Mongodb is vulnerable to SQL injection in PHP

[jeroengerits]

Checkout; http://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/.. Should be a fairly simple fix.

[mikelbring]

I remember reading about this. I probably won't do any updates to Mongor from here on out, Laravel is going to be getting core MongoDB ORM support in the near future. Thanks!

[jeroengerits]

Thanks for the response... Where is a more detailed roadmap? Because http://laravel.com/roadmap says nothing about mongo support, or am i missing something? And btw, thanks for mongor.

[mikelbring]

Checkout: http://forums.laravel.com/viewtopic.php?id=417

[mikelbring]

I just turned Mongor into a Eloquent-like ORM under the development branch, so I was thinking about this issue. I don't know if it's a good idea for me to force a string on the values because the developer building the application might not want a string. They might want another MongoID or an array. I am going to leave it up to them to force the right data until I can come up with a better way to do it and not limit the developer. Any ideas?

[tobsn]

why don't you include it as default option to mysql? with eloquent support. so people can just chose if its mysql or mongodb and use the same code... or at least similar code.