Escape raw SQL queries in Laravel 4
You can quote your strings this way, through the DB
facade.
DB::connection()->getPdo()->quote("string to quote");
I did put this answer in my question when I discovered it, however I've now put it in as an actual answer to make it easier for others to find.
$value = Input::get("userID");
$results = DB::select( DB::raw("SELECT * FROM users WHERE users.id = :value"), array(
'value' => $value,
));
More Details HERE
You may also try this, (Read Documentation)
$results = DB::select('SELECT * FROM users WHERE users.id = ?', array($userId));
Two answers here, that I use, have less verbose solutions built into the DB
facade.
First, value quoting:
// From linked answer
DB::connection()->getPdo()->quote("string to quote");
// In the DB facade
DB::getPdo()->quote('string to quote');
Second, identifier quoting (table and column names):
// From linked answer
DB::table('x')->getGrammar()->wrap('table.column');
// In the DB facade
DB::getQueryGrammar()->wrap('table.column');