prevent sql injection in laravel

Suppose using raw query I have the following in laravel

$a = DB::select( DB::raw("SELECT * FROM table WHERE col = '$var'") );

How can I protect our application from SQL injection attacks in this type of cases?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

select() method in IlluminateDatabaseConnection has a way to bind our parameters:

public function select($query, $bindings = array())
{
    ....
    ....
}

so we can pass an array of bindings to the select() method

so

$a = DB::select( DB::raw("SELECT * FROM table WHERE col = :var") , array(
   'var' => $var,
 ));


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x