public function save(Comment $comment)
{
$id = $comment->getCommentId();
$author = $comment->getAuthor();
$text = $comment->getText();
$date = (string) $comment->getDate();
$postid = $comment->getPost();
$ansdoc = $comment->getAnsDoc();
if ($comment->getCommentId() === null) {
$query = "INSERT INTO comments (author, text, date, ansdoc, belongs_to_post) VALUES (:author, :text, :date, :ansdoc, :postid)";
$query_params = array(':author' => $author, ':text' => $text, ':date' => $date, ':ansdoc' => $ansdoc, ':postid' => $postid);
try {
$stmt = $this->db->prepare($query);
$stmt->execute($query_params);
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
if ($ansdoc == 1) {
$query1 = "SELECT ansbydoc FROM posts WHERE postId= :postid";
$price = 7;
$query_params1 = array(':postid' => $postid);
try {
$stmt = $this->db->prepare($query1);
$stmt->execute($query_params1);
$rows = $stmt->fetchAll();
//if (isset($rows)) {
$this->userRepository->updateBalance($author, $price);
//}
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$query = "UPDATE posts SET ansbydoc = 1 WHERE postId= :postid";
$query_params = array(':postid' => $postid);
try {
$stmt = $this->db->prepare($query);
$stmt->execute($query_params);
return 1;
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
return 1;
/*
if ($comment->getCommentId() === null) {
$query = "INSERT INTO comments (author, text, date, belongs_to_post) "
. "VALUES ('$author', '$text', '$date', '$postid')";
return $this->db->exec($query);
}
*/
}
public function save(Comment $comment)
{
$id = (int) $comment->getCommentId();
$author = $comment->getAuthor();
$text = $comment->getText();
$date = (string) $comment->getDate();
$postid = $comment->getPost();
if ($comment->getCommentId() !== null) {
return;
}
$stmt = $this->pdo->prepare("INSERT INTO comments (author, text, date, belongs_to_post) VALUES (?, ?, ?, ?)");
$stmt->execute(array($author, $text, $date, $postid));
return $this->pdo->lastInsertId();
}
public function save(Comment $comment)
{
// SQL injection (G21_0018)
// I believe this is fixed
if ($comment->getCommentId() === null) {
$query = "INSERT INTO comments (author, text, date, belongs_to_post) VALUES (:author, :text, :date, :postid)";
$stmt = $this->db->prepare($query);
$author = $comment->getAuthor();
$text = $comment->getText();
$date = (string) $comment->getDate();
$postid = $comment->getPost();
$stmt->bindParam(':author', $author);
$stmt->bindParam(':text', $text);
$stmt->bindParam(':date', $date);
$stmt->bindparam(':postid', $postid);
return $stmt->execute();
}
}
public function save(Comment $comment)
{
$id = $comment->getCommentId();
$author = $comment->getAuthor();
$text = $comment->getText();
$date = (string) $comment->getDate();
$postid = $comment->getPost();
if ($comment->getCommentId() === null) {
// Prepare SQL statement
$stmt = $this->db->prepare('INSERT INTO comments (author, text, date, belongs_to_post) ' . "VALUES (:author, :text, :date, :postid)");
// Bind parameters to their respective values
$stmt->bindParam(":author", $author);
$stmt->bindParam(":text", $text);
$stmt->bindParam(":date", $date);
$stmt->bindParam(":postid", $postid);
// Execute query
return $stmt->execute();
}
}
