diff options
Diffstat (limited to 'beta_accents/app/poppersonne.php')
| -rw-r--r-- | beta_accents/app/poppersonne.php | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/beta_accents/app/poppersonne.php b/beta_accents/app/poppersonne.php index e9225ba..a983441 100644 --- a/beta_accents/app/poppersonne.php +++ b/beta_accents/app/poppersonne.php @@ -8,7 +8,7 @@ if(isset($_GET['idR'])) echo "Participants de la réunion"; <div class="popup_contenu"> <?php -//Pour la création de la liste et initialisation du propriétaire +//Pour la création de la liste et initialisation du propriétaire echo "<form id=\"formpersonne\" action=\"\" method=\"get\" onsubmit=\"return ("; $isOwner= false; @@ -24,8 +24,9 @@ if (!isset($_GET['idL'])) else { echo "dataListe('participants','dataParticipants'));\">"; - if (isset($_GET['idR'])) $req = "SELECT * FROM AWOR_Liste L,AWOR_Reunion R WHERE (L.idP_Createur=".$_GET['idP_orga']." OR R.idP_Orga=".$_GET['idP_orga'].") AND R.idL=L.idL"; - else $req = "SELECT * FROM AWOR_Liste L,AWOR_Reunion R WHERE L.idL=".$_GET['idL']." AND L.idP_Createur=".$_GET['idP_orga']; + if (isset($_GET['idR'])) $req = "SELECT L.idL FROM AWOR_Liste L,AWOR_Reunion R WHERE (L.idP_Createur=".$_GET['idP_orga']." OR R.idP_Orga=".$_GET['idP_orga'].") AND R.idL=L.idL"; + // TODO : VERIFIER le select juste au dessous : table réunion inutile ???? Reunion ??? + else $req = "SELECT L.idL FROM AWOR_Liste L,AWOR_Reunion R WHERE L.idL=".$_GET['idL']." AND L.idP_Createur=".$_GET['idP_orga']; $result = mysql_query($req); if (mysql_num_rows($result)>0) { @@ -55,8 +56,8 @@ else for($i=0;$i<mysql_num_rows($result);$i++) { $row = mysql_fetch_array($result); - echo '<option value="'.$row[0].'">'; - echo $row[1]; + echo '<option value="'.htmlentities($row[0],ENT_QUOTES).'">'; + echo htmlentities($row[1],ENT_QUOTES); echo '</option>'; } } @@ -90,8 +91,8 @@ else for($i=0;$i<mysql_num_rows($result);$i++) { $row = mysql_fetch_array($result); - echo '<option value="'.$row[0].'">'; - if ($row[2] !== "" & $row[3] !== "") echo $row[2] . " " . $row[3]; else echo $row[1]; + echo '<option value="'.htmlentities($row[0],ENT_QUOTES).'">'; + echo htmlentities($row[2],ENT_QUOTES) . " " . htmlentities($row[3],ENT_QUOTES); echo '</option>'; } } |