public function save(Post $post) { //VULN: SQL-Injection via postId variable (G21_0018) // I believe this is fixed if ($post->getPostId() === null) { $query = "INSERT INTO posts (title, author, content, date, pay, lock_user, lock_tstamp) " . "VALUES (:title, :author, :content, :date, :pay, '', 0)"; $stmt = $this->db->prepare($query); $title = $post->getTitle(); $author = $post->getAuthor(); $content = $post->getContent(); $date = $post->getDate(); $pay = $post->getPay(); $stmt->bindParam(':title', $title); $stmt->bindParam(':author', $author); $stmt->bindParam(':content', $content); $stmt->bindParam(':date', $date); $stmt->bindParam(':pay', $pay); $stmt->execute(); } return $this->db->lastInsertId(); //Bad-Practice: No erro check if insertion worked }