Pagination in CodeIgniter improves performance by reducing the number of database queries. It fetches and displays only the required data for each page, optimizing resource usage and enhancing overall application speed.

CodeIgniter provides the "Savepoints" feature for advanced transaction handling. Savepoints allow you to set points within a transaction to which you can later roll back if needed. This is especially useful for managing complex scenarios where certain parts of a transaction may need to be rolled back independently.

Role-Based Access Control (RBAC) is an access control method that restricts system access based on user roles. Implementing RBAC for database access helps limit the impact of SQL injection attacks by ensuring users only have the necessary permissions for their roles.

CodeIgniter's view caching mechanism works by storing pre-rendered views in a cache, enhancing performance by avoiding repeated rendering of the same views. This is especially useful in scenarios where views don't change frequently.

Object-Relational Mapping (ORM) frameworks, such as those used in CodeIgniter, contribute to SQL injection prevention by abstracting database interactions. This means that the framework automatically handles the translation of high-level object-oriented code into the underlying SQL queries, reducing the risk of SQL injection by preventing direct user input in SQL statements.

In OAuth, an access token is used to access a resource, while a refresh token is used to obtain a new access token when the original one expires. The refresh token provides a way to maintain access without requiring the user to re-authenticate.

The primary index.php file that serves as the entry point for a CodeIgniter application is located in the 'public' directory. This file initializes the framework and routes incoming requests to the appropriate controllers. It is essential for the proper functioning of the CodeIgniter application.

Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages. It can occur when a web application does not properly validate user input, allowing the attacker to execute scripts in the victim's browser.

In MVC architecture, the 'Controller' component is responsible for handling user inputs. It receives user requests, processes them, and interacts with the Model and View components accordingly. This separation of concerns helps maintain code organization and enhances code reusability.

This technique is known as CSRF (Cross-Site Request Forgery) protection, where the referrer header and token validity are checked to prevent unauthorized form submissions.