# Raw SQL Injection Analyzer PRO

Category Severity Time To Fix
🛡️ Security ⚠️ Critical 10 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\RawSQLInjectionAnalyzer

# Introduction

This analyzer scans your application code to detect possible SQL injection vulnerabilities with raw SQL statements.

By default, Laravel provides protection from SQL injection if you use the Eloquent ORM to build queries. However, it also provides the ability to add raw statements, which is useful for constructing complex queries. However, you need to be careful when using raw SQL queries and ensure that you use bindings for untrusted user input data.

Consider the following code:

use App\Models\Book;

Book::whereRaw('author = '.$request->input('author'));

The code above is vulnerable to SQL injection attacks because it does not use bindings for user input data.

Some other examples of vulnerable code are:

use App\Models\Book;
use Illuminate\Facades\DB;

Book::fromRaw($request->get('query'))->get();
DB::insert('insert into books where author ='.$request->input('author'));
DB::update('update books set author ='.$request->input('author'));
DB::unprepared($request->input('query'));

# How To Fix

To fix this issue, use query parameter bindings for user input data:

use App\Models\Book;

Book::whereRaw('author = ?', [$request->input('author')]);

You can also use named parameter bindings:

use App\Models\Book;

Book::whereRaw('author = :author', ['author' => $request->input('author')]);

# Live Demo of SQL Injection Vulnerability

Here's a Laravel Playground gist (opens new window) to demonstrate a live demo of the vulnerability.

# References