4 years ago

How do you parameterize whereRaw() in the query builder?

Posted 4 years ago by tag

I have this query:

$query = DB::table('clan_teams')
    ->select('clans.name', 'ibf_members.members_display_name')
    ->leftJoin('clans', 'clan_teams.clan_id', '=', 'clans.id')
    ->leftJoin('ibf_members', 'clans.leader_id', '=', 'ibf_members.id')
    ->whereRaw("(CONCAT(clans.name,' ',ibf_members.members_display_name) like '%:search%')")

The purpose of the CONCAT statement at the bottom is to create a simple multi-faceted searchable string, but I need to parameterize the actual search string I use so that it's safe from SQL injection.

But I can't find any information on how to do this with the query builder. Do I have to do a completely raw query?

Please sign in or create an account to participate in this conversation.