Escape raw SQL queries in Laravel 4

You can quote your strings this way, through the DB facade.

DB::connection()->getPdo()->quote("string to quote");

I did put this answer in my question when I discovered it, however I've now put it in as an actual answer to make it easier for others to find.


$value = Input::get("userID");

$results = DB::select( DB::raw("SELECT * FROM users WHERE users.id = :value"), array(
   'value' => $value,
 ));

More Details HERE


You may also try this, (Read Documentation)

$results = DB::select('SELECT * FROM users WHERE users.id = ?', array($userId));

Two answers here, that I use, have less verbose solutions built into the DB facade.

First, value quoting:

// From linked answer
DB::connection()->getPdo()->quote("string to quote");
// In the DB facade
DB::getPdo()->quote('string to quote');

Second, identifier quoting (table and column names):

// From linked answer
DB::table('x')->getGrammar()->wrap('table.column');
// In the DB facade
DB::getQueryGrammar()->wrap('table.column');