Remember to use bindings in your raw queries

You can pass an array of bindings to most raw query methods to avoid SQL injection.

// This is vulnerable to SQL injection
$fullname = request('full_name');
User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get();
 
// Use bindings
User::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();

Tip given by @cosmeescobedo

Like our articles?

Become a Premium Member for $129/year or $29/month
What else you will get:
  • 73 courses
  • 93 long-form tutorials
  • access to project repositories
  • access to private Discord

Recent New Courses