From f4c70a8ab7cd8ff0a2aca38e81897de2d287b440 Mon Sep 17 00:00:00 2001 From: stiti Date: Thu, 23 May 2024 09:59:04 +0200 Subject: [PATCH] Correction du model de recherche pour eviter les injections SQL --- .../application/controllers/Artiste.php | 2 +- .../application/controllers/Search.php | 18 ++++- .../application/models/Search_model.php | 18 ++--- .../application/views/artists_list.php | 2 +- .../application/views/search_results.php | 14 ++-- .../assets/css/artists_list.css | 78 +++++++++++-------- 6 files changed, 81 insertions(+), 51 deletions(-) diff --git a/CodeIgniter-3.1.13/application/controllers/Artiste.php b/CodeIgniter-3.1.13/application/controllers/Artiste.php index db8ac72..845f526 100644 --- a/CodeIgniter-3.1.13/application/controllers/Artiste.php +++ b/CodeIgniter-3.1.13/application/controllers/Artiste.php @@ -13,7 +13,7 @@ class Artiste extends CI_Controller { public function index($artiste_id){ // Récupérer les détails de l'artiste $artiste = $this->Model_artist->getArtisteById($artiste_id); - $mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id); // Correction ici + $mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id); if($artiste){ // Récupérer tous les albums de l'artiste diff --git a/CodeIgniter-3.1.13/application/controllers/Search.php b/CodeIgniter-3.1.13/application/controllers/Search.php index 122d87a..f43c682 100644 --- a/CodeIgniter-3.1.13/application/controllers/Search.php +++ b/CodeIgniter-3.1.13/application/controllers/Search.php @@ -13,6 +13,22 @@ class Search extends CI_Controller { // Récupérer la requête de recherche depuis la barre de recherche $query = $this->input->get('query'); + // Vérifier que la requête de recherche n'est pas vide + if (empty($query)) { + // Charger la vue avec un message d'erreur + $data['query'] = $query; + $data['musiques'] = []; + $data['albums'] = []; + $data['genres'] = []; + $data['artistes'] = []; + $data['error'] = "La requête de recherche ne peut pas être vide."; + + $this->load->view('layout/header_not_logged_dark'); + $this->load->view('search_results', $data); + $this->load->view('layout/footer_dark'); + return; + } + // Faire une recherche dans les musiques, les albums, les genres et les artistes $musiques = $this->Search_model->searchMusiques($query); $albums = $this->Search_model->searchAlbums($query); @@ -30,4 +46,4 @@ class Search extends CI_Controller { $this->load->view('search_results', $data); $this->load->view('layout/footer_dark'); } -} \ No newline at end of file +} diff --git a/CodeIgniter-3.1.13/application/models/Search_model.php b/CodeIgniter-3.1.13/application/models/Search_model.php index 7e8fb61..4b15113 100644 --- a/CodeIgniter-3.1.13/application/models/Search_model.php +++ b/CodeIgniter-3.1.13/application/models/Search_model.php @@ -15,10 +15,9 @@ class Search_model extends CI_Model { JOIN album ON track.albumid = album.id JOIN artist ON album.artistid = artist.id JOIN cover ON album.coverid = cover.id - WHERE song.name LIKE '%$query%' + WHERE song.name LIKE ? ORDER BY song.name ASC"; - - $query = $this->db->query($sql); + $query = $this->db->query($sql, array('%' . $query . '%')); return $query->result(); } @@ -28,22 +27,21 @@ class Search_model extends CI_Model { JOIN artist ON album.artistid = artist.id JOIN genre ON album.genreid = genre.id JOIN cover ON album.coverid = cover.id - WHERE album.name LIKE '%$query%' + WHERE album.name LIKE ? ORDER BY album.name ASC"; - - $query = $this->db->query($sql); + $query = $this->db->query($sql, array('%' . $query . '%')); return $query->result(); } public function searchGenres($query){ - $sql = "SELECT id, name FROM genre WHERE name LIKE '%$query%' ORDER BY name ASC"; - $query = $this->db->query($sql); + $sql = "SELECT id, name FROM genre WHERE name LIKE ? ORDER BY name ASC"; + $query = $this->db->query($sql, array('%' . $query . '%')); return $query->result(); } public function searchArtistes($query){ - $sql = "SELECT id, name FROM artist WHERE name LIKE '%$query%' ORDER BY name ASC"; - $query = $this->db->query($sql); + $sql = "SELECT id, name FROM artist WHERE name LIKE ? ORDER BY name ASC"; + $query = $this->db->query($sql, array('%' . $query . '%')); return $query->result(); } } diff --git a/CodeIgniter-3.1.13/application/views/artists_list.php b/CodeIgniter-3.1.13/application/views/artists_list.php index 6310747..e77137d 100644 --- a/CodeIgniter-3.1.13/application/views/artists_list.php +++ b/CodeIgniter-3.1.13/application/views/artists_list.php @@ -3,7 +3,7 @@ - + Liste des Artistes - Onzeur diff --git a/CodeIgniter-3.1.13/application/views/search_results.php b/CodeIgniter-3.1.13/application/views/search_results.php index 830b882..5143211 100644 --- a/CodeIgniter-3.1.13/application/views/search_results.php +++ b/CodeIgniter-3.1.13/application/views/search_results.php @@ -6,13 +6,17 @@ Résultats de la recherche -

Résultats de la recherche pour ""

+

Résultats de la recherche pour ""

+ + +

+

Musiques

@@ -21,7 +25,7 @@

Albums

@@ -30,7 +34,7 @@

Genres

@@ -39,7 +43,7 @@

Artistes

diff --git a/CodeIgniter-3.1.13/assets/css/artists_list.css b/CodeIgniter-3.1.13/assets/css/artists_list.css index 23c6e55..740c158 100644 --- a/CodeIgniter-3.1.13/assets/css/artists_list.css +++ b/CodeIgniter-3.1.13/assets/css/artists_list.css @@ -1,24 +1,21 @@ +/* Styles généraux */ body { font-family: Arial, sans-serif; - background-color: #f0f0f0; margin: 0; padding: 0; + background-color: #f8f8f8; } .artist-list-container { - max-width: 800px; - margin: 20px auto; + max-width: 1200px; + margin: 0 auto; padding: 20px; - background-color: #ffffff; - border-radius: 8px; - box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } .artist-list-container h1 { - font-size: 2em; - margin-bottom: 10px; + color: #6a0dad; text-align: center; - color: #800080; /* Couleur violette */ + margin-top: 20px; } .sort-options { @@ -27,53 +24,68 @@ body { } .sort-options a { + color: #6a0dad; text-decoration: none; - color: #8c00ff; margin: 0 10px; + transition: color 0.3s ease; } .sort-options a:hover { - text-decoration: underline; + color: #4a0772; } .artist-list { + display: flex; + flex-wrap: wrap; + justify-content: space-between; list-style-type: none; padding: 0; } .artist-list li { - display: flex; - align-items: center; - padding: 10px 0; - border-bottom: 1px solid #ddd; + width: 30%; + margin-bottom: 20px; } -.artist-list li:last-child { - border-bottom: none; +.artist-details { + background-color: #fff; + border-radius: 8px; + box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1); + overflow: hidden; + transition: transform 0.3s ease; + padding: 10px; + text-align: center; } -.artist-list .artist-details { - display: flex; - flex-direction: column; +.artist-details:hover { + transform: translateY(-5px); } -.artist-list .artist-details h2 { - font-size: 1.2em; - margin: 0; +.artist-details h2 { + color: #6a0dad; + font-size: 1.5em; + margin: 10px 0; } -.artist-list .artist-details p { - font-size: 1em; - margin: 5px 0; - color: #666; -} - -.artist-list .artist-details a { +.artist-details a { + color: #6a0dad; text-decoration: none; - color: #8c00ff; + transition: color 0.3s ease; } -.artist-list .artist-details a:hover { - text-decoration: underline; +.artist-details a:hover { + color: #4a0772; } +/* Responsive styles */ +@media screen and (max-width: 768px) { + .artist-list li { + width: 45%; + } +} + +@media screen and (max-width: 576px) { + .artist-list li { + width: 100%; + } +}