Difference between DB::Table and DB::Select Difference between DB::Table and DB::Select laravel laravel

Difference between DB::Table and DB::Select


php mysql laravel pdo

No, the only difference here is the syntax. Yes, a DB::select doesn't protect against SQL injection. But SQL injection is only a risk when you pass in user input. For example this is vulnerable to SQL injection:

DB::select('SELECT * FROM users WHERE name = "'.Input::get('name').'"');

Whereas this is not:

DB::table('users')->where('name', Input::get('name'))->get();

But also this isn't: (Using bindings "manually")

DB::select('SELECT * FROM users WHERE name = ?', array(Input::get('name')));

The great advantage of the query builder (besides automatically protecting against SQL injection) is it's flexible syntax. For example you could use a loop to add where statements:

$query = DB::table('users');foreach($names as $name){    $query->orWhere('name', 'LIKE', $name.'%');}$result = $query->get();

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last