Laravel DB Raw Queries: SQL Injection - How to Protect

Показать описание

A quick video showing how to protect from SQL injection in raw queries of Laravel Query Builder.

- - - - -
Support the channel by checking out our products:

Laravel Daily

Рекомендации по теме

Комментарии

Amazing, yesterday I was doing exactly this where I need to search students by fullname uses whereRaw with variable dirctly in whereRaw and now i will change it to the example you provided. Your timing is perfect as allways!

pauliuxxx

This is Just like the old basic PHP PDO concept 👍🏿

bboydarknesz

Suggestion:
Laravel provide excellent way of query data with Eloquent Modal and eloquent make things very easy for developers specially for beginners as it provide security, relations, softDeletes, mapping data and much more but in some cases Eloquent effect application performance when DB's tables contain a lot of data so for this purpose COMMUNITY recommend to use Laravel Query Builder that fetch data early as compare with Eloquent Modal.
I think Laravel team should focus on Eloquent performance.

What do you think??

salahuddinayubi

I got it, but I don't understand how does that can break into security, I mean, the query would give error in any case different, no?

yhaelopez

It same using PDO bindParam() with ? mark.

phuoctranngoc

Sir will you make a video on api gateway in laravel for micro services

nayazahmed

what about orderByRaw() ? does this also do bindings?

AneesKhan-uzmz

We have to use parametrized query...we can also use as parameter name like using : instead of ?

amitdev

hello sir can you please give solution to how to sort outer array with inner array properties in eloquent relationships .
i mean if user->with(profile), then how to sort this relationship by any inner array attribute of profile relationship .

exhinduhussain-revertmusli

Stock::updateOrCreate(
['medicine_id' => $purchaseItem->medicine_id, 'batch_id' => $purchaseItem->batch_id],
['stock' => DB::raw('stock+'.$purchaseItem->quantity), 'expiry_date' => $purchaseItem->expiry_date]
);

Whats the bettere way here with DB:raw?

lifecyclevlog

Laravel DB Raw Queries: SQL Injection - How to Protect

Laravel: Raw SQL Queries with DB::select()

Laravel DB Raw Queries: SQL Injection - How to Protect

Learn Laravel 8 Beginners Tutorial #21 - Running Database Raw Queries (DB::select(), DB::insert())

Multi-Join Raw SQL Query To Laravel Query Builder Conversion

(77) How to run Raw SQL queries in Laravel | How to use Custom Queries in Laravel

Laravel 10 full course for beginner - running raw sql queries

Running raw SQL query in Laravel

How to EASILY Convert Your Query Builder to SQL in Laravel #laravel #shorts

Learn Laravel 8 Beginners Tutorial #22 - Running Database Raw Queries (DB::update(), DB::delete())

Eloquent vs Query Builder vs SQL: Performance Test

MySQL : Why to use DB::raw inside DB::select in Laravel?

intro of raw sql queries in laravel 5.7 || raw sql queries in laravel || laravel master

laravel raw queries | How to write raw queries in laravel

Laravel Eloquent Report: Group By Year with Raw Queries

How to get the raw SQL query from the Laravel Query Builder

Laravel CRUD [ Update ] Mysql Database| Laravel tutorial update query || Laravel raw sql with mysql

Laravel Eloquent ORM vs Raw Queries | Laravel Performance Testing

Laravel 10 Fundamental [Part 77] - Raw SQL Query - Insert Data

Laravel: Eloquent 'Tricks' to Query Dates from DB

Laravel Query Builder: insertOrIgnore to Ignore SQL Errors

laravel 4 random products query and limit or take with db raw

5 Laravel 7 for beginner - Raw SQL Queries

Laravel Eloquent selectRaw Query Example

laravel insert data to database using query builder part 6