From 5afd45c16a878b663c068c70e211c4d2dc44c96c Mon Sep 17 00:00:00 2001 From: Kristina Chodorow Date: Fri, 30 Jul 2010 14:41:28 +0000 Subject: [PATCH] change $in to $ne git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@301720 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/mongo/security.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/mongo/security.xml b/reference/mongo/security.xml index 2bcfe274c5..8a85a769db 100644 --- a/reference/mongo/security.xml +++ b/reference/mongo/security.xml @@ -21,7 +21,7 @@ Someone could subvert this by getting - http://www.example.com?password[$in]=foo, which PHP + http://www.example.com?password[$ne]=foo, which PHP will magically turn into an associative array, turning your query into $collection->find(array("username" => array('$ne' => "foo"))), which will return all users not named "foo" (all of your users, probably).