duandongji2231 2014-01-31 13:50
浏览 35
已采纳

用PHP和HTML注入MongoDB

I am looking at using MongoDB with CodeIgniter, however my concern is how data is inserted into the database, most examples take the post values directly into a collection which is a dream because it removes an extract step... however a user could easily inject/overwrite values going into the database, compared to SQL where you would map one-one fields in the database, there appears to be no examples of how one would avoid this type of data injection...

Potentially I see two problems, namely additional values being injected and fields containing incorrect datatypes, ie: a name containing an array or object.

Is the solution to build model classes to map my POST data to along with datatypes or is there an easier method?

EXAMPLE: MongoDB and CodeIgniter

  • 写回答

2条回答 默认 最新

  • dtcmadj31951 2014-01-31 14:04
    关注

    Looking around I guess the only solution would be to map it into a local array or model class. An example from: http://www.php.net/manual/en/mongo.tutorial.php would be more like:

    $post = $this->input->post();
$document = array( "title" => (string)$post['title'], "online" => (bool)$post['online']);
$collection->insert($document);

    What does everyone think?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥120 计算机网络的新校区组网设计
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据