From cd59839803a8f6b3b7ab057097ac8006ba208312 Mon Sep 17 00:00:00 2001
From: Jan BELLON <jan@intra.e59.fr>
Date: Tue, 12 Mar 2024 15:06:30 +0000
Subject: [PATCH] Update file users.php

---
 html/users.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/html/users.php b/html/users.php
index 308bfba9..20b5f334 100644
--- a/html/users.php
+++ b/html/users.php
@@ -12,9 +12,9 @@ if(isset($_POST['userid']) && isset($_POST['role']) && isset($_POST['accreditati
     $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
 
     $req = $bdd->prepare("UPDATE users SET role = :role, accreditation = :accreditation WHERE ID = :userid");
-    $req->bindParam(':role',$_POST['role']);
-    $req->bindParam(':accreditation',$_POST['accreditation']);
-    $req->bindParam(':userid', $_POST['userid']);
+    $req->bindParam(':role',$_POST['role'], PDO::PARAM_INT);
+    $req->bindParam(':accreditation',$_POST['accreditation'], PDO::PARAM_INT);
+    $req->bindParam(':userid', $_POST['userid'], PDO::PARAM_INT);
     if ($req->execute()) {
         $status = "Utilisateur mis à jour";
     } else {
@@ -148,7 +148,7 @@ if(isset($_POST['userid']) && isset($_POST['role']) && isset($_POST['accreditati
                             echo "</select>";
                             echo "<select name='role' required>";
                             foreach($roles as $id => $nom) {
-                                if($row['accreditation'] == $id) {
+                                if($row['role'] == $id) {
                                     echo '<option value="' . $id .'" selected>' . $nom . '</option>';
                                 } else {
                                     echo '<option value="' . $id .'">' . $nom . '</option>';