Why You Should Never Concatenate SQL Strings in Laravel
Why You Should Never Concatenate SQL Strings in Laravel
$email = $_GET['email'];
$sql = "SELECT * FROM users WHERE email = '$email'";
$users = DB::select($sql);
This works fine if the email is normal, like john@example.com. But if a malicious user e...
statelyworld.hashnode.dev1 min read