il y a 6 ans · df789aa8d9
--- a/classes/alter.class.php
+++ b/classes/alter.class.php
@@ -13,6 +13,7 @@ class Alter {
 
				
				     public static function addNews($author, $title, $content, $image, $type) {
			
 
				
				         $db = new DBClass();
			
 
				
				         $time = new DateTime();
			
 
				
				+        // Sanitize number
			
 
				
				         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);
			
 
				
				         $sql = "INSERT INTO `news` (`id`, `author`, `time`, `title`, `type`, `content`, `img`) VALUES (NULL, '$author', '" . $time->getTimestamp() . "', '$title', '$type', '$content', '$image');";
			
 
				
				         $db->query($sql);
			
@@ -22,6 +23,7 @@ class Alter {
 
				
				 
			
 
				
				     public static function editNews($id, $title, $content, $image, $type) {
			
 
				
				         $db = new DBClass();
			
 
				
				+        // Sanitize number
			
 
				
				         $type = filter_var(trim($type), FILTER_SANITIZE_NUMBER_INT);
			
 
				
				         if ($image != false) {
			
 
				
				             $sql = "UPDATE `news` SET `title` = '$title', `img` = '$image', `content` = '$content', `type` = '$type' WHERE `news`.`id` = $id;";