prevent sql injection in laravel

Suppose using raw query I have the following in laravel

$a = DB::select( DB::raw("SELECT * FROM table WHERE col = '$var'") );

How can I protect our application from SQL injection attacks in this type of cases?


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

select() method in IlluminateDatabaseConnection has a way to bind our parameters:

public function select($query, $bindings = array())

so we can pass an array of bindings to the select() method


$a = DB::select( DB::raw("SELECT * FROM table WHERE col = :var") , array(
   'var' => $var,

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x