This is the create function in which i need to sanitize the input, use parametrized query in php. As I’m new to php please anyone could help me in this.
Ps:Edited now as stack trace functionality got solved. Thanks for suggestions
public function create(Request $request)
{
$request->hubs = ($request->hubs == "")?[]:$request->hubs;
$success_flag = true;
if($request->city != "0"){
$city_hub = HubMaster::where('city_id','=',$request->city)->select(['hub_id'])->get();
foreach($city_hub as $hub){
array_push($request->hubs,$hub->hub_id);
}
}
for($i =0;$i<count($request->hubs);$i++){
$hub_id =$request->hubs[$i];
$manual_auto = $request->manual_auto;
$manual_text = $request->manual_text;
try
{
$sql="INSERT INTO
hub_operational_info(`hub_id`,`manual_auto`,`manual_text`)
VALUES
({$hub_id},{$manual_auto},'{$manual_text}')
ON DUPLICATE KEY UPDATE
manual_auto = VALUES(manual_auto),
manual_text = VALUES(manual_text)
";
$s=DB::statement($sql);
}
catch(Exception $e)
{
$success_flag = false;
}
}
if($success_flag == true)
{
return "success";
}
else
{
return "notsuccess";
}
}
Source: Laravel
