Reputation: 554
MongoDB injection in PHP and HTML
I am looking at using MongoDB with CodeIgniter, however my concern is how data is inserted into the database, most examples take the post values directly into a collection which is a dream because it removes an extract step... however a user could easily inject/overwrite values going into the database, compared to SQL where you would map one-one fields in the database, there appears to be no examples of how one would avoid this type of data injection...
Potentially I see two problems, namely additional values being injected and fields containing incorrect datatypes, ie: a name containing an array or object.
Is the solution to build model classes to map my POST data to along with datatypes or is there an easier method?
EXAMPLE: MongoDB and CodeIgniter
Upvotes: 0
Views: 504
Answers (2)
Reputation: 554
Looking around I guess the only solution would be to map it into a local array or model class. An example from: http://www.php.net/manual/en/mongo.tutorial.php would be more like:
$post = $this->input->post();
$document = array( "title" => (string)$post['title'], "online" => (bool)$post['online']);
$collection->insert($document);
What does everyone think?
Upvotes: 1
Reputation: 43884
CodeIgniter has full active record abilities to help you deal with validation and sanitation of data: http://ellislab.com/codeigniter/user-guide/database/active_record.html
However you can also use something like Doctrine 2: http://docs.doctrine-project.org/en/2.0.x/cookbook/integrating-with-codeigniter.html to sovle this which has a fully fitted MongoDB verfsion of itelf.
Upvotes: 0
Related Questions
- Using mongodb with CodeIgniter 4
- Insert data in MongoDB using PHP
- PHP with MongoDB
- Codeigniter and MongoDB
- Mongo DB to Codeigniter Implementation
- mongoQB for Codeigniter Implementation
- Interfacing with MongoDB in CodeIgniter
- MongoDB Codeigniter
- Executing JS on MongoDB when inserting from PHP
- Mongo db security