SQL Injection? What is it?
I can’t believe you don’t know what is it… But here is a simple example:
Now I’ll tell you a simple source of bugs because i have too much fun with this. We have a users table with some fields for example member_type (int). The types already migrated to MongoDB. We fetch the user and we make a query with member_type value but it doesn’t work for us. Why?
Yes. When i call var_dump then i get a string but in MongoDB we need an integer. If you don’t use any ORM then if you fetch any data from MySQL what is an integer then you need a type conversion: (int)$row->member_type;