When doing a raw data query from user input like this:
$someVariable = Input::get("some_variable"); $results = DB::select( DB::raw("SELECT * FROM some_table WHERE some_col = '$someVariable'") );
we are at risk of SQL injection , to avoid that we can bin parameters to our query like this:
$someVariable = Input::get("some_variable"); $results = DB::select( DB::raw("SELECT * FROM some_table WHERE some_col = :somevariable"), array( 'somevariable' => $someVariable, ));
Another point is that if we want to do a raw that doesn’t return a value, we can do it like this
DB::statement( 'ALTER TABLE HS_Request AUTO_INCREMENT=1111' );
and that way can take parameters as well
DB::statement( 'ALTER TABLE HS_Request AUTO_INCREMENT=:incrementStart', array('incrementStart' => 1111) );