The workshop will be held for three days with 5 session in total. Each session will start with simple explanation and hands on example. Then it is followed by excercises for the parcipant to try and experience the details of each example.
Few assumptions before starting:
- Participants are familiar with programming with PHP
- Participants are using Windows OS
- Internet connection are available
Sessions Topic are as follows:
- Session 0: Environment Preparation
- Session 1: Intro to CodeIgniter (Installation and PreTest)
- Session 2: MVC Pattern With CodeIgniter
- Session 3: CodeIgniter Common Tools and Helpers
- Session 4: Custom Library and Helpers
- Session 5: CodeIgniter Best Practice
- Project: Simple ACL and News Board ala Reddit
CodeIgniter is an Application Development Framework - a toolkit - for people who build web sites using PHP. Its goal is to enable you to develop projects much faster than you could if you were writing code from scratch, by providing a rich set of libraries for commonly needed tasks, as well as a simple interface and logical structure to access these libraries. CodeIgniter lets you creatively focus on your project by minimizing the amount of code needed for a given task.
CodeIgniter is right for you if:
- You want a framework with a small footprint.
- You need exceptional performance.
- You need broad compatibility with standard hosting accounts that run a variety of PHP versions and configurations.
- You want a framework that requires nearly zero configuration.
- You want a framework that does not require you to use the command line.
- You want a framework that does not require you to adhere to restrictive coding rules.
- You do not want to be forced to learn a templating language (although a template parser is optionally available if you desire one).
- You eschew complexity, favoring simple solutions.
- You need clear, thorough documentation.
Before we can start, we need to make sure our tools are well prepared. This workshop use only 2 tools which is Sublime Text 2 as text editor and WAMPP as our local server.
Example are written using text editor Sublime Text 2. Download it here and install it.
Sublime Text 2 Download Page
Sublime Text Example
Apache, MySQL, PHP and PHPMyAdmin were installed using WAMPP packaged. Download it here and install it. Please make sure to install Microsoft C++ redistributable package before installing WAMPP.
Some overview about CodeIgniter
CodeIgniter is a toolkit for people who build web applications using PHP. Its goal is to enable you to develop projects much faster than you could if you were writing code from scratch, by providing a rich set of libraries for commonly needed tasks, as well as a simple interface and logical structure to access these libraries. CodeIgniter lets you creatively focus on your project by minimizing the amount of code needed for a given task.
CodeIgniter is licensed under an Apache/BSD-style open source license so you can use it however you please. For more information please read the license agreement.
Truly light weight. The core system requires only a few very small libraries. This is in stark contrast to many frameworks that require significantly more resources. Additional libraries are loaded dynamically upon request, based on your needs for a given process, so the base system is very lean and quite fast.
Really fast. We challenge you to find a framework that has better performance than CodeIgniter.
CodeIgniter uses the Model-View-Controller approach, which allows great separation between logic and presentation. This is particularly good for projects in which designers are working with your template files, as the code these file contain will be minimized. We describe MVC in more detail on its own page.
The URLs generated by CodeIgniter are clean and search-engine friendly. Rather than using the standard "query string" approach to URLs that is synonymous with dynamic systems, CodeIgniter uses a segment-based approach:
example.com/news/article/345
Note: By default the index.php file is included in the URL but it can be removed using a simple .htaccess file.
CodeIgniter comes with full-range of libraries that enable the most commonly needed web development tasks, like accessing a database, sending email, validating form data, maintaining sessions, manipulating images, working with XML-RPC data and much more.
The system can be easily extended through the use of your own libraries, helpers, or through class extensions or system hooks.
Although CodeIgniter does come with a simple template parser that can be optionally used, it does not force you to use one. Template engines simply can not match the performance of native PHP, and the syntax that must be learned to use a template engine is usually only marginally easier than learning the basics of PHP. Consider this block of PHP code:
<ul>
<?php foreach ($addressbook as $name):?>
<li><?=$name?></li>
<?php endforeach; ?>
</ul>
Contrast this with the pseudo-code used by a template engine:
<ul>
{foreach from=$addressbook item="name"}
<li>{$name}</li>
{/foreach}
</ul>
Yes, the template engine example is a bit cleaner, but it comes at the price of performance, as the pseudo-code must be converted back into PHP to run. Since one of our goals is maximum performance, we opted to not require the use of a template engine.
Programmers love to code and hate to write documentation. We're no different, of course, but since documentation is as important as the code itself, we are committed to doing it. Our source code is extremely clean and well commented as well.
Download Codeigniter here
Extract (unzip) to home folder (www or htdocs) so it looks like this:
-www
-codeigniter
-application
-system
-user_guide
-index.php
If you like, change the name codeigniter into CI, so its simple to be called afterwards.
-www
-ci
-application
-system
-user_guide
-index.php
However, we can change the folder structure to whatever we like. Structure as depicted below are quite widely used for codeigniter:
-www
-app_name
-application
-index.php
-another_app
-application
-index.php
-ci_system
Just make sure we specify the location of systems file for the application to approriate location. Open the index.php file and change the system path to the new one:
$system_path = '../ci_system';
This folder structure can cater multiple application within one domain with only one codeigniter core files (system).
This make the upgrading easier and faster. To use multiple Codeigniter core for multiple application, so that we can fallback gracefully should something happen, we can use folder structure as below:
-www
-app_name
-application
-index.php
-another_app
-application
-index.php
-ci_system_v21
-ci_system_v22
... and specify which application to use which version of codeigniter in its own index.php.
Test the installation by loading the app via url: http://localhost/app_name
Latest 'test page' design should be like below:
And thus your installation is now complete! For some nightmare you can open application folder and wonder what is all the folder and files are doing.
(Or you can always open the user_guide folder tor the helpful documents.)
Exercise 0: Your App
Create your codeigniter App with system folder outside of your app_folder. Make sure the test page run fine.
/debug
Codeigniter assume the codes are structured into MVC pattern. MVC separate the concerns of codes into 3 distinct function namely:
- Models
Models are where the heavy processing is done. All the business process, database operation (CRUD) is done here. We always prefer Fat Models over Fat Controller - Controller
Controller is the one who route the url to specified php class and method. Controller acts like traffic light which control the flow of data to be processed and flow of page to be display as view. - View
View only manage the front-end aspect of our web app. All the designs/htmls and CSS are manage by view part of MVC.
CodeIgniter has a fairly loose approach to MVC since Models are not required. If you don't need the added separation, or find that maintaining models requires more complexity than you want, you can ignore them and build your application minimally using Controllers and Views.
CodeIgniter also enables you to incorporate your own existing scripts, or even develop core libraries for the system, enabling you to work in a way that makes the most sense to you.
The simplest flow of information for CodeIgniter app are as followed:
-
A page is requested via url. Lets say Dashboard page. The url used is http://localhost/app_name/index.php/dashboard
-
Codeigniter System will translate the uri and run the method index in class Dashboard from php file named dashboard.php inside app_name/application/controller folder.
-www -app_name -application -controllers -dashboard.php -index.php -ci_systemdashboard.php contains codes as below:
class Dashboard extend CI_Controller{
function index(){
echo 'Welcome To Dashboard';
}
} here we can see that Codeigniter will run and display 'Welcome To Dashboard'. No Models and Views involved in this example.
More complex example when the data, lets say the string 'Welcome To Dashboard' is processed from models and the send to view files.
For this example we will create two new files at application/models/m_dashboard.php and another one at application/view/v_dashboard.php:
-www
-app_name
-application
-controllers
-dashboard.php
-models
-m_dashboard.php
-views
-v_dashboard.php
-index.php
-ci_system
Change the dashboard.php into this:
class Dashboard extend CI_Controller{
function index(){
$this->load->model('m_dashboard');
$str = $this->m_dashboard->index_data();
$data['index'] = $str;
$this->load->view('v_dashboard, $data);
}
}As we can see, the dashboard controller will first load the models that it need by using load method. This load method is inherited from CI_Controller parent.
All models loaded can then be called via $this->model_name->model_method() to initiate the models method process. Here we will run method index_data() which will return the string 'Welcome To Dashboard'.
Fill the m_dashboard.php file with codes as below:
class M_dashboard extend CI_Model{
function index_data(){
return 'Welcome To Dashboard';
}
}
It is really direct. The code will return string 'Welcome To Dashboard' to whoever calling it.
As per example, the one who call it is variable $str in dashboard controller.
The string then loaded into array $data with key 'index' and sent to view via load method second parameter as shown in the example.
$this->load->view('view_files', $second_parameter);
THe view files then will capture the string into new variable based on the key. So here, the key contain the string within array data is 'index', thus in view files codeigniter will spawn new variable with the name $index containing the string.
Fill in the v_dashboard.php files with the codes below:
<html>
<head>
<title>Dashboard</title>
</head>
<body>
<?php
echo '<h1>'.$index.'</h1>';
?>
</body>
</html>We can see that v_dashboard.php resembles a lot like plain html files. Keep in mind that view files are like front end template to our application and we will populate it from data sent from controller. Example here is the string 'Welcome To Dashboard' which was sent in variable $index.
Exercise 1: Add new page
Add new page which is linked from dashboard to url http://localhost/app_name/index.php/dashboard/info . The view page should display php_info() details.
Exercise 2: Views List
Add new page which is linked from dashboard to url http://localhost/app_name/index.php/admin/view_list . The view page should display all file names within view directory dynamically.
A lot of data we need usually reside in mysql database. Codeigniter is not limited to only MySQL. In fact CI can connect to multitude of DB engine via its powerful DB connectors wizard.
But MySQL is good enough for example.
Before we start we need to have the connection to MySQL DB.
Open database.php within config directory located at www/app_name/application/config/database.php. Change the details to reflect your MySQL connection. As this is local MySQL under WAMP, we can just use the default username and password.
the three important details to be changed are:
52: $db['default']['username'] = 'root';
53: $db['default']['password'] = '';
54: $db['default']['database'] = 'ci_workshop';After that, we need to create and populate a MySQL database 'ci_workshop' with appropriate table and data. CI has great tools for Database Management within Database Class. The tools is Database Forge.
Create new method in m_dashboard.php called db_init and type the codes below:
class M_dashboard extend CI_Model{
function index_data(){
return 'Welcome To Dashboard';
}
function db_init()
{
//load database tools
$this->load->dbforge();
//create database 'ci_workshop'
if ($this->dbforge->create_database('ci_workshop'))
{
echo 'Database created!<br/>';
}
//declare fields for our table
$fields = array(
'id' => array(
'type' => 'INT',
'constraint' => 5,
'unsigned' => TRUE,
'auto_increment' => TRUE
),
'key' => array(
'type' => 'VARCHAR',
'constraint' => '100',
),
'value' => array(
'type' => 'text',
)
);
//add fields to dbforge tools
$this->dbforge->add_field($fields);
//set column id as Primary key
$this->dbforge->add_key('id', TRUE);
//create table if not exists
$this->dbforge->create_table('kv_store', TRUE);
//load database
$this->load->database();
//insert string value to table
$this->db->insert('kv_store', array('key'=>'dashboard_welcome','value'=>'Welcome To Dashboard'));
}
}Change the dashboard.php into this:
class Dashboard extend CI_Controller{
function index(){
$this->load->model('m_dashboard');
$str = $this->m_dashboard->index_data();
$data['index'] = $str;
$this->load->view('v_dashboard', $data);
}
function init_db(){
$this->load->model('m_dashboard');
$this->m_dashboard->db_init();
echo 'DB now ready!';
}
}Run the database initiation by visiting page init_db at http://localhost/ci_workshop/index.php/dashboard/init_db
If we check in our PhpMyAdmin, we can see that new row has been added in our kv_store table as shown:
Now, to use the strng in our models.
Open our m_dashboard.php files and change the code to be like the code shown below:
class M_dashboard extend CI_Model{
function index_data(){
$this->load->database();
$this->db->where('key','dashboard_welcome');
$query = $this->db->get('kv_store');
$res = $query->result_array();
return $res[0]['value'];
}
}
When we run the dashboard page again we will get the same "Welcome To Dashboard" string but it is now reside inside a database. We thus can make a basic CRUD interface to manage the string afterwards.
CodeIgniter come with multitude of tools to help our application development. Anything that is conceived for us to be used should already be there in CodeIgniter bag of tools.
The tools come from two different place namely Library and Helpers.
CodeIgniter Library is a collection of PHP Class which focus on single domain of usage. Among widely use Codeigniter Library are:
- Session Class
Manage $_SESSION but we can choose to make the session either as protected cookies or a table in DB. - Form Validation Class
Manage input validation before processing. Use with Input Class. Validation include email validation, min,max, numeric, alphanumeric and custom function (usually to check username availability). - Input Class
Manage native $_POST, $_GET and $_SERVER global variable. Automatically sanitize the value before process. - Email Class
Ultimate tools to send email via PHP script. All type of configuration and email types (plain text, html email, attachment) available. - File Uploading Class
Manage file uploads function gracefully. Simple and elegant solution. - URI Class
To help with URL segmentation and manipulation. From URI string to array and vice versa. Best used to manage complex ACL. - Database Class
The most beloved class especially in Model. Among smaller tools within database class is Active Record which can add structure and logic to our SQL query. - Caching Class
Simple yet effective caching solution. Can be extend to use external caching tools to make it more efficient and powerfull.
Codeigniter Helper is a collection of functions that can be use to help us in developing our application. Helpers differ from Library in sense of helper is a function while Library is a method within a class. Helpers is more focused as a tool and thus only cater limited usage space.
Among usefull helpers are:
-
Download Helper
Assist us in creating a download page. All type of files can be used. received filename and binary data as parameters. -
Email Helper
Two functions within this helper arevalid_email('string@email')to validate email string andsend_email('recipient','subject','message')to send plain text email. Simple and functional. -
Form Helper
Assist us in creating html form and input tags. May not be shorter than html but its usefullness come from its powerfull logic and configurations. -
URL Helper
Assist us in generating uri within Codeigniter application. Thus we not need to change every links as it is now dynamically generated by codeigniter.
Some of the library need to be loaded first before it can be used while other are automatically loaded. Helpers are always needed to be loaded.
Below are the functionlity of said Class and Helpers:
The Session class permits you maintain a user's "state" and track their activity while they browse your site. The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie.
It can also store the session data in a database table for added security, as this permits the session ID in the user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to use the database option you'll need to create the session table as indicated below.
INITIALIZE
Sessions will typically run globally with each page load, so the session class must either be initialized in your controller constructors, or it can be auto-loaded by the system. For the most part the session class will run unattended in the background, so simply initializing the class will cause it to read, create, and update sessions.
To initialize the Session class manually in your controller constructor, use the $this->load->library function:
$this->load->library('session');
Once loaded, the Sessions library object will be available using: $this->session
How do Sessions work?
When a page is loaded, the session class will check to see if valid session data exists in the user's session cookie. If sessions data does not exist (or if it has expired) a new session will be created and saved in the cookie. If a session does exist, its information will be updated and the cookie will be updated. With each update, the session_id will be regenerated.
It's important for you to understand that once initialized, the Session class runs automatically. There is nothing you need to do to cause the above behavior to happen. You can, as you'll see below, work with session data or even add your own data to a user's session, but the process of reading, writing, and updating a session is automatic.
USAGE
//Load the library
$this->load->library('session');
//set new session value like array.
$this->session->set_userdata($array);
///usage:
$newdata = array(
'username' => 'johndoe',
'email' => '[email protected]',
'logged_in' => TRUE
);
$this->session->set_userdata($newdata);
//or like this also can:
$this->session->set_userdata('some_name', 'some_value');
//retrieve session with key 'item'
$this->session->userdata('item');
//example of usage:
$session_id = $this->session->userdata('session_id');
//Retrieve All Session Data
$this->session->all_userdata()
//Unset Session Data
$this->session->unset_userdata('some_name');
//Session Destroy
$this->session->sess_destroy();
Thats a simple all in one how to use Codeigniter Session Library
Brain Nuggets:
Think a login and login system using Codeigniter Session
OVERVIEW
Before explaining CodeIgniter's approach to data validation, let's describe the ideal scenario:
- A form is displayed.
- You fill it in and submit it.
- If you submitted something invalid, or perhaps missed a required item, the form is redisplayed containing your data along with an error message describing the problem.
- This process continues until you have submitted a valid form.
On the receiving end, the script must:
- Check for required data.
- Verify that the data is of the correct type, and meets the correct criteria. For example, if a username is submitted it must be validated to contain only permitted characters. It must be of a minimum length, and not exceed a maximum length. The username can't be someone else's existing username, or perhaps even a reserved word. Etc.
- Sanitize the data for security.
- Pre-format the data if needed (Does the data need to be trimmed? HTML encoded? Etc.)
- Prep the data for insertion in the database.
Although there is nothing terribly complex about the above process, it usually requires a significant amount of code, and to display error messages, various control structures are usually placed within the form HTML. Form validation, while simple to create, is generally very messy and tedious to implement.
Form Validation Tutorial
What follows is a "hands on" tutorial for implementing CodeIgniters Form Validation.
In order to implement form validation you'll need three things:
A View file containing a form. A View file containing a "success" message to be displayed upon successful submission. A controller function to receive and process the submitted data. Let's create those three things, using a member sign-up form as the example.
The Form
Using a text editor, create a form called myform.php. In it, place this code and save it to your applications/views/ folder:
<html>
<head>
<title>My Form</title>
</head>
<body>
<?php echo validation_errors('<div class="error">', '</div>'); ?>
<?php echo form_open('form'); ?>
<h5>Username</h5>
<input type="text" name="username" value="<?php echo set_value('username'); ?>" size="50" />
<h5>Password</h5>
<input type="text" name="password" value="<?php echo set_value('password'); ?>" size="50" />
<h5>Password Confirm</h5>
<input type="text" name="passconf" value="<?php echo set_value('passconf'); ?>" size="50" />
<h5>Email Address</h5>
<input type="text" name="email" value="<?php echo set_value('email'); ?>" size="50" />
<div><input type="submit" value="Submit" /></div>
</form>
</body>
</html>
The Success Page
Using a text editor, create a form called formsuccess.php. In it, place this code and save it to your applications/views/ folder:
<html>
<head>
<title>My Form</title>
</head>
<body>
<h3>Your form was successfully submitted!</h3>
<p><?php echo anchor('form', 'Try it again!'); ?></p>
</body>
</html>
The Controller
Using a text editor, create a controller called form.php. In it, place this code and save it to your applications/controllers/ folder:
class Form extends CI_Controller {
function index()
{
//load form and url helper
$this->load->helper(array('form', 'url'));
//load form validation class
$this->load->library('form_validation');
//set validation rules for all
$this->form_validation->set_rules('username', 'Username', 'trim|callback_username_check|required|min_length[5]|max_length[12]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[passconf]|md5');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'trim|required');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
//run validation, if false display myform, if true display formsuccess
if ($this->form_validation->run() == FALSE)
{
$this->load->view('myform');
}
else
{
$this->load->view('formsuccess');
}
}
//Special function to check if the username is allowed to be used.
public function username_check($str)
{
if ($str == 'test')
{
//set error message for username_check rules.
$this->form_validation->set_message('username_check', 'The %s field can not be the word "test"');
return FALSE;
}
else
{
return TRUE;
}
}
}
To test the application, open http://localhost/ci_workshop/index.php/form, complete the form and hit enter. Play with the application to try the validation.
EXPLANATION
There is three main section of Form Validation Class which is 1: Error Display, 2: Validation Rules and 3: Run Validation. The one with the most complexity among the three are Validation Rules.
The validation process basically are like below:
- Validation start with capturing the input from html form via input class.
- The value then will be run through all the required rules which has been setup in validation rules section.
- Any error while validating will be notified via Error Display function (validation_errors).
RULE REFERENCE
The following is a list of all the native rules that are available to use:
<tr>
<td class="td"><strong>required</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element is empty.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>matches</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element does not match the one in the parameter.</td>
<td class="td">matches[form_item]</td>
</tr>
<tr>
<td class="td"><strong>is_unique</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is not unique to the table and field name in the parameter.</td>
<td class="td">is_unique[table.field]</td>
</tr>
<tr>
<td class="td"><strong>min_length</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is shorter then the parameter value.</td>
<td class="td">min_length[6]</td>
</tr>
<tr>
<td class="td"><strong>max_length</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is longer then the parameter value.</td>
<td class="td">max_length[12]</td>
</tr>
<tr>
<td class="td"><strong>exact_length</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is not exactly the parameter value.</td>
<td class="td">exact_length[8]</td>
</tr>
<tr>
<td class="td"><strong>greater_than</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is less than the parameter value or not numeric.</td>
<td class="td">greater_than[8]</td>
</tr>
<tr>
<td class="td"><strong>less_than</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is greater than the parameter value or not numeric.</td>
<td class="td">less_than[8]</td>
</tr>
<tr>
<td class="td"><strong>alpha</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than alphabetical characters.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>alpha_numeric</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than alpha-numeric characters.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>alpha_dash</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than alpha-numeric characters, underscores or dashes.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>numeric</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than numeric characters.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>integer</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than an integer.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>decimal</strong></td>
<td class="td">Yes</td>
<td class="td">Returns FALSE if the form element is not exactly the parameter value.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>is_natural</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than a natural number: 0, 1, 2, 3, etc.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>is_natural_no_zero</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element contains anything other than a natural number, but not zero: 1, 2, 3, etc.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>valid_email</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the form element does not contain a valid email address.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>valid_emails</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if any value provided in a comma separated list is not a valid email.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>valid_ip</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the supplied IP is not valid.</td>
<td class="td"> </td>
</tr>
<tr>
<td class="td"><strong>valid_base64</strong></td>
<td class="td">No</td>
<td class="td">Returns FALSE if the supplied string contains anything other than valid Base64 characters.</td>
<td class="td"> </td>
</tr>
| Rule | Parameter | Description | Example |
Note: These rules can also be called as discrete functions. For example:
$this->form_validation->required($string)
Note: You can also use any native PHP functions that permit one parameter.
The Input Class serves two purposes:
- It pre-processes global input data for security.
- It provides some helper functions for fetching input data and pre-processing it.
Note: This class is initialized automatically by the system so there is no need to do it manually.
Security Filtering
The security filtering function is called automatically when a new controller is invoked. It does the following:
- If $config['allow_get_array'] is FALSE(default is TRUE), destroys the global GET array.
- Destroys all global variables in the event register_globals is turned on.
- Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.
- Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.
- Standardizes newline characters to \n(In Windows \r\n)
- XSS Filtering
The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
Please refer to the Security class documentation for information on using XSS Filtering in your application.
Using POST, COOKIE, or SERVER Data
CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. In other words, normally you might do something like this:
if ( ! isset($_POST['something']))
{
$something = FALSE;
}
else
{
$something = $_POST['something'];
}
With CodeIgniter's built in functions you can simply do this:
$something = $this->input->post('something');
The three functions are:
$this->input->post()$this->input->cookie()$this->input->server()
$this->input->post()
The first parameter will contain the name of the POST item you are looking for:
$this->input->post('some_data');
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;
$this->input->post('some_data', TRUE);
To return an array of all POST items call without any parameters.
To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;
The function returns FALSE (boolean) if there are no items in the POST.
$this->input->post(NULL, TRUE); // returns all POST items with XSS filter
$this->input->post(); // returns all POST items without XSS filter
$this->input->get()
This function is identical to the post function, only it fetches get data:
$this->input->get('some_data', TRUE);
To return an array of all GET items call without any parameters.
To return all GET items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;
The function returns FALSE (boolean) if there are no items in the GET.
$this->input->get(NULL, TRUE); // returns all GET items with XSS filter
$this->input->get(); // returns all GET items without XSS filtering
$this->input->get_post()
This function will search through both the post and get streams for data, looking first in post, and then in get:
$this->input->get_post('some_data', TRUE);
$this->input->cookie()
This function is identical to the post function, only it fetches cookie data:
$this->input->cookie('some_data', TRUE);
$this->input->server()
This function is identical to the above functions, only it fetches server data:
$this->input->server('some_data');
$this->input->set_cookie()
Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: Array Method, and Discrete Parameters:
Array Method
Using this method, an associative array is passed to the first parameter:
$cookie = array(
'name' => 'The Cookie Name',
'value' => 'The Value',
'expire' => '86500',
'domain' => '.some-domain.com',
'path' => '/',
'prefix' => 'myprefix_',
'secure' => TRUE
);
$this->input->set_cookie($cookie);
Notes:
Only the name and value are required. To delete a cookie set it with the expiration blank. The expiration is set in seconds, which will be added to the current time. Do not include the time, but rather only the number of seconds from now that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open. For site-wide cookies regardless of how your site is requested, add your URL to the domain starting with a period, like this: .your-domain.com The path is usually not needed since the function sets a root path. The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server. The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE.
Discrete Parameters
If you prefer, you can set the cookie by passing data using individual parameters:
$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure);
$this->input->cookie()
Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):
cookie('some_cookie');
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;
cookie('some_cookie', TRUE);
$this->input->ip_address()
Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0
echo $this->input->ip_address();
$this->input->valid_ip($ip)
Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above validates the IP automatically.
if ( ! $this->input->valid_ip($ip))
{
echo 'Not Valid';
}
else
{
echo 'Valid';
}
CodeIgniter's robust Email Class supports the following features:
- Multiple Protocols: Mail, Sendmail, and SMTP
- Multiple recipients
- CC and BCCs
- HTML or Plaintext email
- Attachments
- Word wrapping
- Priorities
- BCC Batch Mode, enabling large email lists to be broken into small BCC batches.
- Email Debugging tools
Sending Email
Sending email is not only simple, but you can configure it on the fly or set your preferences in a config file.
Here is a basic example demonstrating how you might send email. Note: This example assumes you are sending the email from one of your controllers.
$this->load->library('email');
$this->email->from('[email protected]', 'Your Name');
$this->email->to('[email protected]');
$this->email->cc('[email protected]');
$this->email->bcc('[email protected]');
$this->email->subject('Email Test');
$this->email->message('Testing the email class.');
$this->email->send();
echo $this->email->print_debugger();
$this->email->from()
Sets the email address and name of the person sending the email:
$this->email->from('[email protected]', 'Your Name');
$this->email->reply_to()
Sets the reply-to address. If the information is not provided the information in the "from" function is used. Example:
$this->email->reply_to('[email protected]', 'Your Name');
$this->email->to()
Sets the email address(s) of the recipient(s). Can be a single email, a comma-delimited list or an array:
$this->email->to('[email protected]');
$this->email->to('[email protected], [email protected], [email protected]');
$list = array('[email protected]', '[email protected]', '[email protected]');
$this->email->to($list);
$this->email->cc()
Sets the CC email address(s). Just like the "to", can be a single email, a comma-delimited list or an array.
$this->email->bcc()
Sets the BCC email address(s). Just like the "to", can be a single email, a comma-delimited list or an array.
$this->email->subject()
Sets the email subject:
$this->email->subject('This is my subject');
$this->email->message()
Sets the email message body:
$this->email->message('This is my message');
$this->email->set_alt_message()
Sets the alternative email message body:
$this->email->set_alt_message('This is the alternative message');
This is an optional message string which can be used if you send HTML formatted email. It lets you specify an alternative message with no HTML formatting which is added to the header string for people who do not accept HTML email. If you do not set your own message CodeIgniter will extract the message from your HTML email and strip the tags.
$this->email->clear()
Initializes all the email variables to an empty state. This function is intended for use if you run the email sending function in a loop, permitting the data to be reset between cycles.
foreach ($list as $name => $address)
{
$this->email->clear();
$this->email->to($address);
$this->email->from('[email protected]');
$this->email->subject('Here is your info '.$name);
$this->email->message('Hi '.$name.' Here is the info you requested.');
$this->email->send();
}
If you set the parameter to TRUE any attachments will be cleared as well:
$this->email->clear(TRUE);
$this->email->send()
The Email sending function. Returns boolean TRUE or FALSE based on success or failure, enabling it to be used conditionally:
if ( ! $this->email->send())
{
// Generate error
}
$this->email->attach()
Enables you to send an attachment. Put the file path/name in the first parameter. Note: Use a file path, not a URL. For multiple attachments use the function multiple times. For example:
$this->email->attach('/path/to/photo1.jpg');
$this->email->attach('/path/to/photo2.jpg');
$this->email->attach('/path/to/photo3.jpg');
$this->email->send();
$this->email->print_debugger()
Returns a string containing any server messages, the email headers, and the email messsage. Useful for debugging.
CodeIgniter's File Uploading Class permits files to be uploaded. You can set various preferences, restricting the type and size of the files.
The Process
Uploading a file involves the following general process:
An upload form is displayed, allowing a user to select a file and upload it. When the form is submitted, the file is uploaded to the destination you specify. Along the way, the file is validated to make sure it is allowed to be uploaded based on the preferences you set. Once uploaded, the user will be shown a success message. To demonstrate this process here is brief tutorial. Afterward you'll find reference information.
Creating the Upload Form
Using a text editor, create a form called upload_form.php. In it, place this code and save it to your applications/views/ folder:
<html>
<head>
<title>Upload Form</title>
</head>
<body>
<?php echo $error;?>
<?php echo form_open_multipart('upload/do_upload');?>
<input type="file" name="userfile" size="20" />
<br /><br />
<input type="submit" value="upload" />
</form>
</body>
</html>
You'll notice we are using a form helper to create the opening form tag. File uploads require a multipart form, so the helper creates the proper syntax for you. You'll also notice we have an $error variable. This is so we can show error messages in the event the user does something wrong.
The Success Page
Using a text editor, create a form called upload_success.php. In it, place this code and save it to your applications/views/ folder:
<html>
<head>
<title>Upload Form</title>
</head>
<body>
<h3>Your file was successfully uploaded!</h3>
<ul>
<?php foreach ($upload_data as $item => $value):?>
<li><?php echo $item;?>: <?php echo $value;?></li>
<?php endforeach; ?>
</ul>
<p><?php echo anchor('upload', 'Upload Another File!'); ?></p>
</body>
</html>
The Controller
Using a text editor, create a controller called upload.php. In it, place this code and save it to your applications/controllers/ folder:
<?php
class Upload extends CI_Controller {
function __construct()
{
parent::__construct();
$this->load->helper(array('form', 'url'));
}
function index()
{
$this->load->view('upload_form', array('error' => ' ' ));
}
function do_upload()
{
$config['upload_path'] = './uploads/';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = '100';
$config['max_width'] = '1024';
$config['max_height'] = '768';
$this->load->library('upload', $config);
if ( ! $this->upload->do_upload())
{
$error = array('error' => $this->upload->display_errors());
$this->load->view('upload_form', $error);
}
else
{
$data = array('upload_data' => $this->upload->data());
$this->load->view('upload_success', $data);
}
}
}
?>
The Upload Folder
You'll need a destination folder for your uploaded images. Create a folder at the root of your CodeIgniter installation called uploads and set its file permissions to 777.
Try it!z
To try your form, visit your site using a URL similar to this one:
example.com/index.php/upload/
You should see an upload form. Try uploading an image file (either a jpg, gif, or png). If the path in your controller is correct it should work.
Initializing the Upload Class
Like most other classes in CodeIgniter, the Upload class is initialized in your controller using the $this->load->library function:
$this->load->library('upload');
Once the Upload class is loaded, the object will be available using: $this->upload
Setting Preferences
Similar to other libraries, you'll control what is allowed to be upload based on your preferences. In the controller you built above you set the following preferences:
$config['upload_path'] = './uploads/';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = '100';
$config['max_width'] = '1024';
$config['max_height'] = '768';
$this->load->library('upload', $config);
// Alternately you can set preferences by calling the initialize function. Useful if you auto-load the class:
$this->upload->initialize($config);
The above preferences should be fairly self-explanatory. Below is a table describing all available preferences.
Preferences
The following preferences are available. The default value indicates what will be used if you do not specify that preference.
| Preference | Default Value | Options | Description |
|---|---|---|---|
| upload_path | None | None | The path to the folder where the upload should be placed. The folder must be writable and the path can be absolute or relative. |
| allowed_types | None | None | The mime types corresponding to the types of files you allow to be uploaded. Usually the file extension can be used as the mime type. Separate multiple types with a pipe. |
| file_name | None | Desired file name |
If set CodeIgniter will rename the uploaded file to this name. The extension provided in the file name must also be an allowed file type. |
| overwrite | FALSE | TRUE/FALSE (boolean) | If set to true, if a file with the same name as the one you are uploading exists, it will be overwritten. If set to false, a number will be appended to the filename if another with the same name exists. |
| max_size | 0 | None | The maximum size (in kilobytes) that the file can be. Set to zero for no limit. Note: Most PHP installations have their own limit, as specified in the php.ini file. Usually 2 MB (or 2048 KB) by default. |
| max_width | 0 | None | The maximum width (in pixels) that the file can be. Set to zero for no limit. |
| max_height | 0 | None | The maximum height (in pixels) that the file can be. Set to zero for no limit. |
| max_filename | 0 | None | The maximum length that a file name can be. Set to zero for no limit. |
| encrypt_name | FALSE | TRUE/FALSE (boolean) | If set to TRUE the file name will be converted to a random encrypted string. This can be useful if you would like the file saved with a name that can not be discerned by the person uploading it. |
| remove_spaces | TRUE | TRUE/FALSE (boolean) | If set to TRUE, any spaces in the file name will be converted to underscores. This is recommended. |
Setting preferences in a config file
If you prefer not to set preferences using the above method, you can instead put them into a config file. Simply create a new file called the upload.php, add the $config array in that file. Then save the file in: config/upload.php and it will be used automatically. You will NOT need to use the $this->upload->initialize function if you save your preferences in a config file.
Function Reference
The following functions are available
$this->upload->do_upload()
Performs the upload based on the preferences you've set. Note: By default the upload routine expects the file to come from a form field called userfile, and the form must be a "multipart type:
<form method="post" action="some_action" enctype="multipart/form-data" />
If you would like to set your own field name simply pass its value to the do_upload function:
$field_name = "some_field_name";
$this->upload->do_upload($field_name)
$this->upload->display_errors()
Retrieves any error messages if the do_upload() function returned false. The function does not echo automatically, it returns the data so you can assign it however you need.
Formatting Errors
By default the above function wraps any errors within <p> tags. You can set your own delimiters like this:
$this->upload->display_errors('<p>', '</p>');
$this->upload->data()
This is a helper function that returns an array containing all of the data related to the file you uploaded. Here is the array prototype:
Array
(
[file_name] => mypic.jpg
[file_type] => image/jpeg
[file_path] => /path/to/your/upload/
[full_path] => /path/to/your/upload/jpg.jpg
[raw_name] => mypic
[orig_name] => mypic.jpg
[client_name] => mypic.jpg
[file_ext] => .jpg
[file_size] => 22.2
[is_image] => 1
[image_width] => 800
[image_height] => 600
[image_type] => jpeg
[image_size_str] => width="800" height="200"
)
Explanation
Here is an explanation of the above array items.
| Item | Description |
|---|---|
| file_name | The name of the file that was uploaded including the file extension. |
| file_type | The file's Mime type |
| file_path | The absolute server path to the file |
| full_path | The absolute server path including the file name |
| raw_name | The file name without the extension |
| orig_name | The original file name. This is only useful if you use the encrypted name option. |
| client_name | The file name as supplied by the client user agent, prior to any file name preparation or incrementing. |
| file_ext | The file extension with period |
| file_size | The file size in kilobytes |
| is_image | Whether the file is an image or not. 1 = image. 0 = not. |
| image_width | Image width. |
| image_height | Image height |
| image_type | Image type. Typically the file extension without the period. |
| image_size_str | A string containing the width and height. Useful to put into an image tag. |
The URI Class provides functions that help you retrieve information from your URI strings. If you use URI routing, you can also retrieve information about the re-routed segments.
Note: This class is initialized automatically by the system so there is no need to do it manually. $this->uri->segment(n)
Permits you to retrieve a specific segment. Where n is the segment number you wish to retrieve. Segments are numbered from left to right. For example, if your full URL is this:
http://example.com/index.php/news/local/metro/crime_is_up
The segment numbers would be this:
- news
- local
- metro
- crime_is_up
By default the function returns FALSE (boolean) if the segment does not exist. There is an optional second parameter that permits you to set your own default value if the segment is missing. For example, this would tell the function to return the number zero in the event of failure:
$product_id = $this->uri->segment(3, 0);
It helps avoid having to write code like this:
if ($this->uri->segment(3) === FALSE)
{
$product_id = 0;
}
else
{
$product_id = $this->uri->segment(3);
}
$this->uri->rsegment(n)
This function is identical to the previous one, except that it lets you retrieve a specific segment from your re-routed URI in the event you are using CodeIgniter's URI Routing feature.
$this->uri->slash_segment(n)
This function is almost identical to $this->uri->segment(), except it adds a trailing and/or leading slash based on the second parameter. If the parameter is not used, a trailing slash added. Examples:
$this->uri->slash_segment(3);
$this->uri->slash_segment(3, 'leading');
$this->uri->slash_segment(3, 'both');
Returns:
- segment/
- /segment
- /segment/
$this->uri->slash_rsegment(n)
This function is identical to the previous one, except that it lets you add slashes a specific segment from your re-routed URI in the event you are using CodeIgniter's URI Routing feature.
$this->uri->uri_to_assoc(n)
This function lets you turn URI segments into and associative array of key/value pairs. Consider this URI:
index.php/user/search/name/joe/location/UK/gender/male
Using this function you can turn the URI into an associative array with this prototype:
[array]
(
'name' => 'joe'
'location' => 'UK'
'gender' => 'male'
)
The first parameter of the function lets you set an offset. By default it is set to 3 since your URI will normally contain a controller/function in the first and second segments. Example:
$array = $this->uri->uri_to_assoc(3);
echo $array['name'];
The second parameter lets you set default key names, so that the array returned by the function will always contain expected indexes, even if missing from the URI. Example:
$default = array('name', 'gender', 'location', 'type', 'sort');
$array = $this->uri->uri_to_assoc(3, $default);
If the URI does not contain a value in your default, an array index will be set to that name, with a value of FALSE.
Lastly, if a corresponding value is not found for a given key (if there is an odd number of URI segments) the value will be set to FALSE (boolean).
$this->uri->ruri_to_assoc(n)
This function is identical to the previous one, except that it creates an associative array using the re-routed URI in the event you are using CodeIgniter's URI Routing feature.
$this->uri->assoc_to_uri()
Takes an associative array as input and generates a URI string from it. The array keys will be included in the string. Example:
$array = array('product' => 'shoes', 'size' => 'large', 'color' => 'red');
$str = $this->uri->assoc_to_uri($array);
// Produces: product/shoes/size/large/color/red
$this->uri->uri_string()
Returns a string with the complete URI. For example, if this is your full URL:
http://example.com/index.php/news/local/345
The function would return this:
/news/local/345
$this->uri->ruri_string()
This function is identical to the previous one, except that it returns the re-routed URI in the event you are using CodeIgniter's URI Routing feature.
$this->uri->total_segments()
Returns the total number of segments.
$this->uri->total_rsegments()
This function is identical to the previous one, except that it returns the total number of segments in your re-routed URI in the event you are using CodeIgniter's URI Routing feature.
$this->uri->segment_array()
Returns an array containing the URI segments. For example:
$segs = $this->uri->segment_array();
foreach ($segs as $segment)
{
echo $segment;
echo '<br />';
}
$this->uri->rsegment_array()
This function is identical to the previous one, except that it returns the array of segments in your re-routed URI in the event you are using CodeIgniter's URI Routing feature.
CodeIgniter uses a modified version of the Active Record Database Pattern. This pattern allows information to be retrieved, inserted, and updated in your database with minimal scripting. In some cases only one or two lines of code are necessary to perform a database action. CodeIgniter does not require that each database table be its own class file. It instead provides a more simplified interface.
Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.
Note: If you intend to write your own queries you can disable this class in your database config file, allowing the core database library and adapter to utilize fewer resources.
Selecting Data
The following functions allow you to build SQL SELECT statements.
Note: If you are using PHP 5 you can use method chaining for more compact syntax. This is described at the end of the page.
$this->db->get();
Runs the selection query and returns the result. Can be used by itself to retrieve all records from a table:
$query = $this->db->get('mytable');
// Produces: SELECT * FROM mytable
The second and third parameters enable you to set a limit and offset clause:
$query = $this->db->get('mytable', 10, 20);
// Produces: SELECT * FROM mytable LIMIT 20, 10 (in MySQL. Other databases have slightly different syntax)
You'll notice that the above function is assigned to a variable named $query, which can be used to show the results:
$query = $this->db->get('mytable');
foreach ($query->result() as $row)
{
echo $row->title;
}
$this->db->get_where();
Identical to the above function except that it permits you to add a "where" clause in the second parameter, instead of using the db->where() function:
$query = $this->db->get_where('mytable', array('id' => $id), $limit, $offset);
Note: get_where() was formerly known as getwhere(), which has been removed
$this->db->select();
Permits you to write the SELECT portion of your query:
$this->db->select('title, content, date');
$query = $this->db->get('mytable');
// Produces: SELECT title, content, date FROM mytable
Note: If you are selecting all (*) from a table you do not need to use this function. When omitted, CodeIgniter assumes you wish to SELECT *
$this->db->select() accepts an optional second parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks. This is useful if you need a compound select statement.
$this->db->select('(SELECT SUM(payments.amount) FROM payments WHERE payments.invoice_id=4') AS amount_paid', FALSE);
$query = $this->db->get('mytable');
$this->db->select_max();
Writes a "SELECT MAX(field)" portion for your query. You can optionally include a second parameter to rename the resulting field.
$this->db->select_max('age');
$query = $this->db->get('members');
// Produces: SELECT MAX(age) as age FROM members
$this->db->select_max('age', 'member_age');
$query = $this->db->get('members');
// Produces: SELECT MAX(age) as member_age FROM members
$this->db->select_min();
Writes a "SELECT MIN(field)" portion for your query. As with select_max(), You can optionally include a second parameter to rename the resulting field.
$this->db->select_min('age');
$query = $this->db->get('members');
// Produces: SELECT MIN(age) as age FROM members
$this->db->select_avg();
Writes a "SELECT AVG(field)" portion for your query. As with select_max(), You can optionally include a second parameter to rename the resulting field.
$this->db->select_avg('age');
$query = $this->db->get('members');
// Produces: SELECT AVG(age) as age FROM members
$this->db->select_sum();
Writes a "SELECT SUM(field)" portion for your query. As with select_max(), You can optionally include a second parameter to rename the resulting field.
$this->db->select_sum('age');
$query = $this->db->get('members');
// Produces: SELECT SUM(age) as age FROM members
$this->db->from();
Permits you to write the FROM portion of your query:
$this->db->select('title, content, date');
$this->db->from('mytable');
$query = $this->db->get();
// Produces: SELECT title, content, date FROM mytable
Note: As shown earlier, the FROM portion of your query can be specified in the $this->db->get() function, so use whichever method you prefer.
$this->db->join();
Permits you to write the JOIN portion of your query:
$this->db->select('*');
$this->db->from('blogs');
$this->db->join('comments', 'comments.id = blogs.id');
$query = $this->db->get();
// Produces:
// SELECT * FROM blogs
// JOIN comments ON comments.id = blogs.id
Multiple function calls can be made if you need several joins in one query.
If you need a specific type of JOIN you can specify it via the third parameter of the function. Options are: left, right, outer, inner, left outer, and right outer.
$this->db->join('comments', 'comments.id = blogs.id', 'left');
// Produces: LEFT JOIN comments ON comments.id = blogs.id
$this->db->where();
This function enables you to set WHERE clauses using one of four methods:
Note: All values passed to this function are escaped automatically, producing safer queries.
1.Simple key/value method:
$this->db->where('name', $name);
// Produces: WHERE name = 'Joe'
Notice that the equal sign is added for you.
If you use multiple function calls they will be chained together with AND between them:
$this->db->where('name', $name);
$this->db->where('title', $title);
$this->db->where('status', $status);
// WHERE name = 'Joe' AND title = 'boss' AND status = 'active'
2.Custom key/value method:
You can include an operator in the first parameter in order to control the comparison:
$this->db->where('name !=', $name);
$this->db->where('id <', $id);
// Produces: WHERE name != 'Joe' AND id < 45
3.Associative array method:
$array = array('name' => $name, 'title' => $title, 'status' => $status);
$this->db->where($array);
// Produces: WHERE name = 'Joe' AND title = 'boss' AND status = 'active'
You can include your own operators using this method as well:
$array = array('name !=' => $name, 'id <' => $id, 'date >' => $date);
$this->db->where($array);
4.Custom string: You can write your own clauses manually:
$where = "name='Joe' AND status='boss' OR status='active'";
$this->db->where($where);
$this->db->where() accepts an optional third parameter. If you set it to FALSE, CodeIgniter will not try to protect your field or table names with backticks.
$this->db->where('MATCH (field) AGAINST ("value")', NULL, FALSE);
$this->db->or_where();
This function is identical to the one above, except that multiple instances are joined by OR:
$this->db->where('name !=', $name);
$this->db->or_where('id >', $id);
// Produces: WHERE name != 'Joe' OR id > 50
Note: or_where() was formerly known as orwhere(), which has been removed.
$this->db->where_in();
Generates a WHERE field IN ('item', 'item') SQL query joined with AND if appropriate
$names = array('Frank', 'Todd', 'James');
$this->db->where_in('username', $names);
// Produces: WHERE username IN ('Frank', 'Todd', 'James')
$this->db->or_where_in();
Generates a WHERE field IN ('item', 'item') SQL query joined with OR if appropriate
$names = array('Frank', 'Todd', 'James');
$this->db->or_where_in('username', $names);
// Produces: OR username IN ('Frank', 'Todd', 'James')
$this->db->where_not_in();
Generates a WHERE field NOT IN ('item', 'item') SQL query joined with AND if appropriate
$names = array('Frank', 'Todd', 'James');
$this->db->where_not_in('username', $names);
// Produces: WHERE username NOT IN ('Frank', 'Todd', 'James')
$this->db->or_where_not_in();
Generates a WHERE field NOT IN ('item', 'item') SQL query joined with OR if appropriate
$names = array('Frank', 'Todd', 'James');
$this->db->or_where_not_in('username', $names);
// Produces: OR username NOT IN ('Frank', 'Todd', 'James')
$this->db->like();
This function enables you to generate LIKE clauses, useful for doing searches.
Note: All values passed to this function are escaped automatically.
1.Simple key/value method:
$this->db->like('title', 'match');
// Produces: WHERE title LIKE '%match%'
If you use multiple function calls they will be chained together with AND between them:
$this->db->like('title', 'match');
$this->db->like('body', 'match');
// WHERE title LIKE '%match%' AND body LIKE '%match%
If you want to control where the wildcard (%) is placed, you can use an optional third argument. Your options are 'before', 'after' and 'both' (which is the default).
$this->db->like('title', 'match', 'before');
// Produces: WHERE title LIKE '%match'
$this->db->like('title', 'match', 'after');
// Produces: WHERE title LIKE 'match%'
$this->db->like('title', 'match', 'both');
// Produces: WHERE title LIKE '%match%'
If you do not want to use the wildcard (%) you can pass to the optional third argument the option 'none'.
$this->db->like('title', 'match', 'none');
// Produces: WHERE title LIKE 'match'
2.Associative array method:
$array = array('title' => $match, 'page1' => $match, 'page2' => $match);
$this->db->like($array);
// WHERE title LIKE '%match%' AND page1 LIKE '%match%' AND page2 LIKE '%match%'
$this->db->or_like();
This function is identical to the one above, except that multiple instances are joined by OR:
$this->db->like('title', 'match');
$this->db->or_like('body', $match);
// WHERE title LIKE '%match%' OR body LIKE '%match%'
Note: or_like() was formerly known as orlike(), which has been removed.
$this->db->not_like();
This function is identical to like(), except that it generates NOT LIKE statements:
$this->db->not_like('title', 'match');
// WHERE title NOT LIKE '%match%
$this->db->or_not_like();
This function is identical to not_like(), except that multiple instances are joined by OR:
$this->db->like('title', 'match');
$this->db->or_not_like('body', 'match');
// WHERE title LIKE '%match% OR body NOT LIKE '%match%'
$this->db->group_by();
Permits you to write the GROUP BY portion of your query:
$this->db->group_by("title");
// Produces: GROUP BY title
You can also pass an array of multiple values as well:
$this->db->group_by(array("title", "date"));
// Produces: GROUP BY title, date
Note: group_by() was formerly known as groupby(), which has been removed.
$this->db->distinct();
Adds the "DISTINCT" keyword to a query
$this->db->distinct();
$this->db->get('table');
// Produces: SELECT DISTINCT * FROM table
$this->db->having();
Permits you to write the HAVING portion of your query. There are 2 possible syntaxes, 1 argument or 2:
$this->db->having('user_id = 45');
// Produces: HAVING user_id = 45
$this->db->having('user_id', 45);
// Produces: HAVING user_id = 45
You can also pass an array of multiple values as well:
$this->db->having(array('title =' => 'My Title', 'id <' => $id));
// Produces: HAVING title = 'My Title', id < 45
If you are using a database that CodeIgniter escapes queries for, you can prevent escaping content by passing an optional third argument, and setting it to FALSE.
$this->db->having('user_id', 45);
// Produces: HAVING `user_id` = 45 in some databases such as MySQL
$this->db->having('user_id', 45, FALSE);
// Produces: HAVING user_id = 45
$this->db->or_having();
Identical to having(), only separates multiple clauses with "OR".
$this->db->order_by();
Lets you set an ORDER BY clause. The first parameter contains the name of the column you would like to order by. The second parameter lets you set the direction of the result. Options are asc or desc, or random.
$this->db->order_by("title", "desc");
// Produces: ORDER BY title DESC
You can also pass your own string in the first parameter:
$this->db->order_by('title desc, name asc');
// Produces: ORDER BY title DESC, name ASC
Or multiple function calls can be made if you need multiple fields.
$this->db->order_by("title", "desc");
$this->db->order_by("name", "asc");
// Produces: ORDER BY title DESC, name ASC
Note: order_by() was formerly known as orderby(), which has been removed. Note: random ordering is not currently supported in Oracle or MSSQL drivers. These will default to 'ASC'.
$this->db->limit();
Lets you limit the number of rows you would like returned by the query:
$this->db->limit(10);
// Produces: LIMIT 10
The second parameter lets you set a result offset.
$this->db->limit(10, 20);
// Produces: LIMIT 20, 10 (in MySQL. Other databases have slightly different syntax)
$this->db->count_all_results();
Permits you to determine the number of rows in a particular Active Record query. Queries will accept Active Record restrictors such as where(), or_where(), like(), or_like(), etc. Example:
echo $this->db->count_all_results('my_table');
// Produces an integer, like 25
$this->db->like('title', 'match');
$this->db->from('my_table');
echo $this->db->count_all_results();
// Produces an integer, like 17
$this->db->count_all();
Permits you to determine the number of rows in a particular table. Submit the table name in the first parameter. Example:
echo $this->db->count_all('my_table');
// Produces an integer, like 25
INSERTING DATA
$this->db->insert();
Generates an insert string based on the data you supply, and runs the query. You can either pass an array or an object to the function. Here is an example using an array:
$data = array(
'title' => 'My title' ,
'name' => 'My Name' ,
'date' => 'My date'
);
$this->db->insert('mytable', $data);
// Produces: INSERT INTO mytable (title, name, date) VALUES ('My title', 'My name', 'My date')
The first parameter will contain the table name, the second is an associative array of values.
Here is an example using an object:
/*
class Myclass {
var $title = 'My Title';
var $content = 'My Content';
var $date = 'My Date';
}
*/
$object = new Myclass;
$this->db->insert('mytable', $object);
// Produces: INSERT INTO mytable (title, content, date) VALUES ('My Title', 'My Content', 'My Date')
The first parameter will contain the table name, the second is an object.
Note: All values are escaped automatically producing safer queries.
$this->db->insert_batch();
Generates an insert string based on the data you supply, and runs the query. You can either pass an array or an object to the function. Here is an example using an array:
$data = array(
array(
'title' => 'My title' ,
'name' => 'My Name' ,
'date' => 'My date'
),
array(
'title' => 'Another title' ,
'name' => 'Another Name' ,
'date' => 'Another date'
)
);
$this->db->insert_batch('mytable', $data);
// Produces: INSERT INTO mytable (title, name, date) VALUES ('My title', 'My name', 'My date'), ('Another title', 'Another name', 'Another date')
The first parameter will contain the table name, the second is an associative array of values.
Note: All values are escaped automatically producing safer queries.
$this->db->set();
This function enables you to set values for inserts or updates.
It can be used instead of passing a data array directly to the insert or update functions:
$this->db->set('name', $name);
$this->db->insert('mytable');
// Produces: INSERT INTO mytable (name) VALUES ('{$name}')
If you use multiple function called they will be assembled properly based on whether you are doing an insert or an update:
$this->db->set('name', $name);
$this->db->set('title', $title);
$this->db->set('status', $status);
$this->db->insert('mytable');
set() will also accept an optional third parameter ($escape), that will prevent data from being escaped if set to FALSE. To illustrate the difference, here is set() used both with and without the escape parameter.
$this->db->set('field', 'field+1', FALSE);
$this->db->insert('mytable');
// gives INSERT INTO mytable (field) VALUES (field+1)
$this->db->set('field', 'field+1');
$this->db->insert('mytable');
// gives INSERT INTO mytable (field) VALUES ('field+1')
You can also pass an associative array to this function:
$array = array('name' => $name, 'title' => $title, 'status' => $status);
$this->db->set($array);
$this->db->insert('mytable');
Or an object:
/*
class Myclass {
var $title = 'My Title';
var $content = 'My Content';
var $date = 'My Date';
}
*/
$object = new Myclass;
$this->db->set($object);
$this->db->insert('mytable');
UPDATING DATA
$this->db->update();
Generates an update string and runs the query based on the data you supply. You can pass an array or an object to the function. Here is an example using an array:
$data = array(
'title' => $title,
'name' => $name,
'date' => $date
);
$this->db->where('id', $id);
$this->db->update('mytable', $data);
// Produces:
// UPDATE mytable
// SET title = '{$title}', name = '{$name}', date = '{$date}'
// WHERE id = $id
Or you can supply an object:
/*
class Myclass {
var $title = 'My Title';
var $content = 'My Content';
var $date = 'My Date';
}
*/
$object = new Myclass;
$this->db->where('id', $id);
$this->db->update('mytable', $object);
// Produces:
// UPDATE mytable
// SET title = '{$title}', name = '{$name}', date = '{$date}'
// WHERE id = $id
Note: All values are escaped automatically producing safer queries. You'll notice the use of the $this->db->where() function, enabling you to set the WHERE clause. You can optionally pass this information directly into the update function as a string:
$this->db->update('mytable', $data, "id = 4");
Or as an array:
$this->db->update('mytable', $data, array('id' => $id));
You may also use the $this->db->set() function described above when performing updates.
$this->db->update_batch();
Generates an update string based on the data you supply, and runs the query. You can either pass an array or an object to the function. Here is an example using an array:
$data = array(
array(
'title' => 'My title' ,
'name' => 'My Name 2' ,
'date' => 'My date 2'
),
array(
'title' => 'Another title' ,
'name' => 'Another Name 2' ,
'date' => 'Another date 2'
)
);
$this->db->update_batch('mytable', $data, 'title');
// Produces:
// UPDATE `mytable` SET `name` = CASE
// WHEN `title` = 'My title' THEN 'My Name 2'
// WHEN `title` = 'Another title' THEN 'Another Name 2'
// ELSE `name` END,
// `date` = CASE
// WHEN `title` = 'My title' THEN 'My date 2'
// WHEN `title` = 'Another title' THEN 'Another date 2'
// ELSE `date` END
// WHERE `title` IN ('My title','Another title')
The first parameter will contain the table name, the second is an associative array of values, the third parameter is the where key.
Note: All values are escaped automatically producing safer queries.
DELETING DATA
$this->db->delete();
Generates a delete SQL string and runs the query.
$this->db->delete('mytable', array('id' => $id));
// Produces:
// DELETE FROM mytable
// WHERE id = $id
The first parameter is the table name, the second is the where clause. You can also use the where() or or_where() functions instead of passing the data to the second parameter of the function:
$this->db->where('id', $id);
$this->db->delete('mytable');
// Produces:
// DELETE FROM mytable
// WHERE id = $id
An array of table names can be passed into delete() if you would like to delete data from more than 1 table.
$tables = array('table1', 'table2', 'table3');
$this->db->where('id', '5');
$this->db->delete($tables);
If you want to delete all data from a table, you can use the truncate() function, or empty_table().
$this->db->empty_table();
Generates a delete SQL string and runs the query.
$this->db->empty_table('mytable');
// Produces
// DELETE FROM mytable
$this->db->truncate();
Generates a truncate SQL string and runs the query.
$this->db->from('mytable');
$this->db->truncate();
// or
$this->db->truncate('mytable');
// Produce:
// TRUNCATE mytable
Note: If the TRUNCATE command isn't available, truncate() will execute as "DELETE FROM table".
METHOD CHAINING
Method chaining allows you to simplify your syntax by connecting multiple functions. Consider this example:
$this->db->select('title')->from('mytable')->where('id', $id)->limit(10, 20);
$query = $this->db->get();
Note: Method chaining only works with PHP 5.
ACTIVE RECORD CACHING
While not "true" caching, Active Record enables you to save (or "cache") certain parts of your queries for reuse at a later point in your script's execution. Normally, when an Active Record call is completed, all stored information is reset for the next call. With caching, you can prevent this reset, and reuse information easily.
Cached calls are cumulative. If you make 2 cached select() calls, and then 2 uncached select() calls, this will result in 4 select() calls. There are three Caching functions available:
$this->db->start_cache()
This function must be called to begin caching. All Active Record queries of the correct type (see below for supported queries) are stored for later use.
$this->db->stop_cache()
This function can be called to stop caching.
$this->db->flush_cache()
This function deletes all items from the Active Record cache.
Here's a usage example:
$this->db->start_cache();
$this->db->select('field1');
$this->db->stop_cache();
$this->db->get('tablename');
//Generates: SELECT `field1` FROM (`tablename`)
$this->db->select('field2');
$this->db->get('tablename');
//Generates: SELECT `field1`, `field2` FROM (`tablename`)
$this->db->flush_cache();
$this->db->select('field2');
$this->db->get('tablename');
//Generates: SELECT `field2` FROM (`tablename`)
Note: The following statements can be cached: select, from, join, where, like, group_by, having, order_by, set
The Download Helper lets you download data to your desktop.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('download');
The following functions are available:
force_download('filename', 'data')
Generates server headers which force data to be downloaded to your desktop. Useful with file downloads. The first parameter is the name you want the downloaded file to be named, the second parameter is the file data. Example:
$data = 'Here is some text!';
$name = 'mytext.txt';
force_download($name, $data);
If you want to download an existing file from your server you'll need to read the file into a string:
$data = file_get_contents("/path/to/photo.jpg"); // Read the file's contents
$name = 'myphoto.jpg';
force_download($name, $data);
The Email Helper provides some assistive functions for working with Email. For a more robust email solution, see CodeIgniter's Email Class.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('email');
The following functions are available:
valid_email('email')
Checks if an email is a correctly formatted email. Note that is doesn't actually prove the email will recieve mail, simply that it is a validly formed address.
It returns TRUE/FALSE
$this->load->helper('email');
if (valid_email('[email protected]'))
{
echo 'email is valid';
}
else
{
echo 'email is not valid';
}
send_email('recipient', 'subject', 'message')
Sends an email using PHP's native mail() function. For a more robust email solution, see CodeIgniter's Email Class.
The Form Helper file contains functions that assist in working with forms.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('form');
The following functions are available:
form_open()
Creates an opening form tag with a base URL built from your config preferences. It will optionally let you add form attributes and hidden input fields, and will always add the attribute accept-charset based on the charset value in your config file.
The main benefit of using this tag rather than hard coding your own HTML is that it permits your site to be more portable in the event your URLs ever change.
Here's a simple example:
echo form_open('email/send');
The above example would create a form that points to your base URL plus the "email/send" URI segments, like this:
<form method="post" accept-charset="utf-8" action="http:/example.com/index.php/email/send" />
Adding Attributes
Attributes can be added by passing an associative array to the second parameter, like this:
$attributes = array('class' => 'email', 'id' => 'myform');
echo form_open('email/send', $attributes);
The above example would create a form similar to this:
<form method="post" accept-charset="utf-8" action="http:/example.com/index.php/email/send" class="email" id="myform" />
Adding Hidden Input Fields
Hidden fields can be added by passing an associative array to the third parameter, like this:
$hidden = array('username' => 'Joe', 'member_id' => '234');
echo form_open('email/send', '', $hidden);
The above example would create a form similar to this:
<form method="post" accept-charset="utf-8" action="http:/example.com/index.php/email/send">
<input type="hidden" name="username" value="Joe" />
<input type="hidden" name="member_id" value="234" />
form_open_multipart()
This function is absolutely identical to the form_open() tag above except that it adds a multipart attribute, which is necessary if you would like to use the form to upload files with.
form_hidden()
Lets you generate hidden input fields. You can either submit a name/value string to create one field:
form_hidden('username', 'johndoe');
// Would produce:
<input type="hidden" name="username" value="johndoe" />
Or you can submit an associative array to create multiple fields:
$data = array(
'name' => 'John Doe',
'email' => '[email protected]',
'url' => 'http://example.com'
);
echo form_hidden($data);
// Would produce:
<input type="hidden" name="name" value="John Doe" />
<input type="hidden" name="email" value="[email protected]" />
<input type="hidden" name="url" value="http://example.com" />
form_input()
Lets you generate a standard text input field. You can minimally pass the field name and value in the first and second parameter:
echo form_input('username', 'johndoe');
Or you can pass an associative array containing any data you wish your form to contain:
$data = array(
'name' => 'username',
'id' => 'username',
'value' => 'johndoe',
'maxlength' => '100',
'size' => '50',
'style' => 'width:50%',
);
echo form_input($data);
// Would produce:
<input type="text" name="username" id="username" value="johndoe" maxlength="100" size="50" style="width:50%" />
If you would like your form to contain some additional data, like Javascript, you can pass it as a string in the third parameter:
$js = 'onClick="some_function()"';
echo form_input('username', 'johndoe', $js);
form_password()
This function is identical in all respects to the form_input() function above except that is sets it as a "password" type.
form_upload()
This function is identical in all respects to the form_input() function above except that is sets it as a "file" type, allowing it to be used to upload files.
form_textarea()
This function is identical in all respects to the form_input() function above except that it generates a "textarea" type. Note: Instead of the "maxlength" and "size" attributes in the above example, you will instead specify "rows" and "cols".
form_dropdown()
Lets you create a standard drop-down field. The first parameter will contain the name of the field, the second parameter will contain an associative array of options, and the third parameter will contain the value you wish to be selected. You can also pass an array of multiple items through the third parameter, and CodeIgniter will create a multiple select for you. Example:
$options = array(
'small' => 'Small Shirt',
'med' => 'Medium Shirt',
'large' => 'Large Shirt',
'xlarge' => 'Extra Large Shirt',
);
$shirts_on_sale = array('small', 'large');
echo form_dropdown('shirts', $options, 'large');
// Would produce:
<select name="shirts">
<option value="small">Small Shirt</option>
<option value="med">Medium Shirt</option>
<option value="large" selected="selected">Large Shirt</option>
<option value="xlarge">Extra Large Shirt</option>
</select>
echo form_dropdown('shirts', $options, $shirts_on_sale);
// Would produce:
<select name="shirts" multiple="multiple">
<option value="small" selected="selected">Small Shirt</option>
<option value="med">Medium Shirt</option>
<option value="large" selected="selected">Large Shirt</option>
<option value="xlarge">Extra Large Shirt</option>
</select>
If you would like the opening <select> to contain additional data, like an id attribute or JavaScript, you can pass it as a string in the fourth parameter:
$js = 'id="shirts" onChange="some_function();"';
echo form_dropdown('shirts', $options, 'large', $js);
If the array passed as $options is a multidimensional array, form_dropdown() will produce an <optgroup> with the array key as the label.
form_multiselect()
Lets you create a standard multiselect field. The first parameter will contain the name of the field, the second parameter will contain an associative array of options, and the third parameter will contain the value or values you wish to be selected. The parameter usage is identical to using form_dropdown() above, except of course that the name of the field will need to use POST array syntax, e.g. foo[].
form_fieldset()
Lets you generate fieldset/legend fields.
echo form_fieldset('Address Information');
echo "<p>fieldset content here</p>\n";
echo form_fieldset_close();
// Produces
<fieldset>
<legend>Address Information</legend>
<p>form content here</p>
</fieldset>
Similar to other functions, you can submit an associative array in the second parameter if you prefer to set additional attributes.
$attributes = array('id' => 'address_info', 'class' => 'address_info');
echo form_fieldset('Address Information', $attributes);
echo "<p>fieldset content here</p>\n";
echo form_fieldset_close();
// Produces
<fieldset id="address_info" class="address_info">
<legend>Address Information</legend>
<p>form content here</p>
</fieldset>
form_fieldset_close()
Produces a closing </fieldset> tag. The only advantage to using this function is it permits you to pass data to it which will be added below the tag. For example:
$string = "</div></div>";
echo form_fieldset_close($string);
// Would produce:
</fieldset>
</div></div>
form_checkbox()
Lets you generate a checkbox field. Simple example:
echo form_checkbox('newsletter', 'accept', TRUE);
// Would produce:
<input type="checkbox" name="newsletter" value="accept" checked="checked" />
The third parameter contains a boolean TRUE/FALSE to determine whether the box should be checked or not.
Similar to the other form functions in this helper, you can also pass an array of attributes to the function:
$data = array(
'name' => 'newsletter',
'id' => 'newsletter',
'value' => 'accept',
'checked' => TRUE,
'style' => 'margin:10px',
);
echo form_checkbox($data);
// Would produce:
<input type="checkbox" name="newsletter" id="newsletter" value="accept" checked="checked" style="margin:10px" />
As with other functions, if you would like the tag to contain additional data, like JavaScript, you can pass it as a string in the fourth parameter:
$js = 'onClick="some_function()"';
echo form_checkbox('newsletter', 'accept', TRUE, $js)
form_radio()
This function is identical in all respects to the form_checkbox() function above except that is sets it as a "radio" type.
form_submit()
Lets you generate a standard submit button. Simple example:
echo form_submit('mysubmit', 'Submit Post!');
// Would produce:
<input type="submit" name="mysubmit" value="Submit Post!" />
Similar to other functions, you can submit an associative array in the first parameter if you prefer to set your own attributes. The third parameter lets you add extra data to your form, like JavaScript.
form_label()
Lets you generate a <label>. Simple example:
echo form_label('What is your Name', 'username');
// Would produce:
<label for="username">What is your Name</label>
Similar to other functions, you can submit an associative array in the third parameter if you prefer to set additional attributes.
$attributes = array(
'class' => 'mycustomclass',
'style' => 'color: #000;',
);
echo form_label('What is your Name', 'username', $attributes);
// Would produce:
<label for="username" class="mycustomclass" style="color: #000;">What is your Name</label>
form_reset()
Lets you generate a standard reset button. Use is identical to form_submit().
form_button()
Lets you generate a standard button element. You can minimally pass the button name and content in the first and second parameter:
echo form_button('name','content');
// Would produce
<button name="name" type="button">Content</button>
Or you can pass an associative array containing any data you wish your form to contain:
$data = array(
'name' => 'button',
'id' => 'button',
'value' => 'true',
'type' => 'reset',
'content' => 'Reset'
);
echo form_button($data);
// Would produce:
<button name="button" id="button" value="true" type="reset">Reset</button>
If you would like your form to contain some additional data, like JavaScript, you can pass it as a string in the third parameter:
$js = 'onClick="some_function()"';
echo form_button('mybutton', 'Click Me', $js);
form_close()
Produces a closing </form> tag. The only advantage to using this function is it permits you to pass data to it which will be added below the tag. For example:
$string = "</div></div>";
echo form_close($string);
// Would produce:
</form>
</div></div>
form_prep()
Allows you to safely use HTML and characters such as quotes within form elements without breaking out of the form. Consider this example:
$string = 'Here is a string containing "quoted" text.';
<input type="text" name="myform" value="$string" />
Since the above string contains a set of quotes it will cause the form to break. The form_prep function converts HTML so that it can be used safely:
<input type="text" name="myform" value="<?php echo form_prep($string); ?>" />
Note: If you use any of the form helper functions listed in this page the form values will be prepped automatically, so there is no need to call this function. Use it only if you are creating your own form elements.
set_value()
Permits you to set the value of an input form or textarea. You must supply the field name via the first parameter of the function. The second (optional) parameter allows you to set a default value for the form. Example:
<input type="text" name="quantity" value="<?php echo set_value('quantity', '0'); ?>" size="50" />
The above form will show "0" when loaded for the first time.
set_select()
If you use a <select> menu, this function permits you to display the menu item that was selected. The first parameter must contain the name of the select menu, the second parameter must contain the value of each item, and the third (optional) parameter lets you set an item as the default (use boolean TRUE/FALSE).
Example:
<select name="myselect">
<option value="one" <?php echo set_select('myselect', 'one', TRUE); ?> >One</option>
<option value="two" <?php echo set_select('myselect', 'two'); ?> >Two</option>
<option value="three" <?php echo set_select('myselect', 'three'); ?> >Three</option>
</select>
set_checkbox()
Permits you to display a checkbox in the state it was submitted. The first parameter must contain the name of the checkbox, the second parameter must contain its value, and the third (optional) parameter lets you set an item as the default (use boolean TRUE/FALSE). Example:
<input type="checkbox" name="mycheck" value="1" <?php echo set_checkbox('mycheck', '1'); ?> />
<input type="checkbox" name="mycheck" value="2" <?php echo set_checkbox('mycheck', '2'); ?> />
set_radio()
Permits you to display radio buttons in the state they were submitted. This function is identical to the set_checkbox() function above.
<input type="radio" name="myradio" value="1" <?php echo set_radio('myradio', '1', TRUE); ?> />
<input type="radio" name="myradio" value="2" <?php echo set_radio('myradio', '2'); ?> />
The URL Helper file contains functions that assist in working with URLs.
Loading this Helper
This helper is loaded using the following code:
$this->load->helper('url');
The following functions are available:
site_url()
Returns your site URL, as specified in your config file. The index.php file (or whatever you have set as your site index_page in your config file) will be added to the URL, as will any URI segments you pass to the function, and the url_suffix as set in your config file.
You are encouraged to use this function any time you need to generate a local URL so that your pages become more portable in the event your URL changes.
Segments can be optionally passed to the function as a string or an array. Here is a string example:
echo site_url("news/local/123");
The above example would return something like: http://example.com/index.php/news/local/123
Here is an example of segments passed as an array:
$segments = array('news', 'local', '123');
echo site_url($segments);
base_url()
Returns your site base URL, as specified in your config file. Example:
echo base_url();
This function returns the same thing as site_url, without the index_page or url_suffix being appended.
Also like site_url, you can supply segments as a string or an array. Here is a string example:
echo base_url("blog/post/123");
The above example would return something like: http://example.com/blog/post/123
This is useful because unlike site_url(), you can supply a string to a file, such as an image or stylesheet. For example:
echo base_url("images/icons/edit.png");
This would give you something like: http://example.com/images/icons/edit.png
current_url()
Returns the full URL (including segments) of the page being currently viewed.
uri_string()
Returns the URI segments of any page that contains this function. For example, if your URL was this:
http://some-site.com/blog/comments/123
The function would return:
/blog/comments/123
index_page()
Returns your site "index" page, as specified in your config file. Example:
echo index_page();
anchor()
Creates a standard HTML anchor link based on your local site URL:
<a href="http://example.com">Click Here</a>
The tag has three optional parameters:
anchor(uri segments, text, attributes)
The first parameter can contain any segments you wish appended to the URL. As with the site_url() function above, segments can be a string or an array.
Note: If you are building links that are internal to your application do not include the base URL (http://...). This will be added automatically from the information specified in your config file. Include only the URI segments you wish appended to the URL.
The second segment is the text you would like the link to say. If you leave it blank, the URL will be used.
The third parameter can contain a list of attributes you would like added to the link. The attributes can be a simple string or an associative array.
Here are some examples:
echo anchor('news/local/123', 'My News', 'title="News title"');
Would produce: <a href="http://example.com/index.php/news/local/123" title="News title">My News</a>
echo anchor('news/local/123', 'My News', array('title' => 'The best news!'));
Would produce: <a href="http://example.com/index.php/news/local/123" title="The best news!">My News</a>
anchor_popup()
Nearly identical to the anchor() function except that it opens the URL in a new window. You can specify JavaScript window attributes in the third parameter to control how the window is opened. If the third parameter is not set it will simply open a new window with your own browser settings. Here is an example with attributes:
$atts = array(
'width' => '800',
'height' => '600',
'scrollbars' => 'yes',
'status' => 'yes',
'resizable' => 'yes',
'screenx' => '0',
'screeny' => '0'
);
echo anchor_popup('news/local/123', 'Click Me!', $atts);
Note: The above attributes are the function defaults so you only need to set the ones that are different from what you need. If you want the function to use all of its defaults simply pass an empty array in the third parameter:
echo anchor_popup('news/local/123', 'Click Me!', array());
mailto()
Creates a standard HTML email link. Usage example:
echo mailto('[email protected]', 'Click Here to Contact Me');
As with the anchor() tab above, you can set attributes using the third parameter.
safe_mailto()
Identical to the above function except it writes an obfuscated version of the mailto tag using ordinal numbers written with JavaScript to help prevent the email address from being harvested by spam bots.
auto_link()
Automatically turns URLs and email addresses contained in a string into links. Example:
$string = auto_link($string);
The second parameter determines whether URLs and emails are converted or just one or the other. Default behavior is both if the parameter is not specified. Email links are encoded as safe_mailto() as shown above.
Converts only URLs:
$string = auto_link($string, 'url');
Converts only Email addresses:
$string = auto_link($string, 'email');
The third parameter determines whether links are shown in a new window. The value can be TRUE or FALSE (boolean):
$string = auto_link($string, 'both', TRUE);
url_title()
Takes a string as input and creates a human-friendly URL string. This is useful if, for example, you have a blog in which you'd like to use the title of your entries in the URL. Example:
$title = "What's wrong with CSS?";
$url_title = url_title($title);
// Produces: Whats-wrong-with-CSS
The second parameter determines the word delimiter. By default dashes are used. Options are: dash, or underscore:
$title = "What's wrong with CSS?";
$url_title = url_title($title, 'underscore');
// Produces: Whats_wrong_with_CSS
The third parameter determines whether or not lowercase characters are forced. By default they are not. Options are boolean TRUE/FALSE:
$title = "What's wrong with CSS?";
$url_title = url_title($title, 'underscore', TRUE);
// Produces: whats_wrong_with_css
prep_url()
This function will add http:// in the event that a scheme is missing from a URL. Pass the URL string to the function like this:
$url = "example.com";
$url = prep_url($url);
redirect()
Does a "header redirect" to the URI specified. If you specify the full site URL that link will be build, but for local links simply providing the URI segments to the controller you want to direct to will create the link. The function will build the URL based on your config file values.
The optional second parameter allows you to choose between the "location" method (default) or the "refresh" method. Location is faster, but on Windows servers it can sometimes be a problem. The optional third parameter allows you to send a specific HTTP Response Code - this could be used for example to create 301 redirects for search engine purposes. The default Response Code is 302. The third parameter is only available with 'location' redirects, and not 'refresh'. Examples:
if ($logged_in == FALSE)
{
redirect('/login/form/', 'refresh');
}
// with 301 redirect
redirect('/article/13', 'location', 301);
Note: In order for this function to work it must be used before anything is outputted to the browser since it utilizes server headers. Note: For very fine grained control over headers, you should use the Output Library's set_header() function.
Both Library Class and Helpers function can be used and fused together to create new Library or Helpers. That new library and helpers can then be used in our codes. This give use huge flexibility towards building our own set of application.
When we use the term "Libraries" we are normally referring to the classes that are located in the libraries directory and described in the Class Reference of this user guide. In this case, however, we will instead describe how you can create your own libraries within your application/libraries directory in order to maintain separation between your local resources and the global framework resources.
As an added bonus, CodeIgniter permits your libraries to extend native classes if you simply need to add some functionality to an existing library. Or you can even replace native libraries just by placing identically named versions in your application/libraries folder.
In summary:
- You can create entirely new libraries.
- You can extend native libraries.
- You can replace native libraries.
The page below explains these three concepts in detail.
Note: The Database classes can not be extended or replaced with your own classes. All other classes are able to be replaced/extended.
Your library classes should be placed within your application/libraries folder, as this is where CodeIgniter will look for them when they are initialized.
- File names must be capitalized. For example: Myclass.php
- Class declarations must be capitalized. For example: class Myclass
- Class names and file names must match.
Classes should have this basic prototype (Note: We are using the name Someclass purely as an example):
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Someclass {
public function some_function()
{
}
}
/* End of file Someclass.php */
From within any of your Controller functions you can initialize your class using the standard:
$this->load->library('someclass');
Where someclass is the file name, without the ".php" file extension. You can submit the file name capitalized or lower case. CodeIgniter doesn't care.
Once loaded you can access your class using the lower case version:
$this->someclass->some_function(); // Object instances will always be lower case
In the library loading function you can dynamically pass data as an array via the second parameter and it will be passed to your class constructor:
$params = array('type' => 'large', 'color' => 'red');
$this->load->library('Someclass', $params);
If you use this feature you must set up your class constructor to expect data:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Someclass {
public function __construct($params)
{
// Do something with $params
}
}
?>
You can also pass parameters stored in a config file. Simply create a config file named identically to the class file name and store it in your application/config/ folder. Note that if you dynamically pass parameters as described above, the config file option will not be available.
To access CodeIgniter's native resources within your library use the get_instance() function. This function returns the CodeIgniter super object.
Normally from within your controller functions you will call any of the available CodeIgniter functions using the $this construct:
$this->load->helper('url');
$this->load->library('session');
$this->config->item('base_url');
etc.
$this, however, only works directly within your controllers, your models, or your views. If you would like to use CodeIgniter's classes from within your own custom classes you can do so as follows:
First, assign the CodeIgniter object to a variable:
$CI =& get_instance();
Once you've assigned the object to a variable, you'll use that variable instead of $this:
$CI =& get_instance();
$CI->load->helper('url');
$CI->load->library('session');
$CI->config->item('base_url');
etc.
Note: You'll notice that the above get_instance() function is being passed by reference: $CI =& get_instance(); This is very important. Assigning by reference allows you to use the original CodeIgniter object rather than creating a copy of it.
Simply by naming your class files identically to a native library will cause CodeIgniter to use it instead of the native one. To use this feature you must name the file and the class declaration exactly the same as the native library. For example, to replace the native Email library you'll create a file named application/libraries/Email.php, and declare your class with:
class CI_Email {
}
Note that most native classes are prefixed with CI_.
To load your library you'll see the standard loading function:
$this->load->library('email');
Note: At this time the Database classes can not be replaced with your own versions.
If all you need to do is add some functionality to an existing library - perhaps add a function or two - then it's overkill to replace the entire library with your version. In this case it's better to simply extend the class. Extending a class is nearly identical to replacing a class with a couple exceptions:
The class declaration must extend the parent class.
Your new class name and filename must be prefixed with MY_ (this item is configurable. See below.).
For example, to extend the native Email class you'll create a file named application/libraries/MY_Email.php, and declare your class with:
class MY_Email extends CI_Email {
}
Note: If you need to use a constructor in your class make sure you extend the parent constructor:
class MY_Email extends CI_Email {
public function __construct()
{
parent::__construct();
}
}
To load your sub-class you'll use the standard syntax normally used. DO NOT include your prefix. For example, to load the example above, which extends the Email class, you will use:
$this->load->library('email');
Once loaded you will use the class variable as you normally would for the class you are extending. In the case of the email class all calls will use:
$this->email->some_function();
To set your own sub-class prefix, open your application/config/config.php file and look for this item:
$config['subclass_prefix'] = 'MY_';
Please note that all native CodeIgniter libraries are prefixed with CI_ so DO NOT use that as your prefix.
Helpers are simply a collection of functions that we can use in our codeigniter script. The function can be used either in Controller, View and even Models. What the functions do is up to us to decide.
Simple way to decide either to build a function of a library is by looking at its usage and complexity. If the features can be group into one then it may be more suitable to be library. If what wee are looking at are simple 1 function which we need to be available throughout the application then helpers are the answer.
All of our own helpers should be located at applications/helpers/name_helper.php with name is our helper file name.
Note: helper file name should end with _helper.php for it to work.
Example, create new file application/helpers/self_helper.php and put codes below as an example
function dumper($multi){
echo '<pre><code>';
var_dump($multi);
echo '</code></pre>';
}
Load the helper anywhere inside MVC by using common $this->load->helper(); and only user the name without _helper.php.
$this->load->helper('self');
Now, we can use any function inside that helper files. In this example, we try to use dumper();
$this->load->helper('self');
dumper(array('testing', 1, 2, 3));
dumper($_POST);
There will come a time when we like to use many of Codeigniter libraries and class inside helper. However, because the structure of helper functions are not bind to any class, it cannot inherit class and methods from any of CodeIgniter class. Thus hindered us from using $this-> directly inside helpers function.
However, we can use PHP native get_instance to force inheritance.
Example, create new function inside our previous self_helper with the code below:
function dump_sess(){
$CI =&get_instance();
dumper($CI->session->all_userdata());
}
This function will use previously define function dumper() and display all Codeigniter Session data. See that we force inheritance of Codeigniter $this into $CI.
Thus we can now use any of CodeIgniter class function.
As any flexible tools as CodeIgniter can offer, it is always too flexible to enforce a good programming practice. Thus here outlined a simple programming best practice and some specific Codeigniter programming best practice as encountered by writer.
If you don’t know the MVC pattern read up on it! You’ll learn soon the value of putting the data-access in models, the application logic in controllers and the visuals in views. But if you haven’t done programming in such a pattern before it might take a while to sink in, give it the chance to sink in!
A good guideline is to put as little as possible into your controller. Adhere to the DRY principle: Don’t Repeat Yourself. When functionality is needed in more than one place, create a library, helper or model (depending on what kind of functionality it is). You’ll notice that once you start to grasp the MVC basics this will become habitual and you’ll start to reap the benifits that good clean MVC code bring.
You can read up on MVC in the CI User Guide: MVC, Flow chart, Models, Views & Controllers. Or external sources like Wikipedia.
This is a simple mantra that works like a charm in simplifying Codeigniter codes. Always treat controller as data retriever and sender and model as the data processor. This will simplify controller codes to the point it looks like a map for the application data being manipulated.
Do the heavier data processing stuff inside Models.
Don’t Repeat Yourself. Put shared code where it belongs: in libraries, helpers or models, but not in controllers. Definite rule of thumb: when you’re copy-pasting code, you probably just put it in the wrong place for a second time.
One of the most often made mistakes is to forget to turn off PHP errors or Database errors, both of which are gigantic security riscs. It’s a security risk because you allow an attacker to debug his hacking using the displayed warnings.
Codeigniter offers environment settings to help with this. On any public site error_reporting should be set to 0 (or at most E_ERROR), database setting db_debug should be set to false and just for extra measure I tend to do a ini_set(‘display_errors’, ‘Off’).
At the same time you should debug your application with error_reporting set to -1 (this will show E_ALL and E_STRICT, E_ALL doesn’t include E_STRICT warnings), and solve every notice and warning before making your application public. You tend to spot “invisible” bugs sooner and thus write better code. (more on the error reporting levels on php.net)
One way to make all of this easy has been for me to set the db_debug value (in the application/config/database.php config file) to a constant I declare MP_DB_DEBUG. And add the following code to the top of the main index.php to replace the error_reporting() declaration when the site is live (will disable all errors):
ini_set('display_errors', 'Off');
error_reporting(0);
define('MP_DB_DEBUG', false);
But when in production or testing phase I’d suggest:
ini_set('display_errors', 'On');
error_reporting(-1);
define('MP_DB_DEBUG', true);
For even better error reporting Dan Horrigan ported a great error reporting script to CI which you can find on Github. This must never be switched on in a live-site environment but is a huge help during production and has probably saved me hours already.