Quick Tip

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Enjoyed This Tip?

Get access to all premium tutorials, video and text courses, and exclusive Laravel resources. Join our community of 10,000+ developers.

Join Premium - $29/month View All Plans

Recent Courses on Laravel Daily

AI Agents/IDEs for Laravel: May 2026 (Claude Code, Codex, OpenCode, etc)

7 lessons

52 min

May 2026

Laravel 13 Starter Kit Teams and Customizations

10 lessons

33 min

Apr 2026

How to Build Laravel 13 API From Scratch

30 lessons

1 h 23 min

Mar 2026