$comentario = new Comentario;
$comentario->autor = Input::get('nombre');
...
$comentario->save();
Is this secure to sql inyection? is necessary use e(Input::get('nombre')) ?
I have found that the quotes are stored in the database without escaping
http://laravel.com/docs/queries#introduction
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
You can safely pass input directly.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community