How to escape a query using an Eloquent model select?
Question
DB::select takes a second parameter as described here , but Eloquent::select does not.
Here's my query:
Feature::where('company_id', Auth::user()->company_id)
->select('id','name',DB::raw("exists(select * from vehicle_features vf where vf.vehicle_id=$id and vf.feature_id=feature.id) as `checked`"))
->orderBy('name')->get(),
How can I ensure $id is escaped properly?
2 answers
solution1
4 2014-04-27 18:10:06
Use DB::getPdo()->quote($id) .
->select(
'id',
'name',
DB::raw(
"exists(select * from vehicle_features vf where vf.vehicle_id="
. DB::getPdo()->quote($id)
. " and vf.feature_id=feature.id) as `checked`"
)
)
solution2
0 2014-04-27 18:21:18
You may use PDO or easier manually add binding to the Query:
Feature::select(
'id',
'name',
// replace $id here
DB::raw("exists(select * from vehicle_features vf where vf.vehicle_id=? and vf.feature_id=feature.id) as `checked`"))
// and add this part
->addBinding($id)
->where('company_id', Auth::user()->company_id)
->orderBy('name')->get();
edit: as stated in the comments below, bindings are bugged and methods order does matter, so the above will work as expected.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Passing external elements to the model in a select query with Eloquent
How to select sub-query with left join inside using eloquent?
Using select on eloquent model causes “Undefined offset:0”
Eloquent Query using Dynamic Model Laravel
Using a Laravel model method in an Eloquent query
Laravel Eloquent: How to select friend user model?
How to select a RAW column in an Eloquent Model?
Laravel using select in Eloquent scope and query
How get self value from row to use in another select query in the self eloquent model?
How to split up an Eloquent model query
Related Tags