9.3. Conclusion
In this chapter, you tackled security and performance issues. In the next chapter, you integrate the site with a checkout mechanism and tie up any remaining loose ends identified by Claudia.
Remember to keep these thoughts in mind as you continue working with CodeIgniter:
You're free to use regular PHP measures like strip_tags() to control user input, but you can also use CodeIgniter's xss_clean(). You're also able to extend the Security helper with your own custom functions.
Database queries are not automatically escaped by CodeIgniter's Active Record Class. If you use insert() and update(), you will need to take the extra steps to keep data secure.
Your config file also contains protection against certain illegal characters in URI strings. Be careful that you don't introduce security vulnerabilities if you allow extra characters.
Performance tools, like benchmarking and profiling, can help you identify problem areas in your code, whether that be sloppy controllers, bad queries, or slow-loading views. Use the tools at your disposal to find the problem before going live, then use caching to help scale the application to your audience needs.
Get Professional CodeIgniter® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
