Does Laravel use Prepared Statements by default?

Question

I'm somewhat new to Laravel and this is just a quick question, does Laravel use prepared statements by default so I don't have to worry about using them? Basically, does this statement (to use the example from the Laravel website):

DB::insert('insert into users (id, name) values (?, ?)', array(1, 'Dayle'));

use prepared statements automatically? Or if I want the security that comes with prepared statements will I have to do them manually? It seems like it does because of the question marks where where the values would be but I just wanted to double check before just making that assumption and making an unnecessary security mistake.

@RahilWazir - Please don't link to the old Laravel 3 docs. Thank you. — Joseph Silber, Feb 20 '14 at 02:18
@JosephSilber Does it matter? Laravel 4 doesn't use prepared statements? :) — Rahil Wazir, Feb 20 '14 at 09:20
@RahilWazir - We don't want people to get in the habit of visiting the old docs. — Joseph Silber, Feb 20 '14 at 19:25

score 4 · Answer 1 · answered Feb 20 '14 at 03:05

4

Have a look at Connection.php.

Search for the insert method which eventually will leads you to:

$statement = $me->getPdo()->prepare($query);

answered Feb 20 '14 at 03:05

SteD

13,909
12
65
76

Maybe you can help me. Look at this : https://stackoverflow.com/questions/51838922/how-can-i-convert-many-statement-mysql-to-laravel-eloquent – moses toh Aug 14 '18 at 10:55

Does Laravel use Prepared Statements by default?

1 Answers1