Typecasting

PHP Style Guide

• Debugging Code• Whitespace in Files• Compatibility• Class and File Names using Common Words• Database Table Names• One File per Class• Whitespace• Line Breaks– Unix– Windows

PHP Style Guide

• Code Indenting• Bracket and Parenthetic Spacing• Localized Text• Private Methods and Variables• PHP Errors• Short Open Tags• One Statement Per Line• Strings• SQL Queries• Default Function Arguments

DEMO

QUESTIONS?