Best way to prevent SQL injection on strings in Laravel

Hi,

Perhaps this question has already been posted here. But Iā€™m working on a small project where we want to store data in the database, among other things. This concerns texts that are placed in the database as json. As far as I know, Laravel already does some escaping from SQL injection, but what functions are best used for larger texts with inserts?

What is the best practice here?

PS. always shoot SQLmap against it of course :slight_smile:

The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean or sanitize strings passed to the query builder as query bindings.

Ref: https://laravel.com/docs/9.x/queries

1 Like