From 94e4bd011257b44f9b71f3aa14d7a1f293deb3f8 Mon Sep 17 00:00:00 2001
From: "barraux.a" <barraux.a@example.com>
Date: Wed, 17 Nov 2021 22:14:19 +0100
Subject: [PATCH] =?UTF-8?q?avanc=C3=A9e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 referant/cible/export.php | 22 ++++------------------
 referant/cible/search.php |  8 +++++---
 2 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/referant/cible/export.php b/referant/cible/export.php
index e8eb359..5babe53 100644
--- a/referant/cible/export.php
+++ b/referant/cible/export.php
@@ -1,24 +1,10 @@
 <?php
 
-// $connect = mysqli_connect("localhost", "root", "", "ticket");
-// $query = "SELECT * FROM `" .$_POST['bdd'] ."`";
-// $title = array_keys(mysqli_fetch_assoc(mysqli_query($connect, $query)));
-//
-// header('Content-Type: text/csv; charset=utf-8');
-// header('Content-Disposition: attachment; filename=' .$_POST['bdd'] .'.csv');
-// $output = fopen("php://output", "w");
-// fputcsv($output, $title);
-// $result = mysqli_query($connect, $query);
-// while($row = mysqli_fetch_assoc($result)) {
-//     fputcsv($output, $row);
-// }
-// fclose($output);
-//
-
 $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
-$stmt = $bdd->prepare("SELECT * FROM :base");
-$stmt->bindValue(':base', $_POST['bdd']);
-$title = array_keys($stmt->fetchArray(SQLITE3_ASSOC));
+$stmt = $bdd->prepare('SELECT * FROM :base');
+$stmt->bindParam(':base', $_POST['bdd']);
+$res = $stmt->execute();
+$title = array_keys($res->fetchArray(SQLITE3_ASSOC));
 
 header('Content-Type: text/csv; charset=utf-8');
 header('Content-Disposition: attachment; filename=' .$_POST['bdd'] .'.csv');
diff --git a/referant/cible/search.php b/referant/cible/search.php
index 6c8f308..1df4c9b 100755
--- a/referant/cible/search.php
+++ b/referant/cible/search.php
@@ -3,10 +3,12 @@ $bdd = new SQLite3('../../database/ticket_panne.db', SQLITE3_OPEN_READWRITE);
 
 try {
     // $reponse = $bdd->query("SELECT * FROM pannes WHERE `" .$_POST['champ'] ."`='" .$_POST['value'] ."'");
-    $reponse = $bdd->prepare("SELECT * FROM pannes WHERE `" .$_POST['champ'] ."`='" .$_POST['value'] ."'");
-    $reponse->execute();
+    $reponse = $bdd->prepare("SELECT * FROM pannes WHERE :champ=:value");
+    $reponse->bindParam(':champ', $_POST['champ']);
+    $reponse->bindValue(':value', $_POST['value']);
+    $fetch = $reponse->execute();
     $result = [];
-    while ($line = $reponse->fetchArray()) {
+    while ($line = $fetch->fetchArray()) {
         array_push($result, $line);
     };