Laravel DB Raw Queries: SQL Injection - How to Protect

thanks for sharing

Suggestion:
Laravel provide excellent way of query data with Eloquent Modal and eloquent make things very easy for developers specially for beginners as it provide security, relations, softDeletes, mapping data and much more but in some cases Eloquent effect application performance when DB's tables contain a lot of data so for this purpose COMMUNITY recommend to use Laravel Query Builder that fetch data early as compare with Eloquent Modal.
I think Laravel team should focus on Eloquent performance.

What do you think??

Thank you

what about orderByRaw() ? does this also do bindings?

hello sir can you please give solution to how to sort outer array with inner array properties in eloquent relationships .
i mean if user->with(profile) , then how to sort this relationship by any inner array attribute of profile relationship .

This is Just like the old basic PHP PDO concept 👍🏿

Sir will you make a video on api gateway in laravel for micro services

We have to use parametrized query...we can also use as parameter name like using : instead of ?

It same using PDO bindParam() with ? mark.

Amazing, yesterday I was doing exactly this where I need to search students by fullname uses whereRaw with variable dirctly in whereRaw and now i will change it to the example you provided. Your timing is perfect as allways!

Thx

I got it, but I don't understand how does that can break into security, I mean, the query would give error in any case different, no?

awesome!

Stock::updateOrCreate(
['medicine_id' => $purchaseItem->medicine_id, 'batch_id' => $purchaseItem->batch_id],
['stock' => DB::raw('stock+'.$purchaseItem->quantity), 'expiry_date' => $purchaseItem->expiry_date]
);

Whats the bettere way here with DB:raw?

Named parameter will work here?

New addition to my knowledge.

Thanks