22.05.2017 - yes Eloquent uses parameter binding behind the scene, which safely escapes any input used in where()..