Question
I am looking at using MongoDB with CodeIgniter, however my concern is how data is inserted into the database, most examples take the post values directly into a collection which is a dream because it removes an extract step... however a user could easily inject/overwrite values going into the database, compared to SQL where you would map one-one fields in the database, there appears to be no examples of how one would avoid this type of data injection...
Potentially I see two problems, namely additional values being injected and fields containing incorrect datatypes, ie: a name containing an array or object.
Is the solution to build model classes to map my POST data to along with datatypes or is there an easier method?
EXAMPLE: MongoDB and CodeIgniter
Solution
Looking around I guess the only solution would be to map it into a local array or model class. An example from: http://www.php.net/manual/en/mongo.tutorial.php would be more like:
https://stackoverflow.com/questions/21481697
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$post = $this->input->post();
$document = array( "title" => (string)$post['title'], "online" => (bool)$post['online']);
$collection->insert($document);
What does everyone think?
OTHER TIPS
CodeIgniter has full active record abilities to help you deal with validation and sanitation of data: http://ellislab.com/codeigniter/user-guide/database/active_record.html
However you can also use something like Doctrine 2: http://docs.doctrine-project.org/en/2.0.x/cookbook/integrating-with-codeigniter.html to sovle this which has a fully fitted MongoDB verfsion of itelf.
