Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
ortsuev332019-11-23 12:25:20
Laravel
ortsuev33, 2019-11-23 12:25:20

Are there vulnerabilities if I don't process the string?

I have an alias url parameter, before there was an id , I processed it stupidly leading to a number , but what about the string , I know that there are prepared queries through the query builder and you shouldn’t worry about sql injections. Do I still need to take or process a parameter somehow?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vitaliy Orlov, 2019-11-23
@ortsuev33

With prepared parameters, it's not worth it. Just don't use a parameter in a Raw Expression that won't be processed further. Those. this is not how you should do it

$users = DB::table('users')
                     ->select( DB::raw($_GET['select_only_columns']) )
                     ->where('status', '<>', 1)
                     ->groupBy('status')
                     ->get();

Similar questions
K
kaxa32012022-03-25 17:02:45
How to hide api fields based on user permission? 1Reply
M
Mikhail A.2020-11-09 12:39:23
How to store multiple field with link in Laravel? 2Reply
H
hbuser2014-08-25 15:47:11
How to organize the database structure for storing goods of an online store? 1Reply
E
Eugene2019-02-05 23:38:16
How to get the entry ID of notifications after it has been created? 1Reply
D
Dmi3ii2019-02-06 15:02:28
How to select recent records by a specific field? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question