The AWS PHP SDK doesn't come with a ORM (binding).
However, a few ORM options do appear on GitHub: option1, option2.
Explanation of DynamoDB and SQL injections
When you use DynamoDB, in the end you are making calls to the DynamoDB API (for example, get
, scan
, query
). Think about them as REST API endpoints that receive JSON inputs. If I want to get an element with hashId = X
, I must set it. I can't set an injection there (such as 'X' or 1=1
) because the API won't parse my string, and the engine will simply make an equality comparison between the input string and the attribute in question (in this case - the hash
primary key attribute).
From Googling around, people noted that NoSQL is not automatically immune to SQL injections (see here about MongoDB and PHP), but as far as I know you shouldn't worry when working with DynamoDB since you build the queries as part of the API and do not send long strings to the database engine for evaluation.