Quick Laravel Tip

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Like our articles?

Become a Premium Member for $129/year or $29/month

What else you will get:

59 courses (1057 lessons, total 42 h 44 min)
79 long-form tutorials (one new every week)
access to project repositories
access to private Discord

Recent Premium Tutorials

October 27, 2022 · 6 mins, 1073 words · premium

Laravel and Chart.js: Simple Examples of Bar / Line / Pie Charts
February 07, 2023 · Updated Apr 2024 · 9 mins, 1752 words · premium

Laravel Multi-Tenancy with Multi-Database: Step-by-Step Example
May 12, 2023 · 8 mins, 1458 words · premium

Store Laravel Global Settings in the Database (with Caching)
July 10, 2023 · 9 mins, 1766 words · premium

Laravel: BelongsToMany or Polymorphic Relations? Practical example.
November 21, 2023 · 25 mins, 4879 words · premium

Filament: Stripe One-Time Payment Form with Elements
December 05, 2023 · 26 mins, 5004 words · premium

Redis in Laravel 101: Main Things You Need to Know