笨get_csrf_hash（）返回空

Question

我嘗試exprimentation與Codeigniter Security Class，因爲我要實現這個框架的任何好的功能被黑客以避免SQL注入和惡意攻擊我的網站在那裏。

---

問：

爲什麼當我嘗試回聲或print_r的thisget_csrf_hash()，它只是不會出現任何東西。

---

我現在的碼

我的控制器

<?php 

class Myclass extends CI_Controller { 

    function __construct() { 

    parent::__construct(); 

    $this->load->library('session'); 
    $this->load->helper('security'); 
    $this->load->helper('form'); 

    $this->my_simple_login->chek_login(); 

    } 

    public function index(){ 

    $this->load->view('/myform'); 

    } // end index function (show form) 

    function submit_form(){ 

    print_r($this->input->post('my_input')); // YEAH 

    print_r($this->input->post('csrf_test_name')); //empty?? 

    print_r($this->security->get_csrf_hash()); //empty?? 

    } //end form submitted 

} // end class 

我查看

 <?php 
    defined('BASEPATH') OR exit('No direct script access allowed'); 

    ?><!DOCTYPE html> 
    <head></head><body> 

<?php 
      $attributes = array('class' => 'my_html_class'); // add class to form HTML 
      echo form_open_multipart('myclass/submit_form', $attributes); 
      ?> 

      <input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash(); ?>"> 

      <input name="my_input" value="YEAH"/> 

      <button type="submit" >SUBMIT FORM</button> 

      <?php echo form_close(); ?></body></html> 

我的CI配置

$config['csrf_protection'] = TRUE; 
$config['csrf_token_name'] = 'csrf_test_name'; 
$config['csrf_cookie_name'] = 'csrf_cookie_name'; 
$config['csrf_expire'] = 7200; 
$config['csrf_regenerate'] = TRUE; 
$config['csrf_exclude_uris'] = array(); 

Answer 1

這problerm固定。因爲我不是在笨配置文件設置TRUE到$config['global_xss_filtering']。

$config['global_xss_filtering'] = TRUE;