add js input rules

post.php

@@ -9,30 +9,30 @@ try {
 }
 //UPDATE `projetphp` SET `security_level` = '6' WHERE `projetphp`.`login` = 'aaazzze';
 if(isset($_POST["updatePW"], $_POST["datene"], $_POST["email"], $_POST["pw"], $_POST["sl"], $_POST["login"]))
-  if($_POST["updatePW"] == "true")
+  if(htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true")
   {
     $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login');
     $req->execute(array(
-      'datene' => $_POST["datene"],
-      'email' => $_POST["email"],
-      'pw' => md5($_POST["pw"]),
-      'sl' => $_POST["sl"],
-      'login' => $_POST["login"],
+      'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
+      'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
+      'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),
+      'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
+      'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
     ));
     $ret["return"] = true;
-    $ret["pw"] = md5($_POST["pw"]);
+    $ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));
   }
   else
   {
     $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login');
     $req->execute(array(
-      'datene' => $_POST["datene"],
-      'email' => $_POST["email"],
-      'sl' => $_POST["sl"],
-      'login' => $_POST["login"],
+      'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
+      'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
+      'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'),
+      'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
     ));
     $ret["return"] = true;
-    $ret["pw"] = $_POST["pw"];
+    $ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8');
   }
 else;