diff --git a/api.php b/api.php
index 70f2e26..7c6ef70 100644
--- a/api.php
+++ b/api.php
@@ -28,7 +28,7 @@ function makeStableId($title, $year) {
 
 function checkAuth($pdo) {
     $stmtCheck = $pdo->query("SELECT COUNT(*) FROM users");
-    if ($stmtCheck->fetchColumn() == 0) return true; // Laisse passer si aucun admin n'est défini
+    if ($stmtCheck->fetchColumn() == 0) return true; 
 
     $token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
     if ($token !== md5(ENCRYPTION_KEY . 'session')) {
@@ -86,11 +86,18 @@ switch ($action) {
         
         $id = !empty($data['id']) ? $data['id'] : makeStableId($data['title'], $data['year'] ?? '0000');
         
+        // BUG CORRIGÉ : Utilisation de ON DUPLICATE KEY UPDATE pour ne pas écraser les colonnes comme 'created_at'
         if ($type === 'critique') {
-            $stmt = $pdo->prepare("REPLACE INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
+            $sql = "INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) 
+                    VALUES (?, ?, ?, ?, ?, ?, ?, ?) 
+                    ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)";
+            $stmt = $pdo->prepare($sql);
             $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['rating'], $data['review'], $data['streaming']]);
         } else {
-            $stmt = $pdo->prepare("REPLACE INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
+            $sql = "INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) 
+                    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) 
+                    ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)";
+            $stmt = $pdo->prepare($sql);
             $stmt->execute([$id, $data['title'], $data['year'], $data['director'], $data['poster'], $data['format'], $data['length'], $data['publisher'], $data['ean_isbn13'], $data['number_of_discs'], $data['aspect_ratio'], $data['description']]);
         }
         echo json_encode(["success" => true]);
@@ -115,4 +122,34 @@ switch ($action) {
             echo json_encode(["success" => true]);
         }
         break;
+
+    // BUG CORRIGÉ : Ajout de l'endpoint manquant pour l'import CSV
+    case 'import_csv':
+        checkAuth($pdo);
+        if (isset($_FILES['csv_file'])) {
+            $file = $_FILES['csv_file']['tmp_name'];
+            $type = $_POST['type'] ?? 'critique';
+            
+            if (($handle = fopen($file, "r")) !== FALSE) {
+                $header = fgetcsv($handle, 0, ",");
+                while (($row = fgetcsv($handle, 0, ",")) !== FALSE) {
+                    $rowData = array_combine($header, $row);
+                    $id = !empty($rowData['id']) ? $rowData['id'] : makeStableId($rowData['title'] ?? '', $rowData['year'] ?? '0000');
+                    
+                    if ($type === 'critique') {
+                        $stmt = $pdo->prepare("INSERT INTO critiques (id, title, year, director, poster, rating, review, streaming) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), rating=VALUES(rating), review=VALUES(review), streaming=VALUES(streaming)");
+                        $stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['rating']??3, $rowData['review']??'', $rowData['streaming']??'']);
+                    } else {
+                        $stmt = $pdo->prepare("INSERT INTO videotheque (id, title, year, director, poster, format, length, publisher, ean_isbn13, number_of_discs, aspect_ratio, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE title=VALUES(title), year=VALUES(year), director=VALUES(director), poster=VALUES(poster), format=VALUES(format), length=VALUES(length), publisher=VALUES(publisher), ean_isbn13=VALUES(ean_isbn13), number_of_discs=VALUES(number_of_discs), aspect_ratio=VALUES(aspect_ratio), description=VALUES(description)");
+                        $stmt->execute([$id, $rowData['title']??'', $rowData['year']??'', $rowData['director']??'', $rowData['poster']??'', $rowData['format']??'', $rowData['length']??'', $rowData['publisher']??'', $rowData['ean_isbn13']??'', $rowData['number_of_discs']??1, $rowData['aspect_ratio']??'', $rowData['description']??'']);
+                    }
+                }
+                fclose($handle);
+            }
+            echo json_encode(["success" => true]);
+        } else {
+            http_response_code(400);
+            echo json_encode(["error" => "Aucun fichier reçu."]);
+        }
+        break;
 }
\ No newline at end of file