Chapter 9: Security and Performance
293
According to this example, the getCategory() model function is taking a total of 3/1,000 - ths of a
second to run. Not bad for government work!
Now you understand the basics about enhancing performance. Each site is different, and each one has
different needs and resources. In each real - world project, you ’ ll need to go through your application
testing the different outcomes. With a combination of profiling, specific benchmarking, and caching, you
should be able to scale your application to whatever audience needs may be out there.
Conclusion
In this chapter, you tackled security and performance issues. In the next chapter, you integrate the site
with a checkout mechanism and tie up any remaining loose ends identified by Claudia.
Remember to keep these thoughts in mind as you continue working with CodeIgniter:
You ’ re free to use regular PHP measures like strip_tags() to control user input, but you can
also use CodeIgniter ’ s xss_clean(). You ’ re also able to extend the Security helper with your
own custom functions.
Database queries are not automatically escaped by CodeIgniter ’ s Active Record Class. If you use
insert() and update() , you will need to take the extra steps to keep data secure.
Your config file also contains protection against certain illegal characters in URI strings. Be
careful that you don ’ t introduce security vulnerabilities if you allow extra characters.
Performance tools, like benchmarking and profiling, can help you identify problem areas in
your code, whether that be sloppy controllers, bad queries, or slow - loading views. Use the tools
at your disposal to find the problem before going live, then use caching to help scale the
application to your audience needs.