Laravel alternative query options?

B

Berkutman2020-07-28 07:02:31

Laravel

Berkutman, 2020-07-28 07:02:31

Laravel 7
What are the alternatives besides raw query data?
In what cases should I use raw queries, is this case suitable for me?

DB::connection('sqlsrv2')->select("SELECT price_rub FROM product WHERE item_id = :itemid",['itemid'=>$req->input('item_id')]);

DB::connection('sqlsrv')->update("UPDATE users SET rub = ? WHERE account_id = ?",[$ostrub,Auth::user()->account_id]);

The question was raised referring to the danger of sql injections, at the moment following strictly the documentation using empty expressions or a reference.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton Anton, 2020-07-28
@Fragster

These "raw" requests are not raw at all and injections cannot be obtained through them. Raw - this is when the query string is assembled in its entirety, without parameters being substituted. Type

DB::connection('sqlsrv2')->select("SELECT price_rub FROM product WHERE item_id = ".$req->input('item_id'));

. And yes, some people do this, and not only when using mysqli directly, but also when using pdo and various query builders there. Well, the alternative is eloquent and other orm. Need it or not - you decide

A

Alex Wells, 2020-07-28
@Alex_Wells

https://laravel.com/docs/7.x/database

DB::table()
    ->update()
    ->where()