Last checked and updated on April 15, 2026What Is New in CodeIgniter 3
CodeIgniter 3 brings a major update focused on PHP 7 compatibility and modernizing the framework's core. The changes are significant but maintain the framework's signature lightweight and straightforward approach.
| Category | Key Changes |
|---|---|
| New Features | Added a new get_charset() method, new encryption features, and support for Composer. |
| Improvements | Full PHP 7 support, enhanced security, and numerous performance optimizations. |
| Deprecated Items | Marked several functions and constants for future removal to streamline the codebase. |
| Bug Fixes | Resolved a wide range of issues across the Database, Email, Form Validation, and Session libraries. |
| Security | Strengthened encryption and session handling to address potential vulnerabilities. |
How did CodeIgniter 3 improve PHP 7 support?
The entire framework was updated to be fully compatible with PHP 7.0 and above. This was a foundational change to ensure CodeIgniter could run on modern server environments without any deprecated function warnings or compatibility errors.
In practice, this means your applications automatically benefit from PHP 7's significant performance improvements and lower memory consumption. The update future-proofs projects built on the framework.
What security enhancements were introduced?
Security got a major boost, primarily through a revamped encryption library and stronger session management. The old Mcrypt extension was replaced with OpenSSL, which is more modern and widely supported.
Session data handling was also tightened up. This matters because it directly closes potential attack vectors related to session hijacking and data tampering, making user sessions more secure by default.
Which functions are now deprecated?
Several older functions and constants were marked for deprecation to clean up the API. Key examples include the $autoload['libraries'] configuration and specific database driver functions that had better alternatives.
You'll see "deprecated" notices in your logs if you use them. This is a clear signal to update your code now to avoid breaks in a future version. The deprecated list is a practical guide for modernizing your application's code.
What are the key library-specific changes?
Database Library
The Database library received numerous fixes for query generation and field data handling. This improves reliability, especially with complex queries and specific database drivers like PostgreSQL.
Email Library
Issues with SMTP authentication and attachment handling were resolved. These fixes make the library more dependable for sending mail in production environments.
Session Library
Beyond security, changes were made to how session data is stored and retrieved, fixing bugs that could cause data corruption or unexpected behavior.
FAQ
Is CodeIgniter 3 a breaking change from version 2?
Yes, it is. The required PHP version jump from 5.2.4 to 5.3.7 and the numerous deprecated functions mean you cannot simply drop the new files into an old project. A careful migration is necessary.
Why was the encryption library changed?
Mcrypt was deprecated in PHP 7.1 and removed in PHP 7.2. Switching to OpenSSL was essential for maintaining encryption functionality on modern PHP versions and is considered more secure.
Do I have to use Composer with CodeIgniter 3?
No, Composer support is optional. The framework remains a self-contained package, but the added Composer integration makes it easier to manage third-party dependencies if you choose to.
What is the most important thing to check when upgrading?
Check your application for any use of deprecated functions listed in the user guide. Addressing these warnings first will prevent most upgrade-related issues.
Are there any known issues with the Session library changes?
The changes are robust, but if you implemented custom session handlers or heavily modified session behavior in v2, you should test your session logic thoroughly as the underlying implementation was improved.