array('option') ); //Connexion à la base de données @mysql_connect('localhost', 'root', '') or die('Connexion à la base de données impossible'); @mysql_select_db('twiip') or die('base de données inexistante'); $table = (isset($_GET['table']) ? $_GET['table'] : ''); $field = (isset($_GET['field']) ? $_GET['field'] : ''); $search = (isset($_GET['search']) ? $_GET['search'] : ''); if(isset($check[$table]) && in_array($field, $check[$table])){ //Vérification if($table && $field && $search){ $search = strtolower(mysql_escape_string($search)); header("content-type: application/xml"); echo ''; echo ''; $query = 'SELECT `'.$field.'` FROM `'.$table.'` WHERE lower(`'.$field.'`) LIKE "'.$search.'%" ORDER BY `'.$field.'`'; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ echo ' '.$row[$field].''; } echo ''; } } else{ die('Requête interdite'); } ?>