Only until Jan 16th: coupon RESOLUTION25 for 40% off Yearly/Lifetime membership!

Read more here

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Like our articles?

Become a Premium Member for $129/year or $29/month
What else you will get:
  • 69 courses (1205 lessons, total 45 h 02 min)
  • 90 long-form tutorials (one new every week)
  • access to project repositories
  • access to private Discord

Recent New Courses