Skip to main content
Quick Tip

Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Enjoyed This Tip?

Get access to all premium tutorials, video and text courses, and exclusive Laravel resources. Join our community of 10,000+ developers.

Join Premium - $29/month View All Plans

Recent Courses on Laravel Daily

Laravel 13 Starter Kit Teams and Customizations

10 lessons
33 min

How to Build Laravel 13 API From Scratch

30 lessons
1 h 23 min

How to Structure Laravel 13 Projects

16 lessons
1 h 32 min read

We'd Love Your Feedback

Tell us what you like or what we can improve

Feel free to share anything you like or dislike about this page or the platform in general.