diff --git a/html/login.php b/html/login.php
index 149315d4..a4cf1fe3 100644
--- a/html/login.php
+++ b/html/login.php
@@ -12,8 +12,8 @@ if(isset($_POST['username']) && isset($_POST['password'])) {
         $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
 
         $req = $bdd->prepare("SELECT ID, username, email, display_name FROM admins WHERE (username = :username OR email = :username) AND password = :password");
-        $bdd->bindParam(':username', htmlspecialchars($_POST['username']));
-        $bdd->bindParam(':password', md5($_POST['password']));
+        $req->bindParam(':username', htmlspecialchars($_POST['username']));
+        $req->bindParam(':password', md5($_POST['password']));
         $req->execute();
 
         $resultat = $req->fetchAll(PDO::FETCH_ASSOC);
diff --git a/html/upload.php b/html/upload.php
index 2a0903ca..78f861ec 100644
--- a/html/upload.php
+++ b/html/upload.php
@@ -12,9 +12,9 @@ if(isset($_POST['title']) && isset($_FILES['file'])) {
     $destination = "../content/journal/" . $filename;
     $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
     $upload = $bdd->prepare("INSERT INTO articles (ID, titre, date, auteur) VALUES (:filename, :titre, :date, :auteur)");
-    $bdd->bindParam(':filename', $filename);
-    $bdd->bindParam(':titre', htmlspecialchars($_POST['titre']));
-    $bdd->bindParam(':auteur', $_SESSION['display_name']);
+    $upload->bindParam(':filename', $filename);
+    $upload->bindParam(':titre', htmlspecialchars($_POST['titre']));
+    $upload->bindParam(':auteur', $_SESSION['display_name']);
     if (isset($_POST['date']) && empty($_POST['date']) == false) {
         $bdd->bindParam(':date', htmlspecialchars($_POST['date']));
     } else {