Answer the question
In order to leave comments, you need to log in
Laravel, validation against unique data in the database, isn't this SQL injection?
Laravel 6. It is required to check for the uniqueness of the user input.
I do this through validation in the Rule::unique controller.
Question: The data to check for uniqueness is taken directly from the form ( $request->input('top') ). Is it safe to do so? Wouldn't that be a hole for SQL injection?
<label>Топ</labeL>
<input type="text" name="top" value="">
<label>URL</labeL>
<input type="text" name="server" value="">
<input type="submit" name="submit" value="Отправить форму">
protected function addServer(Request $request)
{
$validatedData = Validator::make($request->all(), [
'top' => ['bail', 'required', 'integer'],
'server.*' => [
'bail', 'required', 'integer','digits_between:4,6', 'distinct',
Rule::unique('servers', 'server')->where(function ($query) use ($request) {
return $query->where(['ID_Account' => Auth::id(), 'Top' => $request->input('top')]);
}),
],
], [
])->validate();
return back()->with('message', 'Server added!');
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question