DEV Community

Cover image for Laravel 9 - use bindings in your raw queries
Sandro Jhuliano Cagara
Sandro Jhuliano Cagara

Posted on

Laravel 9 - use bindings in your raw queries

#laravel #programming #php #backend

You can pass an array of bindings to most raw query methods to avoid SQL injection.

This is vulnerable to SQL injection

$fullname = request('full_name');

User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
Enter fullscreen mode Exit fullscreen mode

Use bindings

User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

zanepearton profile image

Rust + WASI: Application Monitoring

Zane -

mrcaption49 profile image

CTE | Common Table Expression | Real world scenarios examples

Pranav Bakare -

mikeyoung44 profile image

A beginner's guide to the Stable-Diffusion-Xl-Base-1.0 model by Stabilityai on Huggingface

Mike Young -

devluc profile image

Website Design Examples for Inspiration on Websitevice

Devluc -