Support the ongoing development of Laravel.io →
posted 8 years ago
Database
Last updated 2 years ago.
0

Hey,

that's actually absolutely correct. That's a feature called "Prepared Statements". Basically what's happening is there is a placeholder set in the query string (the question mark) and the query you are seeing is being "prepared" (so it says "Hey SQL, there will be this query but I don't know all the values yet. I'll just tell you where to put them later and as soon as I know them you can execute the queries with the values. All those values should NOT be SQL so just treat them as strings please!").

This is a big security factor since the values of those placeholders get treated as strings (or numbers or bools) but never as SQL Code which might change your query in a malicious way.

As soon as you execute the query (with get() or first() for example) all the placeholders automatically get replaced by the values you set for them in your where() methods.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.