Possible safety failure using Laravel?

Asked

Viewed 167 times

2

I’m helping set up a canvassing system. And I ended up running into an incident that I was a little bit in doubt whether it was something ordinary or something that could become a vulnerability in the future.

I am using Laravel. I am currently dealing with graphics and I want to analyze data from the beginning of the month with the current month. 

$date_start = Carbon::now()->startOfMonth();
$date_end = Carbon::now();

$prospectMonth = Prospect::whereBetween('created_at',[$date_start,$date_end]);

But I went to analyze the origin of these data with the command dd() and on the screen appears the following data.

dd($prospectMonth);



Builder {#352 ▼
  #query: Builder {#351 ▼
    +connection: MySqlConnection {#334 ▼
      #pdo: PDOConnection {#343 ▶}
      #readPdo: null
      #database: "----"
      #tablePrefix: ""
      #config: array:15 [▶]
      #reconnector: Closure($connection) {#337 ▶}
      #queryGrammar: MySqlGrammar {#335 ▶}
      #schemaGrammar: null
      #postProcessor: MySqlProcessor {#336}
      #events: Dispatcher {#26 ▶}
      #fetchMode: 5
      #transactions: 0
      #recordsModified: false
      #queryLog: []
      #loggingQueries: false
      #pretending: false
      #doctrineConnection: null
    }
    +grammar: MySqlGrammar {#335 ▶}
    +processor: MySqlProcessor {#336}
    +bindings: array:7 [▶]
    +aggregate: null
    +columns: null
    +distinct: false
    +from: "prospect"
    +joins: null
    +wheres: array:1 [▶]
    +groups: null
    +havings: null
    +orders: null
    +limit: null
    +offset: null
    +unions: null
    +unionLimit: null
    +unionOffset: null
    +unionOrders: null
    +lock: null
    +operators: array:29 [▶]
    +useWritePdo: false
  }
  #model: Prospect {#350 ▼
    +fillable: array:15 [▶]
    #table: "prospect"
    #connection: null
    #primaryKey: "id"
    #keyType: "int"
    +incrementing: true
    #with: []
    #withCount: []
    #perPage: 15
    +exists: false
    +wasRecentlyCreated: false
    #attributes: []
    #original: []
    #changes: []
    #casts: []
    #dates: []
    #dateFormat: null
    #appends: []
    #dispatchesEvents: []
    #observables: []
    #relations: []
    #touches: []
    +timestamps: true
    #hidden: []
    #visible: []
    #guarded: array:1 [▶]
  }
  #eagerLoad: []
  #localMacros: []
  #onDelete: null
  #passthru: array:13 [▶]
  #scopes: []
  #removedScopes: []
}

It never came to this Builder using the Laravel for any analysis I’ve done. My question is, if I am doing something wrong in the way of calling the data from the beginning of the month to the current day of the month, or if it is a security problem or Laravel or Carbon.

Note: In config inside the Builder query appears the settings of my database.

php laravel
  • 1

    It will only be a security issue if you misuse the tool; the function dd was created to facilitate the process in the development environment and ideally should never go into the production environment. Then appearing the database connection data is not a problem, since only the development team will see this return.

  • As at the end of the query you are not using a >get() to obtain the data dd shows information of your connection / Builder .

1 answer

1

Using query Builder:

$date_start = Carbon::now()->startOfMonth();
$date_end = Carbon::now();

$prospectMonth = Prospect::whereBetween('created_at',[$date_start,$date_end])->get();

If you want the sum after get() puts ->sum(), if you only want one first() in place of get()

Browser other questions tagged php laravel

You are not signed in. Login or sign up in order to post.