R
R
Roman2020-02-23 02:50:38
Laravel
Roman, 2020-02-23 02:50:38

Laravel, validation against unique data in the database, isn't this SQL injection?

Laravel 6. It is required to check for the uniqueness of the user input.
I do this through validation in the Rule::unique controller.
Question: The data to check for uniqueness is taken directly from the form ( $request->input('top') ). Is it safe to do so? Wouldn't that be a hole for SQL injection?

<label>Топ</labeL>
    <input type="text" name="top" value="">

    <label>URL</labeL>
    <input type="text" name="server" value="">

    <input type="submit" name="submit" value="Отправить форму">


protected function addServer(Request $request)
    {
    	$validatedData = Validator::make($request->all(), [
    		'top' => ['bail', 'required', 'integer'],
    		'server.*' => [
    			'bail', 'required', 'integer','digits_between:4,6', 'distinct',
    			Rule::unique('servers', 'server')->where(function ($query) use ($request) {
    				return $query->where(['ID_Account' => Auth::id(), 'Top' => $request->input('top')]);
    			}),
    		],
    	], [
    	])->validate();
    	return back()->with('message', 'Server added!');
    }

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alex Wells, 2020-02-23
@gagablik

Safe, it won't.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question