- How does this package help prevent SQL injection in Laravel?
- The package replaces raw SQL strings with PHP-based query expressions, eliminating direct string interpolation. Laravel’s query builder automatically escapes values, so even complex conditions become injection-proof. For example, `where('age', '>', $age)` is safer than `whereRaw('age > ?', [$age])`.
- Can I use this with Laravel’s Eloquent models?
- Yes, the package integrates with Eloquent’s query builder. You can replace raw queries in model scopes, accessors, or repository methods with expressive syntax. For instance, `User::whereRaw('created_at > ?', [$date])` becomes `User::where('created_at', '>', $date)`.
- What Laravel versions does this package support?
- The package is officially tested on Laravel 8, 9, and 10. It requires PHP 7.4+, which aligns with Laravel’s minimum version for these releases. Older versions (e.g., Laravel 7) may need adjustments due to query builder API changes.
- How do I migrate existing raw queries to expressive syntax?
- Start by auditing raw queries (e.g., `whereRaw`, `selectRaw`) and refactor them incrementally. Use the package’s expressive methods like `where`, `orWhere`, or `select` with operators (`=`, `>`, `LIKE`). For unsupported SQL, extend the `Expression` class to create custom builders.
- Will this package slow down my Laravel application?
- Expressive queries may generate slightly more verbose SQL, but Laravel’s query builder is optimized for performance. Benchmark critical endpoints to compare raw SQL vs. expressive queries. In most cases, the difference is negligible, and the trade-off for security and maintainability is worth it.
- Can I still use raw SQL when needed (e.g., for database-specific functions)?
- Yes, the package doesn’t block raw SQL entirely. For database-specific features (e.g., PostgreSQL’s `JSON_EXTRACT`), you can fall back to `DB::raw()` or create custom expression classes. The goal is to reduce reliance on raw SQL, not eliminate it entirely.
- How does this package improve testing in Laravel?
- Expressive queries replace SQL strings with PHP objects, making it easier to mock and test query logic. Use Laravel’s `DatabaseMigrations` or `DatabaseTransactions` traits to verify generated SQL in unit tests. For example, `DB::enableQueryLog()` can confirm the correct SQL is built.
- Does this work with third-party Laravel packages that use raw SQL?
- The package focuses on replacing raw queries in your application code, not third-party packages. If a package relies on raw SQL (e.g., for complex analytics), you may need to wrap its queries in expressive syntax or use custom expressions. Check the package’s documentation for integration tips.
- What’s the best way to enforce expressive queries in a team?
- Start with new features or non-critical endpoints to adopt the package. Use static analysis tools (e.g., PHPStan or Psalm) to detect raw queries and enforce the new syntax. Document the migration process and provide training for developers unfamiliar with Laravel’s query builder.
- Are there alternatives to this package for expressive queries in Laravel?
- Laravel’s built-in query builder already supports expressive syntax, but this package provides a structured way to replace raw SQL systematically. Alternatives include writing custom query builders or using packages like `spatie/laravel-query-builder`, though they focus on different use cases (e.g., filtering APIs).