https://stackoverflow.com/questions/20811241
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe AWS PHP SDK doesn't come with a ORM (binding).
However, a few ORM options do appear on GitHub: option1, option2.
Explanation of DynamoDB and SQL injections
When you use DynamoDB, in the end you are making calls to the DynamoDB API (for example, get, scan, query). Think about them as REST API endpoints that receive JSON inputs. If I want to get an element with hashId = X, I must set it. I can't set an injection there (such as 'X' or 1=1) because the API won't parse my string, and the engine will simply make an equality comparison between the input string and the attribute in question (in this case - the hash primary key attribute).
From Googling around, people noted that NoSQL is not automatically immune to SQL injections (see here about MongoDB and PHP), but as far as I know you shouldn't worry when working with DynamoDB since you build the queries as part of the API and do not send long strings to the database engine for evaluation.
