DEV Community

Cover image for Laravel 9 - use bindings in your raw queries
Sandro Jhuliano Cagara
Sandro Jhuliano Cagara

Posted on

Laravel 9 - use bindings in your raw queries

#laravel #programming #php #backend

You can pass an array of bindings to most raw query methods to avoid SQL injection.

This is vulnerable to SQL injection

$fullname = request('full_name');

User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
Enter fullscreen mode Exit fullscreen mode

Use bindings

User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

adaobilynda profile image

useReducer and how it is different from useState

Adaobi Okwuosa -

westtan profile image

Laravel Best Practices, Tips, and Tricks for 2025

westtan -

sanx profile image

Building a CRUD API with NestJS

Sanjay R -

404_chronicles profile image

πŸš€ Flet: The Modern Python GUI Framework That's Taking Over in 2024

404_CHRONICLES -