jp.palubs
Reputation: 178
Laravel 5.1 how to make my eloquent query closure secured
what i'm trying to do is to Sum the total deposits of each reservation model, with the condition of less than the amount input in the text.
here's my query:
$reservations->whereHas('deposits', function($query) use ($etc_filters){
$query->havingRaw('SUM(amount) <= '.$etc_filters);
});
as you can see, i'm using havingRaw that can be injected with another query. right now i cant find any alternative solution for my code.
Upvotes: 0
Views: 317
Answers (1)
Douwe de Haan
Reputation: 6646
You can use the second argument the havingRaw method accepts, to make the value a binding, which gets escaped before it is inserted in the query:
$reservations->whereHas('deposits', function($query) use ($etc_filters){
$query->havingRaw('SUM(amount) <= ?', $etc_filters);
});
Upvotes: 2
Related Questions
- Securing a raw sql query in Laravel to prevent injections
- laravel use closure with relationship
- Laravel 5.4 Eloquent query
- laravel query with closure
- Secure and clean code in laravel 5.1
- Laravel - using mysql functions on where clause colmn
- Eloquent whereIn with closure
- How to filter Laravel 5 eloquent query using entrust
- Laravel query result is protected?
- Closures in programmatically generated Eloquent OR queries