Laravel validation doesn’t validate html entities

I’m working with Laravel 5.5 and I’m trying to make validation of a form which shouldn’t pass if user write html entities, for example: <h1>Hola</h1>, <script>alert(1)</script>. But it insert all field in DB. My controller: protected function storeForm(CaseRequest $request){ try { $supportCase = new SupportCase; $supportCase->type = $request->input(‘type’); // all fields of table[…] $supportCase->save(); return…

Laravel download file from php output buffer VS. private storage folder | security

A user can download query results in CSV format. The file is small (a few KB), but the contents are important. The first approach is to use php output buffer php://: $callback = function() use ($result, $columns) { $file = fopen(‘php://output’, ‘w’); fputcsv($file, $columns); foreach($result as $res) { fputcsv($file, array($res->from_user, $res->to_user, $res->message, $res->date_added)); } fclose($file);…

hasOneThough with pivot table laravel eloquent

I have the following tables mysql> describe records; +—————–+———————+——+—–+———+—————-+ | Field | Type | Null | Key | Default | Extra | +—————–+———————+——+—–+———+—————-+ | id | bigint(20) unsigned | NO | PRI | NULL | auto_increment | | event_school_id | bigint(20) unsigned | NO | MUL | NULL | | | athlete_id | bigint(20) unsigned…

Slow query in laravel

I have a laravel application but a query needs a lot of time to be executed. I tryied to build a raw query but with no success The query is this one: $utente = Utente::with(‘coll’)->with(‘collaboratori’) ->where(‘id’, ‘<>’, ‘0’) ->whereHas(‘coll’, function ($query) use($id_utente, $att_dummy){ $query->where(‘collaboratori_id’, ‘like’, $id_utente);}) ->orderBy(‘created_at’) ->get(); I tryed to look the sql query…