ThomasMcDonald
Reputation: 323
Laravel HTML and SQL sanitisation
What are the appropriate ways to do HTML sanitisation and SQL sanitisation in Laravel 4?
Upvotes: 0
Views: 204
Answers (1)
Kirk Beard
Reputation: 9843
SQL sanitisation is handled automatically. From the docs:
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
Blade templates automatically escape variables when using curly brackets, e.g. {{ $var }}. If you do not want to escape the HTML, you need to use {!! $var !!} instead.
Upvotes: 1
Related Questions
- How to prevent SQL injection in Laravel?
- Laravel 7 Sanitizing Form Data
- Do I need to sanitize the user input Laravel
- How to escape html for Laravel
- Sanitize user input in laravel
- Laravel: sanitize user input against XSS when HTML tags are allowd
- protect SQL injection on laravel
- Input Sanitising Laravel 4
- Laravel 4 - HTML Purifier
- Laravel3: Do I need sanitization if I use Eloquent?