How to use safe raw queries against sql injections in laravel4 for INSERT IGNORE

Question

My laravel 4 query is like below:

foreach (Input::get('classrooms') as $keyc=>$valuec) {
        foreach (Input::get('subject') as $keys=>$values) {
        $valuesArray[] = "('".$valuec."','".$values."')"; 
            }
        }
        $someVariable = implode(",",$valuesArray);
        DB::select( DB::raw("INSERT IGNORE INTO classrooms_subjects (`classroom_id`,`subject_id`) VALUES $someVariable"));

I am really concerned if thats the safest way and any solution for this..

I have done some research and found a way but not sure if its safe: please let me know if below code is safe:

$sql = "INSERT INTO classrooms_subjects (".implode(",", $columns).") ";
        $sql .= " SELECT ".implode(",", $columns)." FROM classrooms_subjects WHERE id IN (".$toCopy.")";
        DB::insert($sql);

Answer 1

If you need to bind some data then try like this (according to the docs):

DB::insert(
    'INSERT IGNORE INTO classrooms_subjects (`classroom_id`,`subject_id`) VALUES (?, ?)',
     [$classroomId, $subjectId]
);

You can pass data with array as a secound parameter here.