Laravel Delete Query Builder

In Laravel 4 Illuminate\Database\Query in a Builder class delete function accepts null as an id parameter. And behaivor of this function implies that if I have something like:

DB::table('users')->where('id', $id)->delete();

And if $id will be passed as a null, it will truncate the whole table. Which means that besides standard validation, I have to wrap every delete statement with ! is_null($id) validation. Is it a security breach or it's considered as a standard practice?

Answers


I think you're misunderstanding what that parameters purpose is. It's simply a shortcut for the example you have shown. If you have a users ID you can delete them without writing that where clause.

DB::table('users')->delete($id);

The above is identical to this:

DB::table('users')->where('id', $id)->delete();

You'd obviously perform a check prior to using any of these methods to ensure that a valid ID has been supplied. I wouldn't say it's a security breach, just something you as a developer needs to be aware of when developing your application. You don't just go willy nilly deleting things without first validating the input.


Need Your Help

Email Validation inside EditText

android email android-input-method

I want to validate an email introduced inside an EditText and this the code that I already have :

Axis2 MTOM Webservice and a .NET Client to consume it

c# .net web-services axis2 mtom

So i have this new Axis2 MTOM Webservice serving correctly to a java based webservice client.