jeudi 25 août 2016

Prepare Statement with LIKE in Laravel 5.1

Greeting of the day !!

It is a raw query in laravel 5.1.

 $select = DB::select(DB::raw("SELECT * FROM `grids` INNER JOIN masters ON 
        grids.q_id=masters.q_id LEFT JOIN qrs ON qrs.qr_id= masters.qr_id
         AND qrs.mi_cd = grids.mi_cd WHERE grids.mi_cd='ZZ' 
         AND substr(grids.q_id,1,3)='".$user->id."' 
         AND grids.q_id LIKE '___".trim(":year")."%' AND qrs.submitted=1"),
      [':year'=>'$year']
      );

My problem is if I use prepare statement with like in laravel raw query then data is not found if I use without prepare statement then it will be sql injected. There is any way, prepare statement with like, in Laravel raw query???



via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire