↧
Answer by Andy for preparated statements with mongodb
No, you can't do it with prepared statements because Mongo does not support them.As an alternative, the PHP manual says this:If you are passing $_GET (or $_POST) parameters to your queries, make sure...
View ArticleAnswer by Nico Haase for preparated statements with mongodb
Why is that a security hole? According to https://derickrethans.nl/mongodb-type-juggling.html, you're fine - there is no SQL query involved that might be vulnerable to the same kind of injection you've...
View Articlepreparated statements with mongodb
Look at this very basic php code:<?php$mng = new MongoDB\Driver\Manager("mongodb://localhost:27017");$query = new MongoDB\Driver\Query(['login' => $_GET['login'], 'pwd' => $_GET['pwd']]);$rows...
View Article