Laravel SelectRaw vs DB:Raw
12,278
As per Laravel's documentation:
Note: The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
Author by
vijaykumar
Hi, I’m Vijay kumar Reddy. I’m a web developer living in Bengaluru, India. I am a fan of technology, web development, and programming. I’m also interested in movies and swimming.
Updated on June 04, 2022Comments
-
vijaykumar almost 2 years
First:
DB::table('someTable') ->selectRaw('count(*), min(some_field) as someMin, max(another_field) as someMax') ->get();
Second:
DB::table('someTable')->select( array( DB::raw('min(some_field) as someMin'), DB::raw('max(another_field) as someMax'), DB::raw('COUNT(*) as `count`') ) )->get()
The above two query result is same , but my question is there any possible security issues(SQL injections) with these two queries if i use user inputs directly in where conditions.