In my controller I have this code:
public function create($brand_id)
{
Brand::findOrFail($brand_id);
}
and this:
public function search()
{
$q = Input::get('q');
$brands = Brand::where('title', 'LIKE', '%'.$q.'%')->take(80)->get();
Is this code safe? By "safe" I mean SQL injection safe. Or should I do some variable clean up here? And what is the best way for cleaning up user input? Thanks a lot for helping me :)
yes Eloquent uses parameter binding behind the scene, which safely escapes any input used in where().