stiti/SAE_2.02
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correction du model de recherche pour eviter les injections SQL

Browse Source
This commit is contained in:
stiti
2024-05-23 09:59:04 +02:00
parent cf13b7dc62
commit f4c70a8ab7
6 changed files with 81 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CodeIgniter-3.1.13/application/controllers/Artiste.php
View File

@@ -13,7 +13,7 @@ class Artiste extends CI_Controller {
public function index($artiste_id){
// Récupérer les détails de l'artiste
$artiste = $this->Model_artist->getArtisteById($artiste_id);
$mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id); // Correction ici
$mostUsedGenre = $this->Model_music->getMostUsedGenreByArtist($artiste_id);
if($artiste){
// Récupérer tous les albums de l'artiste

18
CodeIgniter-3.1.13/application/controllers/Search.php
View File

@@ -13,6 +13,22 @@ class Search extends CI_Controller {
// Récupérer la requête de recherche depuis la barre de recherche
$query = $this->input->get('query');
// Vérifier que la requête de recherche n'est pas vide
if (empty($query)) {
// Charger la vue avec un message d'erreur
$data['query'] = $query;
$data['musiques'] = [];
$data['albums'] = [];
$data['genres'] = [];
$data['artistes'] = [];
$data['error'] = "La requête de recherche ne peut pas être vide.";
$this->load->view('layout/header_not_logged_dark');
$this->load->view('search_results', $data);
$this->load->view('layout/footer_dark');
return;
}
// Faire une recherche dans les musiques, les albums, les genres et les artistes
$musiques = $this->Search_model->searchMusiques($query);
$albums = $this->Search_model->searchAlbums($query);
@@ -30,4 +46,4 @@ class Search extends CI_Controller {
$this->load->view('search_results', $data);
$this->load->view('layout/footer_dark');
}
}
}

18
CodeIgniter-3.1.13/application/models/Search_model.php
View File

@@ -15,10 +15,9 @@ class Search_model extends CI_Model {
JOIN album ON track.albumid = album.id
JOIN artist ON album.artistid = artist.id
JOIN cover ON album.coverid = cover.id
WHERE song.name LIKE '%$query%'
WHERE song.name LIKE ?
ORDER BY song.name ASC";
$query = $this->db->query($sql);
$query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result();
}
@@ -28,22 +27,21 @@ class Search_model extends CI_Model {
JOIN artist ON album.artistid = artist.id
JOIN genre ON album.genreid = genre.id
JOIN cover ON album.coverid = cover.id
WHERE album.name LIKE '%$query%'
WHERE album.name LIKE ?
ORDER BY album.name ASC";
$query = $this->db->query($sql);
$query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result();
}
public function searchGenres($query){
$sql = "SELECT id, name FROM genre WHERE name LIKE '%$query%' ORDER BY name ASC";
$query = $this->db->query($sql);
$sql = "SELECT id, name FROM genre WHERE name LIKE ? ORDER BY name ASC";
$query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result();
}
public function searchArtistes($query){
$sql = "SELECT id, name FROM artist WHERE name LIKE '%$query%' ORDER BY name ASC";
$query = $this->db->query($sql);
$sql = "SELECT id, name FROM artist WHERE name LIKE ? ORDER BY name ASC";
$query = $this->db->query($sql, array('%' . $query . '%'));
return $query->result();
}
}

2
CodeIgniter-3.1.13/application/views/artists_list.php
View File

@@ -3,7 +3,7 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="<?php echo base_url('assets/css/artists_list'); ?>">
<link rel="stylesheet" href="<?php echo base_url('assets/css/artists_list.css'); ?>">
<title>Liste des Artistes - Onzeur</title>
</head>
<body>

14
CodeIgniter-3.1.13/application/views/search_results.php
View File

@@ -6,13 +6,17 @@
<title>Résultats de la recherche</title>
</head>
<body>
<h2>Résultats de la recherche pour "<?php echo $query; ?>"</h2>
<h2>Résultats de la recherche pour "<?php echo htmlspecialchars($query, ENT_QUOTES, 'UTF-8'); ?>"</h2>
<?php if (!empty($error)): ?>
<p><?php echo $error; ?></p>
<?php endif; ?>
<?php if (!empty($musiques)): ?>
<h3>Musiques</h3>
<ul>
<?php foreach($musiques as $musique): ?>
<li><?php echo $musique->name; ?> - <?php echo $musique->artistName; ?></li>
<li><?php echo htmlspecialchars($musique->name, ENT_QUOTES, 'UTF-8'); ?> - <?php echo htmlspecialchars($musique->artistName, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
@@ -21,7 +25,7 @@
<h3>Albums</h3>
<ul>
<?php foreach($albums as $album): ?>
<li><?php echo $album->name; ?> by <?php echo $album->artistName; ?></li>
<li><?php echo htmlspecialchars($album->name, ENT_QUOTES, 'UTF-8'); ?> by <?php echo htmlspecialchars($album->artistName, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
@@ -30,7 +34,7 @@
<h3>Genres</h3>
<ul>
<?php foreach($genres as $genre): ?>
<li><?php echo $genre->name; ?></li>
<li><?php echo htmlspecialchars($genre->name, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
@@ -39,7 +43,7 @@
<h3>Artistes</h3>
<ul>
<?php foreach($artistes as $artiste): ?>
<li><?php echo $artiste->name; ?></li>
<li><?php echo htmlspecialchars($artiste->name, ENT_QUOTES, 'UTF-8'); ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>