Reputation: 829
How to secure inputs in laravel 5.4
I have been searching on the internet about this but I couldn't find the exact solution to this.
I thought that laravel already handles the validation when data are saved into the database. But then, when I checked the data on the database, I can see records that accepts html tags like <body> etc. of course, I cannot display this on the browser because it will ruin my website.
Here is how I save the data using the request on my Controller post.
public function submitTask(Request $request)
{
Task::create([
'task_title' => $request->title
]);
}
The name of my model is Task.
I want to secure my data from XXS and other sql injection.
How should I do this? many thanks.
Upvotes: 2
Views: 1051
Answers (1)
Reputation: 9927
That is the way it was designed. You are not supposed to escape your data before saving it to the database. There, it's inoffensive. You are supposed to escape your data once it's output. As presentation logic, that's a responsibility of the View, and as such, in Laravel, you do it in Blade. Before 5.0, you had to use triple curly braces {{{ }}}, but now it's on by default on {{ }}.
You can read more about this here
Upvotes: 3
Related Questions
- Laravel 5/ Form security (require clarification)
- How can i protect my laravel authentication
- How to password protect a page with Laravel?
- how to secure route when storing form data using laravel?
- How to securely send data to the controller?
- Laravel protect form hidden fields and url
- Secure and clean code in laravel 5.1
- Laravel store secure password and authenticate
- Doing more than just user+password protection in Laravel
- Laravel: configuring to protect sensitive info