You can pass an array of bindings to most raw query methods to avoid SQL injection.
// This is vulnerable to SQL injection$fullname = request('full_name');User::whereRaw("CONCAT(first_name, last_name) = $fullName")->get(); // Use bindingsUser::whereRaw("CONCAT(first_name, last_name) = ?", [request('full_name')])->get();Tip given by @cosmeescobedo
-front_grid.jpg)
-front_grid.jpg)
-front_grid.jpg)