This document discusses managing multiple applications in CodeIgniter and best practices for development. It covers renaming the application folder and relocating it, handling different environments for development, testing and production. It also discusses security practices like restricting URI characters and register globals. The document concludes with a section on PHP coding style guidelines covering file formatting, naming conventions, commenting practices and more.
3. Managing Applications
• By default it is assumed that you only intend
to use CodeIgniter to manage one application,
which you will build in your application/
directory. It is possible, however, to have
multiple sets of applications that share a
single CodeIgniter installation.
6. Handling Multiple Environments
• Developers often desire different system
behavior depending on whether an
application is running in a development or
production environment.
– Development
– Testing
– Production
7. Security
• URIs may only contain the following:
– Alpha-numeric text
– Tilde: ~
– Period: .
– Colon: :
– Underscore: _
– Dash: -
• Register Globals
– During system initialization all global variables are unset,
except those found in the $_GET, $_POST, and $_COOKIE
arrays.
– register_globals = off.
8. Security
• error_reporting
• magic_quotes_runtime
• Best Practices
– Filter the data as if it were tainted.
• XSS Filter - CodeIgniter comes with a Cross Site Scripting filter.
– Validate the data to ensure it conforms to the correct type,
length, size, etc.
• CodeIgniter has a Form Validation Class that assists you in validating,
filtering, and prepping your data.
– Escape the data before submitting it into your database.
• Escape all data before database insertion
• $this->db->escape()
• $this->db->escape_str()
• $this->db->escape_like_str()
9. PHP Style Guide
• File Format
– UTF8
• PHP Closing Tag
• Class and Method Naming
• Variable Names
• Commenting
• Constants
• TRUE, FALSE, and NULL
• Logical Operators
• Comparing Return Values and Typecasting
10. PHP Style Guide
• Debugging Code
• Whitespace in Files
• Compatibility
• Class and File Names using Common Words
• Database Table Names
• One File per Class
• Whitespace
• Line Breaks
– Unix
– Windows
11. PHP Style Guide
• Code Indenting
• Bracket and Parenthetic Spacing
• Localized Text
• Private Methods and Variables
• PHP Errors
• Short Open Tags
• One Statement Per Line
• Strings
• SQL Queries
• Default Function Arguments