Laravel Delete Query Builder
In Laravel 4 Illuminate\Database\Query in a Builder class delete function accepts null as an id parameter. And behaivor of this function implies that if I have something like:
And if $id will be passed as a null, it will truncate the whole table. Which means that besides standard validation, I have to wrap every delete statement with ! is_null($id) validation. Is it a security breach or it's considered as a standard practice?
I think you're misunderstanding what that parameters purpose is. It's simply a shortcut for the example you have shown. If you have a users ID you can delete them without writing that where clause.
The above is identical to this:
You'd obviously perform a check prior to using any of these methods to ensure that a valid ID has been supplied. I wouldn't say it's a security breach, just something you as a developer needs to be aware of when developing your application. You don't just go willy nilly deleting things without first validating the input.