Support the ongoing development of Laravel.io →
Authentication Security

i have a get route,

function getDetialForm(){
//Here i have to pass 2 value to let function know which form i need, something like product_id, or category_id
// So how can i do more security for these input val? i am afraid that ppl will sql inject that. 
// here is what i will do
$product = Product::Find(Input::get('product_id'));
$category = Category::Find(Input::get('category_id'));

if($product && $category){
//do something you like
}

}
  1. so how can i prevent sql injection about GET/POST input?
  2. Should i check the input value in filter.php/ route.php , dont in controllter to do it?? something like
Route::filter('old', function()
{
    if (Input::get('age') < 200)
    {
        return Redirect::to('home');
    }
});
Last updated 3 years ago.
0

Eloquent automatically prevent SQL Injection so you dont need it. For XSS prevent use e() function which escape string.

$user->bio = e(Input::get("bio"));
Last updated 3 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

devmark devmark Joined 17 May 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.