What specific functions in the Spatie package aid in preventing SQL injection

- allowedFilters() method: This function allows you to specify which filters are permitted on a query, effectively whitelisting acceptable query parameters. By restricting filters to only those explicitly allowed, it prevents attackers from injecting malicious SQL through unexpected or unsafe query parameters[2].

- Use of Laravel's query builder and Eloquent ORM: The Spatie package leverages Laravel’s query builder and Eloquent ORM, which internally use parameterized queries and prepared statements. These mechanisms automatically bind user inputs as parameters rather than concatenating them into raw SQL strings, thereby preventing injection attacks[1][4].

- Avoidance of unsafe raw SQL functions: The package encourages avoiding raw SQL queries that directly interpolate user input. Instead, it promotes using safe abstractions like filters and scopes that sanitize and validate inputs before they reach the query layer[2][3].

In summary, the Spatie package aids SQL injection prevention by providing a safer domain-specific language (DSL) for filtering and querying that relies on Laravel’s secure query builder. Its specific functions like `allowedFilters()` help whitelist inputs, ensuring only safe, validated parameters are used in queries, thus mitigating SQL injection risks effectively[2].

Citations:
[1] https://escape.tech/blog/laravel-sql-injection-guide/
[2] https://www.reddit.com/r/laravel/comments/bbxhoc/unsafe_sql_functions_be_aware_of_your/
[3] https://stitcher.io/blog/unsafe-sql-functions-in-laravel
[4] https://www.kiuwan.com/blog/top-5-best-practices-for-developers-on-preventing-sql-injections-attacks/
[5] https://www.baeldung.com/sql-injection
[6] https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
[7] https://stackoverflow.com/questions/1862036/how-do-i-protect-this-function-from-sql-injection
[8] https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html