# Validation SQL Injection Analyzer PRO

Category Severity Time To Fix
🛡️ Security ⚠️ Critical 10 minutes

Class: Enlightn\EnlightnPro\Analyzers\Security\ValidationSQLInjectionAnalyzer

# Introduction

This analyzer scans your application code to detect possible validation rule SQL injection vulnerabilities.

If your application passes user controlled request input to the ignore method of the unique rule, your application will be vulnerable to a SQL injection attack.

Consider the following code:

use Illuminate\Validation\Rule;


The code above is vulnerable to SQL injection attacks because it passes user input to the ignore method of the unique rule.

Passing user data to the second parameter will also result in a SQL injection vulnerability:

use Illuminate\Validation\Rule;

Rule::unique('users')->ignore(5, $request->get('userid_col'));

# How To Fix

To fix this issue, do not pass any user input data to the ignore method:

use Illuminate\Validation\Rule;


# References