You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: database.md
+18Lines changed: 18 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -179,6 +179,24 @@ Some database statements do not return any value. For these types of operations,
179
179
180
180
DB::statement('drop table users');
181
181
182
+
<aname="running-an-unprepared-statement"></a>
183
+
#### Running An Unprepared Statement
184
+
185
+
Sometimes you may want to execute an SQL statement without binding any values. You may use the `DB` facade's `unprepared` method to accomplish this:
186
+
187
+
DB::unprepared('update users set votes = 100 where name = "Dries"');
188
+
189
+
> {note} Since unprepared statements do not bind parameters, they may be vulnerable to SQL injection. You should never allow user controlled values within an unprepared statement.
190
+
191
+
<aname="implicit-commits-in-transactions"></a>
192
+
#### Implicit Commits
193
+
194
+
When using the `DB` facade's `statement` and `unprepared` methods within transactions you must be careful to avoid statements that cause [implicit commits](https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html). These statements will cause the database engine to indirectly commit the entire transaction, leaving Laravel unaware of the database's transaction level. An example of such a statement is creating a database table:
195
+
196
+
DB::unprepared('create table a (col varchar(1) null)');
197
+
198
+
Please refer to the MySQL manual for [a list of all statements](https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html) that trigger implicit commits.
0 commit comments