security concerns while using mongodb php driver using -'php,security,mongodb'

security concerns while using mongodb php driver  using -'php,security,mongodb'

I have experiences with securing sql injections on MYSQL, but what should I be careful on MongoDB using php driver? In most of the pages I get data via GET/POST and searching/inserting the system. I search via UDID / other fields, and can insert any string value. Also I get user's cookies via javascript.

So when GET/POST, I'm adding to each variable htmlentities function?
What would replace mysql_real_escape_string? Should I use it?

So, for example, when doing

$download = array( 'url' => $_GET['url'] );


Is this OK?

Is there a way to check if a string is really a UID?
Any think else I should be aware when using MongoDB and PHP? I do get my cookies using javascript, and searching in my DB using the cookies. What about that?


asked Sep 7, 2015 by rajesh
0 votes

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
Anti-spam verification:
To avoid this verification in future, please log in or register.