Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
ortsuev332019-11-23 12:25:20
Laravel
ortsuev33, 2019-11-23 12:25:20

Are there vulnerabilities if I don't process the string?

I have an alias url parameter, before there was an id , I processed it stupidly leading to a number , but what about the string , I know that there are prepared queries through the query builder and you shouldn’t worry about sql injections. Do I still need to take or process a parameter somehow?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vitaliy Orlov, 2019-11-23
@ortsuev33

With prepared parameters, it's not worth it. Just don't use a parameter in a Raw Expression that won't be processed further. Those. this is not how you should do it

$users = DB::table('users')
                     ->select( DB::raw($_GET['select_only_columns']) )
                     ->where('status', '<>', 1)
                     ->groupBy('status')
                     ->get();

Similar questions
B
BuBux2019-09-25 16:08:51
Is it possible to get the shortcode of a Wordpress page? 2Reply
L
ligisayan2017-10-04 17:54:07
Why can't I get into the wordpress admin panel when https is enabled? 1Reply
M
morfair2017-11-22 13:46:12
What CMS to use for technical documentation? 3Reply
V
Vlad2017-11-24 19:13:59
What's with the font on the site? 3Reply
L
leopardo112015-04-27 20:29:18
How to properly install Laravel on Open Server and start learning normally? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question