Laravel developers should be aware that not all QueryBuilder methods prevent SQL injection attacks, and should code defensively with that in mind : r/PHP
Calling the 'trashed()' method on a soft deleted model where the deleted_at column wasn't part of the select query returns false · Issue #32705 · laravel/framework · GitHub