From 85c744f12db1ecb5d0d0819fc6c3453ffdb8de29 Mon Sep 17 00:00:00 2001 From: Jan BELLON Date: Fri, 8 Mar 2024 18:53:00 +0000 Subject: [PATCH] Update file news.php --- html/news.php | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/html/news.php b/html/news.php index 61dc4d04..b04c24a7 100644 --- a/html/news.php +++ b/html/news.php @@ -69,16 +69,11 @@ if (filter_var($_GET['article'], FILTER_VALIDATE_INT)) { echo ""; } else { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - if (isset($_GET['search'])) { - $req = $bdd->prepare("SELECT ID, titre, date FROM articles WHERE classification <= :accreditation AND titre LIKE '%:search%'ORDER BY date DESC"); - $req->bindParam(":search", $_GET['search']); - $req->bindParam(":accreditation", $_SESSION['accreditation']); - $req->execute(); - } else { - $req = $bdd->prepare("SELECT ID, titre, date FROM articles WHERE classification <= :accreditation ORDER BY date DESC"); - $req->bindParam(":accreditation", $_SESSION['accreditation']); - $req->execute(); - } + $search = isset($_GET['search']) ? htmlspecialchars($_GET['search']) : "" + $req = $bdd->prepare("SELECT ID, titre, date FROM articles WHERE classification <= :accreditation AND titre LIKE '%:search%'ORDER BY date DESC"); + $req->bindParam(":search", htmlspecialchars($_GET['search'])); + $req->bindParam(":accreditation", $_SESSION['accreditation']); + $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); echo "

Dernières news du Club

";