prepared statement with Eloquent ORM / laravel

Question

I\'m new to laravel and use this as a input query:

DB::table(\'user_input\')->insert(array(
                array(\'fname\' => Input::get(\'Name\'),\'lname         


        

Answer 1

Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).

http://laravel.com/docs/4.2/eloquent#mass-assignment

If you want to dig further in, you can look at the class

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php` 

to see how laravel constructs the queries in Eloquent.