Hey, my book is finally available. Find it here.  Eloquent Beyond The Basics!

🔥 Laravel Tip: Careful using user input as column names

May 10, 2022

If you need to use user input in your columns, remember to whitelist specific column names.

If you allow any input, your query is vulnerable to SQL injection.

Column names can not be `escaped` like values, so you have to check them while building your query.

Please ignore the unchecked "filter_value". The screenshot was already too big 😅
tip-image-0