Quick Tip

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Enjoyed This Tip?

Get access to all premium tutorials, video and text courses, and exclusive Laravel resources. Join our community of 10,000+ developers.

Join Premium - $29/month View All Plans

Recent Courses

[NEW] NativePHP v3: Create Mobile Apps with Laravel

9 lessons

53 min

Feb 2026

Livewire v3 to v4: Changes You Need to Know

7 lessons

31 min

Jan 2026

Building a Typical Laravel SaaS

13 lessons

1 h 58 min

Dec 2025