How to prevent SQL injection in Laravel?
Document says that Eloquent handles this behind the scene but you can also use like DB::escape($q)
to be in safer side
yes Eloquent uses parameter binding behind the scene, which safely escapes any input used in where().