moving from my localhost to a public host

My CI/GroceryCrud/php app (at least version 0.1) is ready to be put on my website. What must I do? I guess I need to install CI on my webhost? Are there any directions for this? is there some "non development" version that I should be using? Or do I just follow the same procedure that I used to initially load onto my Xampp? I have about 40 days left to figure out if HostGator will work for me, so time is of the essence. 

the

proof that an old dog can learn new tricks

Just make the necessarily changes regarding paths and url in your config files. And you are set.

I set my base url to:

$config['base_url'] = 'www.rndsubstantiator.com/site/codeigniter 3.1.8/application/sub_crud';

I thought when I type

www.rndsubstantiator.com I would start up the app. I actually would prefer if www.rndsubstantiator.com/control/ would start up the app. How do I associate that sub_crud directory with /control/ ?

proof that an old dog can learn new tricks

You should put CI in the root directory aka public_html on your webbhost provider.
To be able to use http://www.rndsubstantiator.com/

Or put in a sub-folder that's named /control/ so that you can access it that way.
But it looks like you can put it in the root folder and just rename/change the routing (it's a config file, see manual) from control to sub_crud.

well I have my sub_crud (which is CI) in a directory called rndcontroller, which is off of public_html. That is because it is the thing that controls the rnd application, it has nothing to do with CI's "controllers". Seems to be working well. I have a bigger question. How can I learn how to setup my hosting environment? Is there a book on it? Perhaps a forum that deals with newbies at it? I need to secure my site and clearly won't be getting any help from tech support at my hoster.

proof that an old dog can learn new tricks

You can't make changes to a shared host*, you need a VPS plan install a Webbserver (Linux with PHP, MySQL/MariaDB and Apache/Nginx) and lock it down with custom settings.
* Some offer Cpanel or similar control panel, but they don't have anything to do with security (except password protect folders).
https://documentation.cpanel.net/display...ledge+Base

There are plenty of Books out there and documentations, but as you don't really know what you want (based on the host topic) It's hard to recommend a resource. Just google "Cpanel for beginners".

What kind of security do you need? Everything you can do on a shared host are in the CI-application itself.

I need very basic security. On the host I don't want people to access my CI code, but I do want them to be able to run the Application. I will be using Helpinator to write a help system which people can use but I don;t want them to download the help system. On my Chrome Extension in the manifest.json I have my client id and also my key.

The overall, I have a a lot of places a user can enter data, and I guess I need to make sure that my system can't be hijacked. So I need to learn some general rules to apply through the code to harden it.

proof that an old dog can learn new tricks

CI Code: As long as your server executes your code and don't display it; you are fine.
Helpinator: As long as it renders html pages they can save them, but not the source code.

All source code from Chrome Extension are available in their appdata folder. Don't know what client id and key you are referring to.
C:\Users\<Your_User_Name>\AppData\Local\Google\Chrome\User Data\Default\Extensions

Do people login with their own username/password or API-key? If not you need to add that.
Do you write your own SQL queries or let CI handle it?
Do you validate the data? So that they can't post XSS etc.

>>Do people login with their own username/password or API-key? If not you need to add that.
They log in with their google email and password if they are not already signed in. 

>>Do you write your own SQL queries or let CI handle it?
I let CI handle it

>>Do you validate the data? So that they can't post XSS etc.
No I don't. I am using Grocery Crud so alll data is entered via it. Hopefully GC does it. If not what do I do to validate? 

proof that an old dog can learn new tricks

Ok. If they can't access their data in another way or get access to other peoples data you are safe.

Great

Grocery Crud don't really have a XSS protection. They have a XSS clean function that uses strip_tags. But they don't escape anything on output (like you should). Haven't tried to bypass strip_tags, but that function deletes malformed input too. So user data can be truncated, depending on what kind of data they send.