XUtils

MongoDB

MongoDB PHP Driver.

PHP
https://github.com/mongodb/mongo-php-driver

MongoDB PHP Driver

Tests Coverage Status Coding Standards

This extension is developed atop the libmongoc and libbson libraries. It provides a minimal API for core driver functionality: commands, queries, writes, connection management, and BSON serialization.

Userland PHP libraries that depend on this extension may provide higher level APIs, such as query builders, individual command helper methods, and GridFS. Application developers should consider using this extension in conjunction with the MongoDB PHP library, which implements the same higher level APIs found in MongoDB drivers for other languages.

Documentation

Release Integrity

Releases are created automatically and signed using the PHP team’s GPG key. This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:

gpg --import php-driver.asc

PECL package

PECL packages are made available as release artifacts on GitHub, as well as on the PECL homepage. The GitHub release will also contain a detached signature file for the PECL package (named mongodb-X.Y.Z.tgz.sig).

To verify the integrity of the downloaded package, run the following command:

gpg --verify mongodb-X.Y.Z.tgz.sig mongodb-X.Y.Z.tgz

[!NOTE] No verification is done when using pecl to install the package. To ensure release integrity when using pecl, download the tarball manually from the GitHub release, verify the signature, then install the package from the downloaded tarball using pecl install mongodb-X.Y.Z.tgz.

Windows

Windows binaries distributed through GitHub releases contain a detached signature for the php_mongodb.dll file named php_mongodb.dll.sig. To verify the integrity of the DLL, run the following command:

gpg --verify php_mongodb.dll.sig php_mongodb.dll.tgz

[!NOTE] Windows binaries distributed directly through PECL are not signed by MongoDB and cannot be verified. If you need to verify the integrity of the downloaded binary, always download them from the GitHub release.

Security Vulnerabilities

If you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions in Create a Vulnerability Report.

Articles

  • coming soon...