CodeIgniter Interview Questions | Eklavya Online

CodeIgniter Interview Questions

The file specified in the default controller loaded by default when no file name is mentioned in the URL. By default, it is welcome.php which is the first page to be seen after installing CodeIgniter.

With URL

Welcome.php will be loaded as there is no file name mentioned in the URL.

Although as per your need, you can change the default controller in the file application/config/routes.php.

$route[‘default_controller’] = ‘ ‘;
Here, specify your file name which you want to be loaded by default.

There are three steps to create a driver:

  • Making file structure
  • Making driver list
  • Making driver(s)

CodeIgniter provides a rich set of libraries. It is an essential part of CodeIgniter as it increases the developing speed of an application. It is located in the system/library.

It can be loaded as follows,


You can enable protection by editing config.php file and setting it to

To enable CSRF make the following statement TRUE from FALSE in application/config/config.php file.

$config[‘csrf_protection’] = TRUE;

Model’s responsibility is to handle all data logic and representation and load data in the views. It is stored in application/models folder.

There are many purposes for which the URL routes are configured.

  1. To improve the number of page visits.
  2. To hide the code complexities from the user.

Instead of using ‘query-string’ approach, it uses a segment based approach.

Its structure is as follows,
The class represents a controller class that needs to be invoked.

The function is the method that is called.

ID is an additional segment that is passed to controllers.

To connect more than one database simultaneously, do the following,

$db1 = $this->load->database(‘group_one’, TRUE);
$db1 = $this->load->database(‘group_two’, TRUE);

There are three methods to create a library,

  • Creating an entirely new library
  • Extending native libraries
  • Replacing native libraries

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including victim’s session cookie and other authentication information, to a web application.

For example, suppose you have a site with a form. An attacker could create a bogus form on his site. This form could contain hidden inputs and malicious data. This form is not sent to the attacker’s site, in fact, it comes to your site. Thinking that the form is genuine, your site process it.

Now suppose that the attacker’s form point towards the deletion form in your site. If a user is logged in and redirected to the attacker’s site and then perform the search, his account will be deleted without knowing him. That is the CSRF attack.

To load models in controller functions, use the following function:

If in case your model file is located in sub-directory of the model folder, then you have to mention the full path. For example, if your file location is application/controller/models/project/ModelName. Then, your file will be loaded as shown below,


The Hook is a feature in CodeIgniter that provides a way to change the inner working of the framework without hacking the core files. It facilitates you to execute a script with a particular path within the CodeIgniter. Usually, it is defined in the application/config/hooks.php file.

To enable hook, go to application/config/config.php/ file and set it TRUE as shown below,

$config[‘enable_hooks’] = TRUE;

In CodeIgniter, Inhibitor is an error handler class that uses native PHP functions like set_exception_handler, set_error_handler, register_shutdown_function to handle parse errors, exceptions, and fatal errors.

CodeIgniter is an open source and powerful framework used for developing web applications on PHP. It is loosely based on MVC pattern and similar to Cake PHP. CodeIgniter contains libraries, simple interface and logical structure to access these libraries, plug-ins, helpers and some other resources which solve the complex functions of PHP more easily maintaining high performance. It simplifies the PHP code and brings out a fully interactive, dynamic website at a much shorter time.

It should be placed in application/libraries folder.

To protect from CSRF, we need to connect both HTTP requests, form request and form submission. There are several ways to do this, but in CodeIgniter hidden field is used which is called the CSRF token. The CSRF token is a random value that changes with every HTTP request sent.

With each request, a new CSRF token is generated. When an object is created, name and value of the token are set.

$this->csrf_cookie_name = $this->csrf_token_name;
The function for it is,

function _csrf_set_hash()
if ($this->csrf_hash == ”)
if ( isset($_COOKIE[$this->csrf_cookie_name] ) AND
$_COOKIE[$this->csrf_cookie_name] != ” )
$this->csrf_hash = $_COOKIE[$this->csrf_cookie_name];
} else {
$this->csrf_hash = md5(uniqid(rand(), TRUE));
return $this->csrf_hash;

To connect database manually use following syntax,


A list of different types of hook points in CodeIgniter:

  • post_controller_constructor – It is called immediately after your controller is started but before any method call.
  • pre_controller – It is called immediately before your controller being called. At this point, all the classes, security checks, and routing have been done.
  • post_sytem – It is called after the final page is sent to the browser at the end of the system execution.
  • pre_system – It is called much before the system execution. Only benchmark and hook class have been loaded at this point.
  • cache_override – It enables you to call your function in the output class.
  • display_override – It is used to send the final page at the end of file execution.
  • post_controller – It is called immediately after your controller is entirely executed

The Second segment of URI determines which method is being called. If you want to override it, you can use _remap() method. The _remap method always get called even if URI is different. It overrides the URI. For Example:

public function _remap($methodName)
if ($methodName === ‘a_method’)

CodeIgniter security methods help to create a secure application and process input data. The methods are given below:

  • XSS filtering
  • CSRF (Cross-site Request Forgery)
  • Class reference

A list of most prominent features of CodeIgniter:

  • It is an open source framework and free to use.
  • It is extremely light weighted.
  • It is based on the Model View Controller (MVC) pattern.
  • It has full featured database classes and support for several platforms.
  • It is extensible. You can easily extend the system by using your libraries, helpers.
  • Excellent documentation.

Yes, we can add some extended functionality to a native library by adding one or two methods. It replaces the entire library with your version. So it is better to extend the class. Extending and replacing is almost identical with only following exceptions.

The class declaration must extend the parent class.
New class name and filename must be prefixed with MY_.
For example, to extend it to native Calendar, create a file MY_Calendar.php in application/libraries folder. Your class declared as class MY_Calendar extends CI_Calendar}

View folder contains all the markup files like header, footer, sidebar, etc. They can be reused by embedding them anywhere in controller file. They can’t call directly, and they have to be loaded in the controller’s file.

The View can’t be accessed directly. It is always loaded in the controller file. Following function is used to load a view page:

Write your view’s page name in the bracket. You don’t need to specify .php unless you are using some other extension.

These are a particular type of library that has a parent class and many child classes. These child classes have access to the parent class, but not to their siblings. Drivers are found in system/libraries folder.

Helpers are the group of functions that are used to assist the user to perform specific tasks.

URL Helpers: used to create the links.

Text Helpers: used for text formatting.

Cookies Helpers: used for reading and setting cookies.

XSS stands for cross-site scripting. Codeigniter contains a cross-site scripting hack prevention filter. The XSS filter targets methods to trigger JavaScript or other types of suspicious code. If it detects anything, it converts the data to character entities.

XSS filtering uses xss_clean() method to filer data.

$data = $this->security->xss_clean($data);
There is an optional second parameter, is_image, which is used to test images for XSS attacks. When this parameter is set to TRUE, it doesn’t return an altered string. Instead, it returns TRUE if an image is safe and FALSE if it contains malicious information.

if ($this->security->xss_clean($file, TRUE) === FALSE)
//file failed in xss test

If you download and unzip CodeIgniter, you get the following file structure/folder structure:


  • cache
  • Config
  • Controllers
  • core
  • errors
  • helpers
  • hooks
  • language
  • libraries
  • logs
  • models
  • third-party
  • views


  • core
  • database
  • fonts
  • helpers
  • language
  • libraries

You have to build a file name application/core/MY_Input.php and declare your class with Class MY_Input extends CI_Input {}to extend the native input class in CodeIgniter.

A controller is the intermediary between models and views to process the HTTP request and generates a web page. It is the center of every request on your web application.

Consider following URI,
In this URI, CodeIgniter try to find Front.php file and Front class.

To initialize a driver, write the following syntax,

Here, class_name is the driver name.

To load multiple helper files, specify them in an array,

array(‘helper1’, ‘helper2’, ‘helper3’)

There are the various ways by which, we can prevent CodeIgniter from CSRF. The most used method is using the hidden field in each page of the website. The hidden field is stored in the user’s session. The filed is changed with every HTTP request. The user can be detected in its every request to the website. The hidden value is always compared with the one saved in the session. If it is the same, the request is valid.

CodeIgniter framework is based on MVC pattern. MVC is a software that gives you a separate logical view from the presentation view. Due to this, a web page contains minimal scripting.

Model – The Controller manages models. It represents your data structure. Model classes contain functions through which you can insert, retrieve or update information in your database.
View – View is the information that is presented in front of users. It can be a web page or parts the page like header and footer.
Controllers – Controller is the intermediary between models and view to process HTTP request and generates a web page. All the requests received by the controller are passed on to models and view to process the information.

Routing is a technique by which you can define your URLs according to the requirement instead of using the predefined URLs. Routes can be classified in two ways, either using Wildcards or Regular Expressions.

There are two types of wildcards:

:num−series containing only numbers matched.
:any−series containing only characters matched.
Regular Expression
Regular expressions are also used to redirect routes.

$route[‘blog'(a-zA-Z0-9]+)’] = ‘women/social’;
You can create your regular expression to run your URL.