preparated statements with mongodb

Look at this very basic php code:

$mng = new MongoDB\Driver\Manager("mongodb://localhost:27017");
$query = new MongoDB\Driver\Query(['login' => $_GET['login'], 'pwd' => $_GET['pwd']]);
$rows = $mng->executeQuery("ma_bdd.utilisateurs", $query);
foreach ($rows as $row)
     echo $row->login."\n";

This code is just trying to authenticate a user. But, has you can see, there is a security hole: It is possible to inject operators in $_GET values.

Is there a way to work with preparated statements like i used to do with pdo for mysql ?


1 answer