According to the MongoDB documentation, it isn't recommended to use server-side stored functions. What is the reason behind this warning?
See Question&Answers more detail:osAccording to the MongoDB documentation, it isn't recommended to use server-side stored functions. What is the reason behind this warning?
See Question&Answers more detail:osI am sure I have stated the list a couple of times despite the Google search result being filled only with people telling you how to do it:
eval
eval
has natural abilities to be easily injected, it is like a non-PDO equilivant to SQL, if you don't buld a full scale escaping library around it it will mess you up. By using these functions you are effectively replacing the safer native language of MongoDB for something that is just as insecure as any old SQL out there.eval
only works on Primaries and never any other member of the replica set$where
usage as well.That should be enough to get you started on this front.