This is the same with PHP. Be aware anyone using something like MongoDB, if you don't sanitize/cast your inputs, your app could be vulnerable.

e.g. if you have the code:

  $collection->findOne( array( 'username' => $_POST['username'], 'password' => $_POST['password'] ) );

someone could POST something like username[$ne]='?'&password[$ne]='?' and login.