public function save(Post $post)
{
$query = "INSERT INTO posts (title, author, content, date, paydoc) VALUES (:title, :author, :content, :date, :paydoc)";
$query_params = array(':title' => $post->getTitle(), ':author' => $post->getAuthor(), ':content' => $post->getContent(), ':date' => $post->getDate(), ':paydoc' => $post->getPayDoc());
try {
$stmt = $this->db->prepare($query);
$stmt->execute($query_params);
return $this->db->lastInsertId();
} catch (PDOException $ex) {
die("Failed to run query: " . $ex->getMessage());
}
}
public function save(Post $post)
{
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$payed = $post->isPayedPost();
$answered = $post->isAnswered();
// Can't update posts
if ($post->getPostId() !== null) {
return;
}
$stmt = $this->pdo->prepare("INSERT INTO posts (title, author, content, date, ispayedpost, isanswered) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute(array($title, $author, $content, $date, $payed, $answered));
return $this->pdo->lastInsertId();
}
public function save(Post $post)
{
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$isAnsweredByDoctor = $post->getDoctor();
if ($post->getPostId() === null) {
// Prepare SQL statement
$stmt = $this->db->prepare("INSERT INTO posts (title, author, content, date, isAnsweredByDoctor) " . "VALUES (:title, :author, :content, :date, :isAnsweredByDoctor);");
// Bind parameters to their respective values
$stmt->bindParam(":title", $title);
$stmt->bindParam(":author", $author);
$stmt->bindParam(":content", $content);
$stmt->bindParam(":date", $date);
$stmt->bindParam(":isAnsweredByDoctor", $isAnsweredByDoctor);
// Execute query
$stmt->execute();
}
// Seems like good practice....
return $this->db->lastInsertId();
}
public function save(Post $post)
{
//VULN: SQL-Injection via postId variable (G21_0018)
// I believe this is fixed
if ($post->getPostId() === null) {
$query = "INSERT INTO posts (title, author, content, date, pay, lock_user, lock_tstamp) " . "VALUES (:title, :author, :content, :date, :pay, '', 0)";
$stmt = $this->db->prepare($query);
$title = $post->getTitle();
$author = $post->getAuthor();
$content = $post->getContent();
$date = $post->getDate();
$pay = $post->getPay();
$stmt->bindParam(':title', $title);
$stmt->bindParam(':author', $author);
$stmt->bindParam(':content', $content);
$stmt->bindParam(':date', $date);
$stmt->bindParam(':pay', $pay);
$stmt->execute();
}
return $this->db->lastInsertId();
//Bad-Practice: No erro check if insertion worked
}
