OK thanks. I guess I will ask on the main forum, and stackoverflow.

Yes actually.

Anytime you are dealing with Raw queries, and you are getting your data from a user-input, you have to use Data Binding, otherwise you are not protected from SQL Injection.

Check this answer here. You have to do something similar: https://stackoverflow.com/questions/20864872/how-to-bind-parameters-to-a-raw-db-query-in-laravel-thats-used-on-a-model

Thanks @xmarks it is exactly what I needed... same query to!