public function save(Post $post)
{
//VULN: SQL-Injection via postId variable (G21_0018)
// I believe this is fixed
if ($post->getPostId() === null) {
$query = "INSERT INTO posts (title, author, content, date, pay, lock_user, lock_tstamp) " . "VALUES (:title, :author, :content, :date, :pay, '', 0)";
$stmt = $this->db->prepare($query);
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$pay = $post->getPay();
$stmt->bindParam(':title', $title);
$stmt->bindParam(':author', $author);
$stmt->bindParam(':content', $content);
$stmt->bindParam(':date', $date);
$stmt->bindParam(':pay', $pay);
$stmt->execute();
}
return $this->db->lastInsertId();
//Bad-Practice: No erro check if insertion worked
}
