Currently I have created an API an using MySql is a database. But now i want to move to DynamoDB. I was using bindParam to sanitize user inputs in case while inserting data to MySql. But how to sanitize user inputs before inserting to DynamoDB
The AWS PHP SDK doesn't come with a ORM (binding).
However, a few ORM options do appear on GitHub: option1, option2.
When you use DynamoDB, in the end you are making calls to the DynamoDB API (for example, get, scan, query). Think about them as REST API endpoints that receive JSON inputs. If I want to get an element with hashId = X, I must set it. I can't set an injection there (such as 'X' or 1=1) because the API won't parse my string, and the engine will simply make an equality comparison between the input string and the attribute in question (in this case - the hash primary key attribute).
From Googling around, people noted that NoSQL is not automatically immune to SQL injections (see here about MongoDB and PHP), but as far as I know you shouldn't worry when working with DynamoDB since you build the queries as part of the API and do not send long strings to the database engine for evaluation.