How CodeIgniter is more secure than core PHP coding. What are the security thing taken care by CodeIgniter, which we cannot get from core PHP without writing any special code for security. Like to prevent SQL injection we have to use mysql_real_scape_string().
Codeigniter and other popular frameworks like Zend, cake, Yii etc. they all provide methods and structure which to a certain extent force the developer to write code that is resistant to common exploits such as cross site scripting XSS, and SQL injection and other hacks. but everything really depends on the developer. frameworks will only provide a well tested structure to build ur applications. you can in some cases make much more secure code if you write core php. But that requires a very skilled developer. so in most cases using a framework will definitely give u an advantage.
I heard that codeigniter stopped it's development and also I am aware that codeigniter is still using mysql instead of mysqli function for better security in the backend.
To prevent mysql injection in codeigniter normally I use bindings in my model which is something like this:
$sql = "SELECT * FROM some_table WHERE username = ? AND password= ?";
$this->db->query($sql, array($username, $Encrypted_password));
benefit of using binds is that the values are automatically escaped, producing safer queries.
This application framework is still good for me.
http://ellislab.com/codeigniter%20/user-guide/libraries/security.html
$data = $this->security->xss_clean($data);
If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
example:-
$data = array('NAME' => $NAME,'EMAIL' => $EMAIL, 'PASSWORD' => $PASSWORD);
$clean = $this->security->xss_clean($data);