Sql injection prevention in laravel

Question

I am new to Laravel and i am learning it .

What do we do in laravel to prevent sql injection ?? What is dependency injection and what do we do to prevent that ?

Answer 1

If you use Eloquent throughout, as a general rule of thumb SQL injection won't be an issue, with one proviso.

There are Eloquent methods that enable part of a query to be written out as raw SQL, such as whereRaw() and selectRaw(). If you use these and pass the query as a string with the values included as is, you are vulnerable to SQL injection, as in this example:

whereRaw("name = '$name'")

However, these methods allow you to use prepared statements by passing as the second argument an array of values:

whereRaw("name = ?", [$name])

By doing that, you should be safe from SQL injection.

Dependency injection is an entirely separate subject and I'd echo aimme in pointing you to the Laravel documentation to learn more.

Answer 2

SQL injection is bad. Dependency injection is good. and its two separate things. SQL injection is an attack. Dependency injection is a technique used in programming.

Laravel uses PHP PDO to build run query. So don't worry too much about sql injection unless you do it wrong way.

Read about Service Container to learn about Laravel dependency injection.