Laravel Delete Query Builder

Question

In Laravel 4 Illuminate\Database\Query in a Builder class delete function accepts null as an id parameter. And behaivor of this function implies that if I have something like:

DB::table('users')->where('id', $id)->delete(); 

And if $id will be passed as a null, it will truncate the whole table. Which means that besides standard validation, I have to wrap every delete statement with ! is_null($id) validation. Is it a security breach or it's considered as a standard practice?

Answer 1

I think you're misunderstanding what that parameters purpose is. It's simply a shortcut for the example you have shown. If you have a users ID you can delete them without writing that where clause.

DB::table('users')->delete($id); 

The above is identical to this:

DB::table('users')->where('id', $id)->delete(); 

You'd obviously perform a check prior to using any of these methods to ensure that a valid ID has been supplied. I wouldn't say it's a security breach, just something you as a developer needs to be aware of when developing your application. You don't just go willy nilly deleting things without first validating the input.