$this->input->xss_clean();
In codeigniter 2.0, you will need to modify $this->input->xss_clean() to $this->secuirty->xss_clean(). Otherwise, it won’t work. Of course, don’t forget to load ‘security’ library before you use the function.
extends Controller or extends Model
You will need to change
class Test extends Controller
to
class Test extends CI_Controller
And
class Test extends Model
to
class Test extends CI_Model
Constructors and parent constructors
class Test extends CI_Controller{ function Test(){ parent::Controller(); } }
to
class Test extends CI_Controller{ function __construct(){ parent::__construct(); } }
CSRF Protection
If you are using ‘form_open()’ for all form elements, then it will generate a hidden CSRF field and works well.
Here is good tutorial “Protect a CodeIgniter Application Against CSRF”: http://net.tutsplus.com/tutorials/php/protect-a-codeigniter-application-against-csrf/
And here is good tutorial for jQuery AJAX, which can be pain to fix it: “CodeIgniter CSRF Protection With Ajax” http://ericlbarnes.com/blog/post/codeigniter_csrf_protection_with_ajax
Well, it looks like many people suffering with CSRF ignorance problem: http://codeigniter.com/forums/viewthread/186026/
Thanks for the $this->security->xss_clean() tip. It should have been documented in the Codeigniter’s online documentation.