Laravel支持使用原生SQL查詢，但應(yīng)優(yōu)先使用參數(shù)綁定以確保安全；1. 使用DB::select()執(zhí)行帶參數(shù)綁定的SELECT查詢，防止SQL注入；2. 使用DB::update()執(zhí)行UPDATE操作并返回影響行數(shù)；3. 使用DB::insert()插入數(shù)據(jù)；4. 使用DB::delete()刪除數(shù)據(jù)；5. 使用DB::statement()執(zhí)行如CREATE、ALTER等無結(jié)果集的SQL語句；6. 推薦在Query Builder中使用whereRaw、selectRaw等方法結(jié)合原生表達(dá)式以提升安全性；7. 避免使用DB::unprepared()處理用戶輸入，僅用于可信的內(nèi)部操作?？傊鶶QL可用，但必須通過參數(shù)綁定保障安全，并優(yōu)先選擇更安全的Query Builder擴(kuò)展方法。

In Laravel, while Eloquent ORM and the Query Builder are commonly used, there are times when you need to write raw SQL queries for complex operations or performance optimization. Laravel provides several ways to execute raw SQL safely and effectively.

Here’s a practical example of using raw SQL in Laravel:

? Using DB::select() for Raw SELECT Queries

use Illuminate\Support\Facades\DB;

$users = DB::select('SELECT * FROM users WHERE age > ?', [18]);

• The first parameter is the raw SQL.
• The second is an array of bindings (to prevent SQL injection).
• Returns an array of stdClass objects.

? Note: Always use parameter binding (the [18]) instead of concatenating variables directly.

? Using DB::update() for Raw UPDATE Queries

$affected = DB::update('UPDATE users SET votes = ? WHERE name = ?', [100, 'John']);

• Returns the number of affected rows.

? Using DB::insert() for Raw INSERT Queries

DB::insert('INSERT INTO users (name, email, age) VALUES (?, ?, ?)', [
    'Jane Doe',
    'jane@example.com',
    25
]);

? Using DB::delete() for Raw DELETE Queries

$deleted = DB::delete('DELETE FROM users WHERE age < ?', [18]);

? Using DB::statement() for Schema or Non-Select Queries

Use this for raw SQL that doesn't return results (e.g., CREATE, ALTER, DROP):

DB::statement('CREATE TABLE IF NOT EXISTS temp_users (id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(255))');

? Using Raw Expressions in Query Builder (Safer Alternative)

Instead of full raw queries, you can inject raw expressions where needed:

$users = DB::table('users')
    ->whereRaw('age > ? AND status = ?', [18, 'active'])
    ->selectRaw('id, name, updated_at, (age * 2) as doubled_age')
    ->get();

Or order by a raw expression:

->orderByRaw('name ASC, created_at DESC')

? Using DB::unprepared() (Not Recommended)

This runs raw SQL without any binding — dangerous if user input is involved.

DB::unprepared('DROP TABLE users_backup');

?? Only use for trusted internal operations (e.g., migrations, setup scripts).

Summary of Common Methods

If you're working inside Eloquent models or need more flexibility, consider using raw expressions (whereRaw, selectRaw, etc.) instead of full raw queries — they're safer and integrate better with Laravel's ecosystem.

Basically, raw SQL is supported, but always prioritize parameter binding and avoid unprepared with user data.

以上是Laravel Raw SQL查詢示例的詳細(xì)內(nèi)容。更多信息請(qǐng)關(guān)注PHP中文網(wǎng)其他相關(guān)文章！