Well, this came out of the blue for my dev team today. We were starting to do an autocomplete feature for our search engine in our web app, and we started seeing our mysql table of saved searched expressions by users. All of a sudden we noticed a bunch of lines like this:
'/etc/passwd' '1=1' 'drop table companies' 'or 1=1' and a couple more like that.
We knew that Laravel protects against SQL Injections by using PDO parameter binding so we never really had to think about that. We are also removing special characters(like = / , ; : etc...) from the search queries before making the connection to the database. And it indeed did nothing when that happened (so we dodged a bullet there).
But I would like to know if (and where in) Laravel has a function that checks all requests for possible sql injections, cause I would like to receive alerts whenever this type of thing happens.