From 60324ff735358e2f17c5f32e55278f943399d176 Mon Sep 17 00:00:00 2001 From: Cedric Date: Thu, 18 Jun 2026 16:46:13 +0200 Subject: [PATCH] Actualiser api.php --- api.php | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/api.php b/api.php index 82a101f..85df296 100644 --- a/api.php +++ b/api.php @@ -16,13 +16,49 @@ try { PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC ]); + + // NOUVEAU : Création automatique des tables si elles n'existent pas + // Cela évite les erreurs SQL lors de la toute première exécution de l'application + $pdo->exec("CREATE TABLE IF NOT EXISTS users ( + id INT PRIMARY KEY, + username VARCHAR(50) NOT NULL, + password_hash VARCHAR(255) NOT NULL + )"); + + $pdo->exec("CREATE TABLE IF NOT EXISTS critiques ( + id BIGINT PRIMARY KEY, + title VARCHAR(255) NOT NULL, + year VARCHAR(10), + director VARCHAR(255), + poster TEXT, + rating INT DEFAULT 3, + review TEXT, + streaming VARCHAR(255) + )"); + + $pdo->exec("CREATE TABLE IF NOT EXISTS videotheque ( + id BIGINT PRIMARY KEY, + title VARCHAR(255) NOT NULL, + year VARCHAR(10), + director VARCHAR(255), + poster TEXT, + format VARCHAR(50), + length VARCHAR(50), + publisher VARCHAR(255), + ean_isbn13 VARCHAR(50), + number_of_discs INT DEFAULT 1, + aspect_ratio VARCHAR(50), + description TEXT + )"); + } catch (\PDOException $e) { echo json_encode(["error" => "Erreur BDD : " . $e->getMessage()]); exit; } +// CORRECTION : Protection contre les valeurs nulles function makeStableId($title, $year) { - $key = strtolower(trim($title)) . '|' . trim($year); + $key = strtolower(trim($title ?? '')) . '|' . trim($year ?? ''); return (abs(crc32($key)) % 2000000000) + 100000000; } @@ -42,7 +78,6 @@ $action = $_GET['action'] ?? ''; $data = json_decode(file_get_contents('php://input'), true) ?? []; switch ($action) { - // NOUVEAU : Endpoint pour vérifier si un admin existe (évite le crash de admin.js) case 'check_security_status': $stmt = $pdo->query("SELECT COUNT(*) FROM users"); echo json_encode(["is_blank" => ($stmt->fetchColumn() == 0)]); @@ -75,7 +110,6 @@ switch ($action) { break; case 'get_films': - // CORRECTION : Utilisation de ORDER BY id DESC au cas où created_at n'existe pas $crit = $pdo->query("SELECT *, 'critique' AS type FROM critiques ORDER BY id DESC")->fetchAll(); $video = $pdo->query("SELECT *, 'videotheque' AS type FROM videotheque ORDER BY id DESC")->fetchAll(); echo json_encode(array_merge($crit, $video)); @@ -86,20 +120,29 @@ switch ($action) { $type = $data['type'] ?? 'critique'; $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; - $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000'); + // CORRECTION : Protection avec `?? ''` sur les champs title et year + $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'] ?? '', $data['year'] ?? '0000'); if ($type === 'critique') { $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)"; $stmt = $pdo->prepare($sql); - $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]); + $stmt->execute([ + $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', + $data['poster'] ?? '', $data['rating'] ?? 3, $data['review'] ?? '', $data['streaming'] ?? '' + ]); } else { $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)"; $stmt = $pdo->prepare($sql); - $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]); + $stmt->execute([ + $id, $data['title'] ?? '', $data['year'] ?? '', $data['director'] ?? '', + $data['poster'] ?? '', $data['format'] ?? '', $data['length'] ?? '', + $data['publisher'] ?? '', $data['ean_isbn13'] ?? '', $data['number_of_discs'] ?? 1, + $data['aspect_ratio'] ?? '', $data['description'] ?? '' + ]); } echo json_encode(["success" => true]); break; @@ -124,12 +167,17 @@ switch ($action) { case 'bulk_delete': checkAuth($pdo); $ids = $data['ids'] ?? []; - $table = ($data['type'] === 'videotheque') ? 'videotheque' : 'critiques'; + // CORRECTION : Protection sur type pour éviter un warning PHP + $type = $data['type'] ?? 'critique'; + $table = ($type === 'videotheque') ? 'videotheque' : 'critiques'; + if (!empty($ids)) { $placeholders = implode(',', array_fill(0, count($ids), '?')); $stmt = $pdo->prepare("DELETE FROM $table WHERE id IN ($placeholders)"); $stmt->execute($ids); echo json_encode(["success" => true]); + } else { + echo json_encode(["success" => false, "error" => "Aucun élément sélectionné."]); } break;