moktar
9/25/2019 - 1:28 PM

laravel security

dork: filetype:env APP_ENV


Route::get('sql-injection-vulnerable', function() {
$name = "'Bobby' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM cats WHERE name = $name"));
});


Route::get('sql-injection-not-vulnerable', function() {
$name = "'Bobby' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM cats WHERE name = ?", [$name]));
});