Firebase is a noSQL database and works differently from SQL, so how we can sanitize the data? For example, i cant seem to find mysqli_real_escape_string command for firebase database even in firebase documentation. Can anyone advice me on this? Would also appreciate if anyone can drop me a forum link about this and etc. Hungry to know about this :> Thanks
With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here.
The Firebase Realtime Database is a cloud-hosted NoSQL database that lets you store and sync data between your users in realtime.
Firebase uses NoSQL; MySQL uses SQL. Firebase is horizontally scalable; MySQL is vertically scalable. Firebase uses key-value, wide-column, graph, or document stores; MySQL is table-based.
Firebase Realtime Database (and Firestore) isn't vulnerable to SQL injection attacks.
First, it's helpful to understand what SQL injection attacks are. Please read this article to help with your understanding. Note that with SQL injection, the root problem is that the developer writes code has to build a SQL command to run, and the build (if not performed correctly) can be subtly modified by an attacker to do what they want.
With Firebase, you don't build a SQL command (or any string command composed of various parts that require escaping) in order to execute a query. Instead, you use an API provided by the SDK, and pass strings that are automatically managed by the API. This means that SQL injection is not an issue here. There is no SQL injection because there is no SQL (it's noSQL after all!).
Ensure that end users have no more access to data than they are entitled, you need to use Firebase Authentication and implement security rules that describe who has access to what data.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With