Clean and protect get_sondage_from_id function

This commit is contained in:
Simon Leblanc 2011-05-15 01:43:25 +02:00
parent 475556c0e3
commit 2dd5ce6402

View File

@ -66,9 +66,16 @@ function get_sondage_from_id($id) {
global $connect; global $connect;
// Ouverture de la base de données // Ouverture de la base de données
if(preg_match(";^[\w\d]{16}$;i",$id)) { if(preg_match(";^[\w\d]{16}$;i",$id)) {
$sondage=$connect->Execute("SELECT sondage.*,sujet_studs.sujet FROM sondage". $sql = 'SELECT sondage.*,sujet_studs.sujet FROM sondage
" LEFT OUTER JOIN sujet_studs ON sondage.id_sondage = sujet_studs.id_sondage". LEFT OUTER JOIN sujet_studs ON sondage.id_sondage = sujet_studs.id_sondage
" WHERE sondage.id_sondage = $id"); WHERE sondage.id_sondage = '.$connect->Param('id_sondage');
$sql = $connect->Prepare($sql);
$sondage=$connect->Execute($sql, array($id));
if ($sondage === false) {
return false;
}
$psondage = $sondage->FetchObject(false); $psondage = $sondage->FetchObject(false);
$psondage->date_fin = strtotime($psondage->date_fin); $psondage->date_fin = strtotime($psondage->date_fin);
return $psondage; return $psondage;