Browse Source

fin du passage à sqlite et preotection des injections

master V3
BARRAUX Arthur 3 years ago
parent
commit
2dca5edfc4
  1. BIN
      database/ticket_panne.db
  2. 6
      referant/cible/export.php
  3. 3
      referant/cible/search.php

BIN
database/ticket_panne.db

Binary file not shown.

6
referant/cible/export.php

@ -1,9 +1,7 @@
<?php <?php
$bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE); $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
$stmt = $bdd->prepare('SELECT * FROM :base'); $res = $bdd->query('SELECT * FROM ' .$_POST['bdd']);
$stmt->bindParam(':base', $_POST['bdd']);
$res = $stmt->execute();
$title = array_keys($res->fetchArray(SQLITE3_ASSOC)); $title = array_keys($res->fetchArray(SQLITE3_ASSOC));
header('Content-Type: text/csv; charset=utf-8'); header('Content-Type: text/csv; charset=utf-8');
@ -11,7 +9,7 @@ header('Content-Disposition: attachment; filename=' .$_POST['bdd'] .'.csv');
$output = fopen("php://output", "w"); $output = fopen("php://output", "w");
fputcsv($output, $title); fputcsv($output, $title);
while($row = $stmt->fetchArray(SQLITE3_ASSOC)) { while($row = $res->fetchArray(SQLITE3_ASSOC)) {
fputcsv($output, $row); fputcsv($output, $row);
} }
fclose($output); fclose($output);

3
referant/cible/search.php

@ -3,8 +3,7 @@ $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
try { try {
// $reponse = $bdd->query("SELECT * FROM pannes WHERE `" .$_POST['champ'] ."`='" .$_POST['value'] ."'"); // $reponse = $bdd->query("SELECT * FROM pannes WHERE `" .$_POST['champ'] ."`='" .$_POST['value'] ."'");
$reponse = $bdd->prepare("SELECT * FROM pannes WHERE :champ=:value"); $reponse = $bdd->prepare("SELECT * FROM pannes WHERE ".$_POST['champ'] ."=:value");
$reponse->bindParam(':champ', $_POST['champ']);
$reponse->bindValue(':value', $_POST['value']); $reponse->bindValue(':value', $_POST['value']);
$fetch = $reponse->execute(); $fetch = $reponse->execute();
$result = []; $result = [];

Loading…
Cancel
Save