SQL injections with noSQL databases?

Question

SQL injections with noSQL databases?

I am currently using mongoDB, and I wonder what measures we should take to ensure that any data that might cause problems is not saved. I believe that regular PHP functions like mysql_escape_string will not help here ...

Are there SQL injections for noSQL databases and especially mongoDB?
If so, what can we do to protect us from them?

+7

php sql-injection mongodb

Industrial Sep 7 '10 at 10:06

source share

2 answers

The documentation is incorrect. In PHP, you need to be careful with zero-byte attacks ( http://www.idontplaydarts.com/2011/02/mongodb-null-byte-injection-attacks/ ) as well as nesting objects ( http: //www.idontplaydarts .com / 2010/07 / mongodb-is-vulnerable-to-sql-injection-in-php-at-least / )

+3

James Feb 16 '11 at 7:21

source share

Dominic Rodger · Accepted Answer · 2010-09-07T10:09:23+0000

See MongoDB Documentation :

As a rule, with MongoDB we do not create queries from strings, so traditional SQL Injection attacks are not a problem.

There are other problems you need to know about, so you should read this page.

SQL injections with noSQL databases?

More articles: