CodeIgniter is based on the Model-View-Controller (MVC) development pattern. MVC is a software approach that separates application logic from presentation. In practice, it permits web pages to contain minimal scripting since the presentation is separate from the PHP scripting.

Model: The Model represents data structures. Typically model classes will contain functions that help to retrieve, insert, and update information in database.View: The View is the information that is being presented to a user. A View will normally be a web page, but in CodeIgniter, a view can also be a page fragment like a header or footer. It can also be an RSS page, or any other type of "page".Controller: The Controller serves as an intermediary between the Model and the View, and any other resources needed to process the HTTP request and generate a web page.

Unit testing is an approach to software development in which tests are written for each function in your application. CodeIgniter's Unit Test class is quite simple, consisting of an evaluation function and two result functions.

The Input and Security Class comes with a Cross Site Scripting hack prevention filter, which can be run on a per-item basis, or can be set to filter all POST and COOKIE data automatically.

Cross-site scripting (XSS) is a way of injecting malicious JavaScript code into the application. This type of exploit can be used to hijack a user's cookie, which can effectively let the user who injected the code take the ID of any user on the website, simply by linking them to the site with the code added in.