From 8b8912b50d32651207bde0e464f553e5a2f27669 Mon Sep 17 00:00:00 2001
From: "barraux.a" <barraux.a@example.com>
Date: Wed, 17 Nov 2021 07:13:33 +0100
Subject: [PATCH] save

---
 database/ticket_panne.db  | Bin 16384 -> 16384 bytes
 referant/cible/edit.php   |  36 ++++++++++++++++++++----------------
 referant/cible/export.php |   7 ++++---
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/database/ticket_panne.db b/database/ticket_panne.db
index f93fba35a831d77e9dfd491e6ffc473ddddd2a4e..c5d7b10ea354bb09a8b4747ddef54ca0b674f75c 100755
GIT binary patch
delta 26
hcmZo@U~Fh$oFL7pGEv5vQDtMo2VKUb&4GIB1p#hb2x|ZU

delta 26
hcmZo@U~Fh$oFL7pJW<A(QF&v+2VKU*&4GIB1p#h22xtHR

diff --git a/referant/cible/edit.php b/referant/cible/edit.php
index 9e5407b..07a6559 100755
--- a/referant/cible/edit.php
+++ b/referant/cible/edit.php
@@ -1,21 +1,25 @@
 <?php
 $decode = json_decode($_POST['value'], TRUE);
 $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
-$request = 'UPDATE pannes SET
-dates = "' .$decode["dates"] .'",
-details = "' .$decode["details"] .'",
-lieu = "' .$decode["lieu"] .'",
-salle = "' .$decode["salle"] .'",
-pos = "' .$decode["pos"] .'",
-materiel = "' .$decode["materiel"] .'",
-marque = "' .$decode["marque"] .'",
-model = "' .$decode["model"] .'",
-nserie = "' .$decode["nserie"] .'",
-demandeur = "' .$decode["demandeur"] .'",
-traitement = "' .$decode["traitement"] .'"
-WHERE ID= "' .$decode['id'] .'"';
-$update = $bdd->query($request);
+$stmt = $bdd->prepare('UPDATE pannes SET dates=:dates, details=:details, lieu=:lieu, salle=:salle, pos=:pos, materiel=:materiel, marque=:marque, model=:model, nserie=:nserie, demandeur=:demandeur, traitement=:traitement WHERE ID=:id');
 
-$traitement = $bdd->query("SELECT * FROM pannes WHERE ID=" .$decode['id']);
-print_r(json_encode($traitement->fetchArray()));
+$stmt->bindValue(':id', $decode['id']);
+$stmt->bindValue(':dates', $decode['dates']);
+$stmt->bindValue(':details', $decode['details']);
+$stmt->bindValue(':lieu', $decode['lieu']);
+$stmt->bindValue(':salle', $decode['salle']);
+$stmt->bindValue(':pos', $decode['pos']);
+$stmt->bindValue(':materiel', $decode['materiel']);
+$stmt->bindValue(':marque', $decode['marque']);
+$stmt->bindValue(':model', $decode['model']);
+$stmt->bindValue(':nserie', $decode['nserie']);
+$stmt->bindValue(':demandeur', $decode['demandeur']);
+$stmt->bindValue(':traitement', $decode['traitement']);
+
+$stmt->execute();
+
+$traitement = $bdd->prepare("SELECT * FROM pannes WHERE ID=:id");
+$traitement->bindValue(':id', $decode['id']);
+$res = $traitement->execute();
+print_r(json_encode($res->fetchArray()));
 ?>
diff --git a/referant/cible/export.php b/referant/cible/export.php
index 38a9497..e8eb359 100644
--- a/referant/cible/export.php
+++ b/referant/cible/export.php
@@ -16,15 +16,16 @@
 //
 
 $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
-$response = $bdd->query("SELECT * FROM `" .$_POST['bdd'] ."`");
-$title = array_keys($response->fetchArray(SQLITE3_ASSOC));
+$stmt = $bdd->prepare("SELECT * FROM :base");
+$stmt->bindValue(':base', $_POST['bdd']);
+$title = array_keys($stmt->fetchArray(SQLITE3_ASSOC));
 
 header('Content-Type: text/csv; charset=utf-8');
 header('Content-Disposition: attachment; filename=' .$_POST['bdd'] .'.csv');
 $output = fopen("php://output", "w");
 fputcsv($output, $title);
 
-while($row = $response->fetchArray(SQLITE3_ASSOC)) {
+while($row = $stmt->fetchArray(SQLITE3_ASSOC)) {
     fputcsv($output, $row);
 }
 fclose($output);