Quick Tip

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Enjoyed This Tip?

Get access to all premium tutorials, video and text courses, and exclusive Laravel resources. Join our community of 10,000+ developers.

Join Premium - $29/month View All Plans

Recent Courses on Laravel Daily

Laravel 13 Starter Kit Teams and Customizations

10 lessons

33 min

Apr 2026

Laravel 13 Eloquent: Expert Level

41 lessons

1 h 34 min

Mar 2026

Queues in Laravel 13

18 lessons

1 h 12 min read

Mar 2026