get_flash_keys() Returns: Array containing the keys of all “flashdata” items. Return type: array Gets a list of all $_SESSION that have been marked as “flashdata”.

flashdata([$key = NULL]) Parameters: $key (mixed) – Flashdata item key or NULL Returns: Value of the specified item key, or an array of all flashdata Return type: mixed Gets the value for a specific $_SESSION item that has been marked as “flashdata”, or an array of all “flashdata” items if no key was specified. Note This is a legacy method kept only for backwards compatibility with older applications. You should directly access $_SESSION instead.

all_userdata() Returns: An array of all userdata Return type: array Returns an array containing all “userdata” items. Note This method is DEPRECATED. Use userdata() with no parameters instead.

class CI_Session userdata([$key = NULL]) Parameters: $key (mixed) – Session item key or NULL Returns: Value of the specified item key, or an array of all userdata Return type: mixed Gets the value for a specific $_SESSION item, or an array of all “userdata” items if not key was specified. Note This is a legacy method kept only for backwards compatibility with older applications. You should directly access $_SESSION instead. all_userdata() Returns: An array of all userdata R

xss_clean($str[, $is_image = FALSE]) Parameters: $str (mixed) – Input string or an array of strings Returns: XSS-clean data Return type: mixed Tries to remove XSS exploits from the input data and returns the cleaned string. If the optional second parameter is set to true, it will return boolean TRUE if the image is safe to use and FALSE if malicious data was detected in it.

sanitize_filename($str[, $relative_path = FALSE]) Parameters: $str (string) – File name/path $relative_path (bool) – Whether to preserve any directories in the file path Returns: Sanitized file name/path Return type: string Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input. $filename = $this->security->sanitize_filename($this->input->post('file

get_random_bytes($length) Parameters: $length (int) – Output length Returns: A binary stream of random bytes or FALSE on failure Return type: string A convenience method for getting proper random bytes via mcrypt_create_iv(), /dev/urandom or openssl_random_pseudo_bytes() (in that order), if one of them is available. Used for generating CSRF and XSS tokens. Note The output is NOT guaranteed to be cryptographically secure, just the best attempt at that.

get_csrf_token_name() Returns: CSRF token name Return type: string Returns the CSRF token name (the $config['csrf_token_name'] value).

get_csrf_hash() Returns: CSRF hash Return type: string Returns the CSRF hash value. Useful in combination with get_csrf_token_name() for manually building forms or sending valid AJAX POST requests.

entity_decode($str[, $charset = NULL]) Parameters: $str (string) – Input string $charset (string) – Character set of the input string Returns: Entity-decoded string Return type: string This method acts a lot like PHP’s own native html_entity_decode() function in ENT_COMPAT mode, only it tries to detect HTML entities that don’t end in a semicolon because some browsers allow that. If the $charset parameter is left empty, then your configured $config['charset'] value will be used.