Merge pull request #6 from whitecube/voidgraphics-patch-1

Fix SQL injection in whereRaw

Author: toonvandenbos

src/HasSlug.php

@@ -256,7 +256,7 @@ public function resolveRouteBinding($value, $field = null)
 
         // Get the models where this slug exists in other langs as well
         $results = $this->getRouteBindingQueryBuilder()
-            ->whereRaw('JSON_SEARCH(`'.$key.'`, "one", "'.$value.'")')
+            ->whereRaw('JSON_SEARCH(`?`, "one", "?")', [$key, $value])
             ->get();
 
         // If we have zero or multiple results, don't guess