Do I need to sanitize the user input Laravel

You should use {{{$a}}} because for example Input can has HTML tag. Laravel won't filter it.

To avoid SQL injection you should use bind your parameters running queries like:

$var = 1;
$results = DB::select('select * from users where id = ?', array($var));

and not:

$results = DB::select('select * from users where id = '.$var);

Laravel uses PDO's parameter binding, so SQL injection is not something you should worry about. You should read this though.

Input::get() does not filter anything.

Triple curly braces do the same as e() and HTML::entities(). All of them call htmlentities with UTF-8 support:

htmlentities($your_string, ENT_QUOTES, 'UTF-8', false);

Tags:

Php

Xss

Sql Injection

Laravel

Eloquent

Recent Posts