DEV Community

Cover image for Laravel 9 - use bindings in your raw queries
Sandro Jhuliano Cagara
Sandro Jhuliano Cagara

Posted on

Laravel 9 - use bindings in your raw queries

#laravel #programming #php #backend

You can pass an array of bindings to most raw query methods to avoid SQL injection.

This is vulnerable to SQL injection

$fullname = request('full_name');

User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
Enter fullscreen mode Exit fullscreen mode

Use bindings

User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

aneeqakhan profile image

How to Add Markers to Google Maps in React.js

Aneeqa Khan -

ashsajal profile image

JavaScript Event Loop Explained in 1 minute.

Ashfiquzzaman Sajal -

darkterminal profile image

OhMyPunk - Remember Last Tab Open in HTMX

Imam Ali Mustofa -

shaheryaryousaf profile image

What is Python? It's History, Applications and Future

Shaheryar -