Mercurial > defr > DualBlog
changeset 65:434751e80c88
Utilisation de la classe Requete dans tb.php
Cela permet de gérer automatiquement l'ajout des quotes si on a pas de
magic_quotes notamment, empechant les injections SQL :-)
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 11 Mar 2008 16:33:07 +0100 |
| parents | d4f26e9767bf |
| children | 4723204733ef |
| files | tb.php |
| diffstat | 1 files changed, 5 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/tb.php Tue Mar 11 08:16:11 2008 -0700 +++ b/tb.php Tue Mar 11 16:33:07 2008 +0100 @@ -1,13 +1,14 @@ <?php header("Content-Type: text/xml"); echo("<?xml version='1.0' encoding='utf-8'?>"); - include("classes.php"); + require_once("classes.php"); + $Req = new Requete(); $id = $_GET['id']; $Data->Query("SELECT * FROM Messages WHERE num_mess=$id"); $post_infos = $Data->GetRow(); - $titre = array_key_exists("title", $_POST)?$_POST['title']:"Undefined"; - $url = array_key_exists("url", $_POST)?$_POST['url']:"#"; - $info = array_key_exists("__info", $_POST)?$_POST['__info']:-1; + $titre = $Req->Get('title', 'POST', 'Undefined'); + $url = $Req->Get('url', 'POST', '#'); + $info = $Req->Get('__info', 'POST', -1); if($info == 1) { $error = 0; $message = "Some informations";