StackShield
Vulnerabilities

What Is SQL Injection?

A vulnerability where an attacker inserts malicious SQL code into a query through user input. If the application passes user input directly into SQL queries without sanitization, the attacker can read, modify, or delete data, and in some cases execute commands on the database server.

In Laravel Applications

Laravel's Eloquent ORM uses parameterized queries by default, which prevents SQL injection. Vulnerabilities are introduced when using DB::raw(), DB::statement(), or whereRaw() with unescaped user input. Always use parameter binding: DB::select("SELECT * FROM users WHERE email = ?", [$email]).

Example

DB::select("SELECT * FROM users WHERE id = " . $request->id) is vulnerable. An attacker can send id=1 OR 1=1 to dump all users. Use DB::select("SELECT * FROM users WHERE id = ?", [$request->id]) instead.

Related Terms

OWASP (Open Worldwide Application Security Project)

A nonprofit foundation that produces freely available tools, documentation, and standards for web application security. OWASP is best known for the OWASP Top 10, a list of the ten most critical web application security risks, updated every few years based on real-world data.

Vulnerability

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

Cross-Site Scripting (XSS)

A vulnerability where an attacker injects malicious JavaScript into web pages viewed by other users. The injected script runs in the victim's browser with the same privileges as legitimate scripts, allowing the attacker to steal session tokens, redirect users, or modify page content.

Related Articles

PHP Security Audit: A Developer's Guide Beyond Laravel

A comprehensive PHP security audit guide covering dependency scanning, php.ini hardening, input validation, common vulnerability classes, static analysis tools, and web server configuration.

Automated Security Testing in Laravel CI/CD Pipelines

How to add security gates to your Laravel CI/CD pipeline with GitHub Actions. Covers dependency scanning, static analysis, secret detection, and automated security monitoring.

How to Pentest a Laravel Application: A Practical Methodology

A step-by-step external penetration testing methodology for Laravel applications. Covers reconnaissance, fingerprinting, common exploit paths, tools, and when to hire a professional.

Related Fix Guides

Critical

How to Prevent SQL Injection in Laravel

SQL injection vulnerabilities in raw queries and improper Eloquent usage can expose your database. Learn how to write secure queries.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial