added protection on insert in database

gestion/saisieCandidats.php

@@ -12,9 +12,9 @@ $idVote = getpost("idVote");
 $candidat = getpost("candidat");
 $libelle = getpost("libelle");
 
-if (!empty($idCandidat))
+if (!empty($candidat))
 {
-	$query = "INSERT INTO liste_candidats VALUES (0, " . $idVotation . ", " . $idVote . ",'" . $libelle . "', '". $candidat . "')";
+	$query = "INSERT INTO liste_candidats VALUES (0, " . $db->protect($idVotation) . ", " . $db->protect($idVote) . ",'" . $db->protect($libelle) . "', '". $db->protect($candidat) . "')";
 	$db->query($query);
 	header("Location: " . $$base_url . "/" . $path , TRUE, 301);
 	return;

gestion/saisieVotation.php

@@ -24,7 +24,7 @@ $dateFin	= getpost("dateFin");
 if ($titre !== null and $libelle!== null and $dateDebut!== null and $dateFin !== null)
 {
 	$db = new db();
-	$query = "INSERT INTO liste_votations VALUES(0, '" . $titre . "', '" . $libelle . "', '0', '" . $dateDebut . "', '" . $dateFin . "')";    // clotûre
+	$query = "INSERT INTO liste_votations VALUES(0, '" . $db->protect($titre) . "', '" . $db->protect($libelle) . "', '0', '" . $db->protect($dateDebut) . "', '" . $db->protect($dateFin) . "')";    // clotûre
 	$db->query($query);
 	$db->close();
 	// TODO retour à l'index

gestion/saisieVotes.php

@@ -16,7 +16,7 @@ if (!empty($idVotation))
 {
 	if (!empty($method) and !empty($libelle))
 	{
-		$query = "INSERT INTO liste_votes VALUES (0, '" . $libelle . "', " . $method . "," . $idVotation . ")";
+		$query = "INSERT INTO liste_votes VALUES (0, '" . $db->protect($libelle) . "', " . $db->protect($method) . "," . $db->protect($idVotation) . ")";
 		$db->query($query);
 		header("Location: " . $$base_url . "/" . $path , TRUE, 301);
 		return;