Sql injection prevention in laravel

Question

I am new to Laravel and i am learning it .

What do we do in laravel to prevent sql injection ?? What is dependency injection and what do we do to prevent that ?

Answer 1

If you use Eloquent throughout, as a general rule of thumb SQL injection won't be an issue, with one proviso.

There are Eloquent methods that enable part of a query to be written out as raw SQL, such as whereRaw() and selectRaw(). If you use these and pass the query as a string with the values included as is, you are vulnerable to SQL injection, as in this example:

whereRaw("name = '$name'")

However, these methods allow you to use prepared statements by passing as the second argument an array of values:

whereRaw("name = ?", [$name])

By doing that, you should be safe from SQL injection.

Dependency injection is an entirely separate subject and I'd echo aimme in pointing you to the Laravel documentation to learn more.