Level 88
It is right now! You need to do it like so
$search = 'something';
$raw = DB::raw('(SELECT * FROM cars WHERE cars.title like :search) cars', ['search' => '%' . $search . '%');
Form::crossJoin($raw)->get();
Dec 16, 2017
4
Level 1
“like” operatior and laravel SQL injection in join raw query
up vote 0 down vote favorite In laravel if i have a model FORM and table cars, is it safe to use raw query like this: Form::crossJoin(DB::raw('(SELECT * FROM cars WHERE cars.title like "%somewords%")cars'))->get(); In this case i used like operator for search. Is it vulnerable for sql injection? If yes, how make it safe?
Level 1
Thanks. it seems dosnt work. i used setBindings function.
Level 88
setBinding is fine as well. According to the documentation this should work fine!
Anyway, did this fix your problem?
Level 1
The above query lead to this error: General error: 2031
Please or to participate in this conversation.