From d3a589e103cc3d0fb84fe310b22aac4d648c3a7c Mon Sep 17 00:00:00 2001 From: Jan BELLON Date: Thu, 7 Mar 2024 01:31:31 +0000 Subject: [PATCH] Update 2 files - /html/upload.php - /html/login.php --- html/login.php | 4 ++-- html/upload.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/html/login.php b/html/login.php index 149315d4..a4cf1fe3 100644 --- a/html/login.php +++ b/html/login.php @@ -12,8 +12,8 @@ if(isset($_POST['username']) && isset($_POST['password'])) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $req = $bdd->prepare("SELECT ID, username, email, display_name FROM admins WHERE (username = :username OR email = :username) AND password = :password"); - $bdd->bindParam(':username', htmlspecialchars($_POST['username'])); - $bdd->bindParam(':password', md5($_POST['password'])); + $req->bindParam(':username', htmlspecialchars($_POST['username'])); + $req->bindParam(':password', md5($_POST['password'])); $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); diff --git a/html/upload.php b/html/upload.php index 2a0903ca..78f861ec 100644 --- a/html/upload.php +++ b/html/upload.php @@ -12,9 +12,9 @@ if(isset($_POST['title']) && isset($_FILES['file'])) { $destination = "../content/journal/" . $filename; $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $upload = $bdd->prepare("INSERT INTO articles (ID, titre, date, auteur) VALUES (:filename, :titre, :date, :auteur)"); - $bdd->bindParam(':filename', $filename); - $bdd->bindParam(':titre', htmlspecialchars($_POST['titre'])); - $bdd->bindParam(':auteur', $_SESSION['display_name']); + $upload->bindParam(':filename', $filename); + $upload->bindParam(':titre', htmlspecialchars($_POST['titre'])); + $upload->bindParam(':auteur', $_SESSION['display_name']); if (isset($_POST['date']) && empty($_POST['date']) == false) { $bdd->bindParam(':date', htmlspecialchars($_POST['date'])); } else {