Onzeur/SAE_2.02
Onzeur/SAE_2.02
1
2
Fork 0
mirror of https://grond.iut-fbleau.fr/stiti/SAE_2.02 synced 2024-12-28 09:32:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Correction du model de recherche pour eviter les injections SQL

Browse Source
This commit is contained in:
stiti 2024-05-23 09:59:04 +02:00
parent cf13b7dc62
commit f4c70a8ab7
6 changed files with 81 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CodeIgniter-3.1.13/application/controllers/Artiste.php
View File

@ -13,7 +13,7 @@ class Artiste extends CI_Controller {
public function index($artiste_id){ public function index($artiste_id){
// Récupérer les détails de l'artiste // Récupérer les détails de l'artiste
$artiste = $this->Model_artist->getArtisteById($artiste_id); $artiste = $this->Model_artist->getArtisteById($artiste_id);
$mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id); // Correction ici $mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id);
if($artiste){ if($artiste){
// Récupérer tous les albums de l'artiste // Récupérer tous les albums de l'artiste

16
CodeIgniter-3.1.13/application/controllers/Search.php
View File

@ -13,6 +13,22 @@ class Search extends CI_Controller {
// Récupérer la requête de recherche depuis la barre de recherche // Récupérer la requête de recherche depuis la barre de recherche
$query = $this->input->get('query'); $query = $this->input->get('query');
// Vérifier que la requête de recherche n'est pas vide
if (empty($query)) {
// Charger la vue avec un message d'erreur
$data['query'] = $query;
$data['musiques'] = [];
$data['albums'] = [];
$data['genres'] = [];
$data['artistes'] = [];
$data['error'] = "La requête de recherche ne peut pas être vide.";
$this->load->view('layout/header_not_logged_dark');
$this->load->view('search_results', $data);
$this->load->view('layout/footer_dark');
return;
}
// Faire une recherche dans les musiques, les albums, les genres et les artistes // Faire une recherche dans les musiques, les albums, les genres et les artistes
$musiques = $this->Search_model->searchMusiques($query); $musiques = $this->Search_model->searchMusiques($query);
$albums = $this->Search_model->searchAlbums($query); $albums = $this->Search_model->searchAlbums($query);

18
CodeIgniter-3.1.13/application/models/Search_model.php
View File

@ -15,10 +15,9 @@ class Search_model extends CI_Model {
JOIN album ON track.albumid = album.id JOIN album ON track.albumid = album.id
JOIN artist ON album.artistid = artist.id JOIN artist ON album.artistid = artist.id
JOIN cover ON album.coverid = cover.id JOIN cover ON album.coverid = cover.id
WHERE song.name LIKE '%$query%' WHERE song.name LIKE ?
ORDER BY song.name ASC"; ORDER BY song.name ASC";
$query = $this->db->query($sql, array('%' . $query . '%'));
$query = $this->db->query($sql);
return $query->result(); return $query->result();
} }
@ -28,22 +27,21 @@ class Search_model extends CI_Model {
JOIN artist ON album.artistid = artist.id JOIN artist ON album.artistid = artist.id
JOIN genre ON album.genreid = genre.id JOIN genre ON album.genreid = genre.id
JOIN cover ON album.coverid = cover.id JOIN cover ON album.coverid = cover.id
WHERE album.name LIKE '%$query%' WHERE album.name LIKE ?
ORDER BY album.name ASC"; ORDER BY album.name ASC";
$query = $this->db->query($sql, array('%' . $query . '%'));
$query = $this->db->query($sql);
return $query->result(); return $query->result();
} }
public function searchGenres($query){ public function searchGenres($query){
$sql = "SELECT id, name FROM genre WHERE name LIKE '%$query%' ORDER BY name ASC"; $sql = "SELECT id, name FROM genre WHERE name LIKE ? ORDER BY name ASC";
$query = $this->db->query($sql); $query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result(); return $query->result();
} }
public function searchArtistes($query){ public function searchArtistes($query){
$sql = "SELECT id, name FROM artist WHERE name LIKE '%$query%' ORDER BY name ASC"; $sql = "SELECT id, name FROM artist WHERE name LIKE ? ORDER BY name ASC";
$query = $this->db->query($sql); $query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result(); return $query->result();
} }
} }

2
CodeIgniter-3.1.13/application/views/artists_list.php
View File

@ -3,7 +3,7 @@
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="<?php echo base_url('assets/css/artists_list'); ?>"> <link rel="stylesheet" href="<?php echo base_url('assets/css/artists_list.css'); ?>">
<title>Liste des Artistes - Onzeur</title> <title>Liste des Artistes - Onzeur</title>
</head> </head>
<body> <body>

14
CodeIgniter-3.1.13/application/views/search_results.php
View File

@ -6,13 +6,17 @@
<title>Résultats de la recherche</title> <title>Résultats de la recherche</title>
</head> </head>
<body> <body>
<h2>Résultats de la recherche pour "<?php echo $query; ?>"</h2> <h2>Résultats de la recherche pour "<?php echo htmlspecialchars($query, ENT_QUOTES, 'UTF-8'); ?>"</h2>
<?php if (!empty($error)): ?>
<p><?php echo $error; ?></p>
<?php endif; ?>
<?php if (!empty($musiques)): ?> <?php if (!empty($musiques)): ?>
<h3>Musiques</h3> <h3>Musiques</h3>
<ul> <ul>
<?php foreach($musiques as $musique): ?> <?php foreach($musiques as $musique): ?>
<li><?php echo $musique->name; ?> - <?php echo $musique->artistName; ?></li> <li><?php echo htmlspecialchars($musique->name, ENT_QUOTES, 'UTF-8'); ?> - <?php echo htmlspecialchars($musique->artistName, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
<?php endif; ?> <?php endif; ?>
@ -21,7 +25,7 @@
<h3>Albums</h3> <h3>Albums</h3>
<ul> <ul>
<?php foreach($albums as $album): ?> <?php foreach($albums as $album): ?>
<li><?php echo $album->name; ?> by <?php echo $album->artistName; ?></li> <li><?php echo htmlspecialchars($album->name, ENT_QUOTES, 'UTF-8'); ?> by <?php echo htmlspecialchars($album->artistName, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
<?php endif; ?> <?php endif; ?>
@ -30,7 +34,7 @@
<h3>Genres</h3> <h3>Genres</h3>
<ul> <ul>
<?php foreach($genres as $genre): ?> <?php foreach($genres as $genre): ?>
<li><?php echo $genre->name; ?></li> <li><?php echo htmlspecialchars($genre->name, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
<?php endif; ?> <?php endif; ?>
@ -39,7 +43,7 @@
<h3>Artistes</h3> <h3>Artistes</h3>
<ul> <ul>
<?php foreach($artistes as $artiste): ?> <?php foreach($artistes as $artiste): ?>
<li><?php echo $artiste->name; ?></li> <li><?php echo htmlspecialchars($artiste->name, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
<?php endif; ?> <?php endif; ?>

78
CodeIgniter-3.1.13/assets/css/artists_list.css
View File

@ -1,24 +1,21 @@
/* Styles généraux */
body { body {
font-family: Arial, sans-serif; font-family: Arial, sans-serif;
background-color: #f0f0f0;
margin: 0; margin: 0;
padding: 0; padding: 0;
background-color: #f8f8f8;
} }
.artist-list-container { .artist-list-container {
max-width: 800px; max-width: 1200px;
margin: 20px auto; margin: 0 auto;
padding: 20px; padding: 20px;
background-color: #ffffff;
border-radius: 8px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
} }
.artist-list-container h1 { .artist-list-container h1 {
font-size: 2em; color: #6a0dad;
margin-bottom: 10px;
text-align: center; text-align: center;
color: #800080; /* Couleur violette */ margin-top: 20px;
} }
.sort-options { .sort-options {
@ -27,53 +24,68 @@ body {
} }
.sort-options a { .sort-options a {
color: #6a0dad;
text-decoration: none; text-decoration: none;
color: #8c00ff;
margin: 0 10px; margin: 0 10px;
transition: color 0.3s ease;
} }
.sort-options a:hover { .sort-options a:hover {
text-decoration: underline; color: #4a0772;
} }
.artist-list { .artist-list {
display: flex;
flex-wrap: wrap;
justify-content: space-between;
list-style-type: none; list-style-type: none;
padding: 0; padding: 0;
} }
.artist-list li { .artist-list li {
display: flex; width: 30%;
align-items: center; margin-bottom: 20px;
padding: 10px 0;
border-bottom: 1px solid #ddd;
} }
.artist-list li:last-child { .artist-details {
border-bottom: none; background-color: #fff;
border-radius: 8px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
overflow: hidden;
transition: transform 0.3s ease;
padding: 10px;
text-align: center;
} }
.artist-list .artist-details { .artist-details:hover {
display: flex; transform: translateY(-5px);
flex-direction: column;
} }
.artist-list .artist-details h2 { .artist-details h2 {
font-size: 1.2em; color: #6a0dad;
margin: 0; font-size: 1.5em;
margin: 10px 0;
} }
.artist-list .artist-details p { .artist-details a {
font-size: 1em; color: #6a0dad;
margin: 5px 0;
color: #666;
}
.artist-list .artist-details a {
text-decoration: none; text-decoration: none;
color: #8c00ff; transition: color 0.3s ease;
} }
.artist-list .artist-details a:hover { .artist-details a:hover {
text-decoration: underline; color: #4a0772;
} }
/* Responsive styles */
@media screen and (max-width: 768px) {
.artist-list li {
width: 45%;
}
}
@media screen and (max-width: 576px) {
.artist-list li {
width: 100%;
}
}