PHP display current server path

We can use getcwd it will  give you the base path:

<?php
echo getcwd();
?>

  1. To get your current working directory: getcwd()
  2. To get the document root directory: $_SERVER['DOCUMENT_ROOT']
  3. To get the filename of the current script: $_SERVER['SCRIPT_FILENAME']

What are the ways to prevent SQL injection for a CodeIgniter based website?

To prevent SQL injections in PHP, we usually use mysql_real_escape_string() function in mysql queries

In CI there are three methods to prevent SQL injections
1) Escaping Queries
2) Query Binding
3) Active Record Class

Preventing SQL injection in Codeigniter using Escaping Query Method

Example:
input->post(‘name’);
$sql = ‘SELECT * FROM product WHERE product_name=’.$this->db->escape($name);
$this->db->query($sql ;
?>

Here $this->db->escape() determines the data type so that it can escape only string data.

Preventing SQL injection in CI using Query Binding Method
db->query($sql, array(‘active’, ‘mobile’));
?>
In Query Binding Method, you don’t have to escape the values manually as it will automatically do that for you.

Preventing SQL injection in Codeigniter using Active Record Class

Using Active Records, query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.
db->get_where(‘product’,array(‘status’ => ‘active’,’sellerId’ => ’10’));
?>

What is the difference between $message and $$message?

$message is a variable and $$message is a variable of another variable.

Example
$Message = “A”;
$A= “B”;

echo $message //Output:- A
echo $$message //output :-B

That is, a variable name which can be set and used dynamically.

We can echo above strings like

echo $Message.$A;

This weill print we “AB”

Note : variable’s value can be act as variable

InnerJoin in codeigniter

Send array in Ajax with PHP

How to enable error display in CodeIgniter?

Go to