Laravel - Getting Started - Running An Unprepared Statement
Sometimes you may want to execute an SQL statement without binding any values. You may use the DB
facade's unprepared
method to accomplish this:
DB::unprepared('update users set votes = 100 where name = "Dries"');
Since unprepared statements do not bind parameters, they may be vulnerable to SQL injection. You should never allow user controlled values within an unprepared statement.