DEV Community

Cover image for Laravel 9 - use bindings in your raw queries
Sandro Jhuliano Cagara
Sandro Jhuliano Cagara

Posted on

1

Laravel 9 - use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

This is vulnerable to SQL injection

$fullname = request('full_name');

User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
Enter fullscreen mode Exit fullscreen mode

Use bindings

User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more