Laravel Remove Query Builder

Question

Laravel Remove Query Builder

In the Laravel 4 Illuminate\Database\Query in the Builder class, the delete function accepts null as the id parameter. And the behavior of this function implies that if I have something like:

 DB::table('users')->where('id', $id)->delete();

And if $id is passed as null , it truncates the whole table. This means that in addition to the standard check, I have to wrap every delete statement with ! is_null($id) ! is_null($id) validation. Is this a security breach or is it considered standard practice?

+7

php mysql laravel-4

castt Mar 28 '14 at 20:50

source share

1 answer

Jason lewis · Accepted Answer · 2014-03-28T23:06:04+0000

I think you do not understand what this goal is. This is just a shortcut to the example you showed. If you have a user ID, you can delete it without writing this where clause.

 DB::table('users')->delete($id);

The above is identical to this:

 DB::table('users')->where('id', $id)->delete();

You obviously did a check before using any of these methods to ensure that a valid identifier was provided. I would not say that this is a security breach, just what you, as a developer, should know when developing your application. You do not just go willy-nilly, deleting things without first checking the input.

Laravel Remove Query Builder

More articles: