Support the ongoing development of Laravel.io →
fluzo
posted 11 years ago
Security Input Eloquent 
$comentario = new Comentario;                
                $comentario->autor = Input::get('nombre');
                 ...
                $comentario->save();

Is this secure to sql inyection? is necessary use e(Input::get('nombre')) ?

I have found that the quotes are stored in the database without escaping

Last updated 3 years ago.
0
citricsquid
replied 11 years ago
Solution

http://laravel.com/docs/queries#introduction

Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.

You can safely pass input directly.

Last updated 3 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

fluzo fluzo Joined 2 May 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy NativePHP
Fathom
Forge
Envoyer
Beyond Code
BairesDev
N-iX
Litslink

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X (Twitter) Bluesky Bluesky GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2025 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise