How to prevent SQL injection in Laravel?

Question

In my controller I have this code:

public function create($brand_id) {     Brand::findOrFail($brand_id); } 

and this:

public function search()  {     $q = Input::get('q');     $brands = Brand::where('title', 'LIKE', '%'.$q.'%')->take(80)->get(); 

Is this code safe? By "safe" I mean SQL injection safe. Or should I do some variable clean up here? And what is the best way for cleaning up user input? Thanks a lot for helping me :)

Answer 1

yes Eloquent uses parameter binding behind the scene, which safely escapes any input used in where().