Difference between Laravel's raw SQL functions

php laravel-4 eloquent
20,271

I will try to clarify:

DB::raw()

It generates a raw and sanitized SQL string, to be passed to other query/statements, preventing SQL injections. Is to be used with all of the and never alone. And you should never send a not sanitized string to your query/statements.

DB::select(DB::raw('select * from whatever'));

DB::select()

Is for simple selects:

DB::select(DB::raw('select * from whatever'));

DB::statement()

I think it work with selects, but should be used for non SQL query commands:

DB::statement(DB::raw('update whatever set valid = true;'));

DB::unprepared()

All SQL commands in Laravel are prepared by default, but sometimes you need to execute a command in an unprepared mode, because some commands in some database cannot be ran in prepared mode. Here's an issue I opened about this: https://github.com/laravel/framework/issues/53

DB::unprepared(DB::raw('update whatever set valid = true;'));
Share:
20,271
dspitzle
Author by

dspitzle

Programmer at Washtenaw Intermediate School District, PhD in Economics, creator of the Fractal Farm (http://www.davidaspitzley.org/FractalFarm), gamer

Updated on October 07, 2020

Comments

  • dspitzle
    dspitzle over 3 years

    It seems I'm not the only person struggling with the differences between Laravel's DB::raw(), DB::select(), DB::statement(), and DB::unprepared() methods. It seems as if one almost needs to try a given SQL statement with all 4 to identify which will work. Can anybody clarify how they relate to each other, and which to use for what purposes?

  • Jarek Tkaczyk
    Jarek Tkaczyk over 9 years
    You made a little mistake in DB::raw - it generates non sanitized string and does not prevent injections. Also DB::statement could accept some commands/statements, like set @var = 0. However for most it should be unprepared like you said.
  • dspitzle
    dspitzle over 9 years
    Thanks, that is very helpful.
  • Howard
    Howard over 8 years
    For DB::statement() what do you mean by, "should be used for non SQL query commands"?
  • Syed Haziq Hamdani
    Syed Haziq Hamdani over 7 years
    What to use when we call a stored procedure, DB::select or DB::statement? For example: DB::select('call storedProcedure(?,?)',array($a,$b)); or DB::statement('call storedProcedure(?,?)',array($a,$b)); ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Creating a star rating percentage in Laravel
Method Illuminate\Support\Collection::offset does not exist
using touch() to update timestamp of custom timestamp field in laravel
Undefined property in Laravel using Eloquent
Sorting UNION queries with Laravel 4.1
Laravel 4: Eloquent relationship get all data
How do you insert related polymorphic models in Laravel 4
Getting count from pivot table in laravel eloquent
Laravel get related models of related models
Searching between two numbers(prices) in Laravel