Prepared expression with Eloquent ORM / laravel

Question

Prepared expression with Eloquent ORM / laravel

I am new to laravel and am using this as an input request:

DB::table('user_input')->insert(array(
                array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))

            ));

which I would never do as in standard php as the request does not seem to be prepared and I am inserting user input directly into the request.

Is there an automatic provisioning in Eloquent ORM that I didn't recognize, or how would I write a prepared statement with Eloquent?

+3

php mysql eloquent laravel laravel-4

baao 25 nov. 14 at 16:28

source to share

1 answer

Chris schmitz · Accepted Answer · 2014-11-25T16:37:00+0000

Eloquent makes PDO style prepared statements behind the scenes to guard against things like SQL injection. Elegant models also protect against mass appropriation by default. An exception will be thrown unless you specifically notice the database columns that need to be protected, or inverse (the ones that need to be filled).

http://laravel.com/docs/4.2/eloquent#mass-assignment

If you want to dig further you can watch the class

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php`

to see how laravel creates queries in Eloquent.

Prepared expression with Eloquent ORM / laravel

More articles: