Support the ongoing development of Laravel.io →
Database Eloquent

I have a searchbox users can use to search fields using the following query. (I've not copied in the entire search, just the relevant part)

$searchBuild->where(function($query) use ($searchBox) {
    $query->orWhere('event', 'LIKE', '%'.$searchBox.'%');
    $query->orWhere('sub_event', 'LIKE', '%'.$searchBox.'%');
});

Where $searchBox is getting the input field when the request is made.

This works perfectly fine whenever searching for most things.

But if my input field contains a double quote (") or a backslash () it fails.

Isn't laravel using PDO and both of those should be escaped automatically?

I can't get any search with quotes or backslashes to work. Single quotes, forward slashes seem to work fine.

What am I not understanding?

But if I do

$searchBox = addslashes($searchBox);

Then it works. Do I need to be doing that on all user input? I thought the whole idea of PDO was so that I didn't have to sanitize user input for slashes.

edit:

actually addslashes may only be working for backslashes. I think double quotes still fail in my search.

edit2:

okay, I think I figued out the double quotes thing. That was a totally separate problem (I had 'smart quotes' from copying something into my table from excel and I got smart left and right quotes that was screwing stuff up).

But I still have to have 'addslashes' for anything with a quote or backslash to search. So my original question remains.

Do I need to do 'addslashes'?

Last updated 3 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Nertskull nertskull Joined 3 Apr 2015

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.