diff --git a/entities/project_entity.php b/entities/project_entity.php
index cb8548a..fc9ba31 100644
--- a/entities/project_entity.php
+++ b/entities/project_entity.php
@@ -17,7 +17,7 @@ class Project extends Entity{
     private int     $_user;
     private int     $_category;
     private string  $_creatorname;
-    private string  $_user_image;
+    private ?string  $_user_image;
 
 
     /**
diff --git a/env b/env
index af95f41..1ba2754 100644
--- a/env
+++ b/env
@@ -4,4 +4,8 @@ DB_CONNECTION=mysql
 DB_HOSTNAME=boulayoune.com
 DB_DATABASE=projet_folliow
 DB_USERNAME=
-DB_PASSWORD=
\ No newline at end of file
+DB_PASSWORD=
+
+# image path
+IMG_PROJECT_PATH = uploads/projects/
+IMG_USER_PATH = uploads/profiles/
\ No newline at end of file
diff --git a/models/mother_model.php b/models/mother_model.php
index 59eea4f..9b58aba 100644
--- a/models/mother_model.php
+++ b/models/mother_model.php
@@ -23,14 +23,14 @@
 	}
 	
 	/**
-	Pour passer sur le serveur de YASS:
+	*Pour passer sur le serveur de YASS:
 		*"mysql:host=boulayoune.com;dbname=projet_folliow", // Serveur et BDD
-		"projet_user", //Nom d'utilisateur de la base de données
-		"F0lliowRules!",// Mot de passe de la base de données
-		Site pour BDD: https://phpmyadmin.boulayoune.com/index.php?route=/sql&pos=0&db=projet_folliow&table=project
+		*"projet_user", //Nom d'utilisateur de la base de données
+		*"F0lliowRules!",// Mot de passe de la base de données
+		*Site pour BDD: https://phpmyadmin.boulayoune.com/index.php?route=/sql&pos=0&db=projet_folliow&table=project
 		
-	Pour passer en local:
-		"mysql:host=localhost;dbname=projet_folliow", // Serveur et BDD
-		"root", //Nom d'utilisateur de la base de données
-		"",// Mot de passe de la base de données
+	*Pour passer en local:
+		*"mysql:host=localhost;dbname=projet_folliow", // Serveur et BDD
+		*"root", //Nom d'utilisateur de la base de données
+		*"",// Mot de passe de la base de données
 	*/
\ No newline at end of file
diff --git a/models/project_model.php b/models/project_model.php
index 56b88d2..6b16644 100644
--- a/models/project_model.php
+++ b/models/project_model.php
@@ -16,72 +16,90 @@
 		* @return array
 		*/	
 		public function findAll(int $intLimit=0, string $strKeywords='', int $intAuthor=0, 
-						 int $intPeriod=0, string $strDate='', string $strStartDate='', 
-						 string $strEndDate='', int $intCategory=0, bool $bool6Months=false):array{
+                        int $intPeriod=0, string $strDate='', string $strStartDate='', 
+                        string $strEndDate='', int $intCategory=0, bool $boolOlderThan6Months=false): array {
+
 			
-			$strRq	= "SELECT project.*, 
+			$strRq = "SELECT project.*, 
 						CONCAT(user_firstname, ' ', user_name) AS 'project_creatorname',
 						user_image
 						FROM project
-							INNER JOIN users ON user_id = project_user_id";
-			
-			$strWhere	= " WHERE ";
+						INNER JOIN users ON user_id = project_user_id
+						WHERE 1=1";
 
-			// Recherche par mot clé avec quote pour éviter bug du '
 			if ($strKeywords != '') {
-				
-				$strSafeKeywords = $this->_db->quote("%" . $strKeywords . "%");
-
-				$strRq .= " WHERE (project_title LIKE ".$strSafeKeywords."
-								OR project_content LIKE ".$strSafeKeywords.") ";
-
-				//$boolWhere	= true;
-				$strWhere	= " AND ";
+				$strRq .= " AND (project_title LIKE :keywords OR project_content LIKE :keywords)";
 			}
-			
-			// Recherche par auteur
+
 			if ($intAuthor > 0){
-				$strRq .= $strWhere." user_id = ".$intAuthor;
-				$strWhere	= " AND ";
+				$strRq .= " AND project_user_id = :author";
 			}
 
-			// Recherche par catégorie
 			if ($intCategory > 0){
-				$strRq .= $strWhere." project_category = ".$intCategory;
-				$strWhere	= " AND ";
+				$strRq .= " AND project_category = :category";
 			}
 
-			//recherche par ancienneté
-			if ($bool6Months === true) {
-				$strRq .= $strWhere . " project_creation_date <= DATE_SUB(NOW(), INTERVAL 6 MONTH) ";
-				$strWhere = " AND ";
+			if ($boolOlderThan6Months === true) {
+				$strRq .= " AND project_creation_date <= DATE_SUB(NOW(), INTERVAL 6 MONTH)";
 			}
-			
-			// Recherche par dates
+
 			if ($intPeriod == 0){
 				if ($strDate != ''){
-					$strRq .= $strWhere." project_creation_date = '".$strDate."'";
+					$strRq .= " AND project_creation_date = :date_exacte";
 				}
-			}else{
+			} else {
 				if ($strStartDate != '' && $strEndDate != ''){
-					$strRq .= $strWhere." project_creation_date BETWEEN '".$strStartDate."' AND '".$strEndDate."'";
-				}else{
+					$strRq .= " AND project_creation_date BETWEEN :date_debut AND :date_fin";
+				} else {
 					if ($strStartDate != ''){
-						$strRq .= $strWhere." project_creation_date >= '".$strStartDate."'";
-					}else if ($strEndDate != ''){
-						$strRq .= $strWhere." project_creation_date <= '".$strEndDate."'";
+						$strRq .= " AND project_creation_date >= :date_debut";
+					} else if ($strEndDate != ''){
+						$strRq .= " AND project_creation_date <= :date_fin";
 					}
 				}
 			}
-			
+
 			$strRq .= " ORDER BY project_creation_date DESC";
 
 			if ($intLimit > 0){
-				$strRq  .= " LIMIT ".$intLimit;
+				$strRq .= " LIMIT :limit"; 
 			}
 
-			return $this->_db->query($strRq)->fetchAll();
+			$rqPrep = $this->_db->prepare($strRq);
+
+			if ($strKeywords != '') {
+				$rqPrep->bindValue(':keywords', '%' . $strKeywords . '%', PDO::PARAM_STR);
+			}
+			if ($intAuthor > 0){
+				$rqPrep->bindValue(':author', $intAuthor, PDO::PARAM_INT);
+			}
+			if ($intCategory > 0){
+				$rqPrep->bindValue(':category', $intCategory, PDO::PARAM_INT);
+			}
+			if ($intPeriod == 0){
+				if ($strDate != ''){
+					$rqPrep->bindValue(':date_exacte', $strDate, PDO::PARAM_STR);
+				}
+			} else {
+				if ($strStartDate != '' && $strEndDate != ''){
+					$rqPrep->bindValue(':date_debut', $strStartDate, PDO::PARAM_STR);
+					$rqPrep->bindValue(':date_fin', $strEndDate, PDO::PARAM_STR);
+				} else {
+					if ($strStartDate != ''){
+						$rqPrep->bindValue(':date_debut', $strStartDate, PDO::PARAM_STR);
+					} else if ($strEndDate != ''){
+						$rqPrep->bindValue(':date_fin', $strEndDate, PDO::PARAM_STR);
+					}
+				}
+			}
+			if ($intLimit > 0){
+				$rqPrep->bindValue(':limit', $intLimit, PDO::PARAM_INT);
+			}
+
+			$rqPrep->execute();
+			return $rqPrep->fetchAll();
 		}
+
 		
 		/**
 		* Fonction d'insertion d'un nouveau projet dans la bdd
@@ -128,12 +146,10 @@
 		
 		public function accept(int $id){
 
-			//SQL pour changer le status en accept
 			$strRq = "UPDATE project 
 						SET project_status= 'publié' 
 						WHERE project_id =".$id;
 
-			//retourne la commande
 			return $this->_db->query($strRq);
 		}
 
@@ -171,8 +187,6 @@
 			$rqPrep->bindValue(":description", $objProject->getDescription(), PDO::PARAM_STR);
 			$rqPrep->bindValue(":content", $objProject->getContent(), PDO::PARAM_STR);
 			
-
-			// Executer la requête
 			return $rqPrep->execute();
 		}
 	}
\ No newline at end of file
diff --git a/views/_partial/preview.tpl b/views/_partial/preview.tpl
index 026293b..201a922 100644
--- a/views/_partial/preview.tpl
+++ b/views/_partial/preview.tpl
@@ -61,7 +61,8 @@
 		<div class="border rounded text-center">
 			<a class="btn btn-sm m-1 btn-success" href="?ctrl=project&action=accept&id={$objProject->getId()}" name="toPublished">Accepter</a>
 			<a class="btn btn-sm m-1 btn-warning" href="?ctrl=project&action=refuse&id={$objProject->getId()}" name="toRefused">Refuser</a>
-			<a class="btn btn-sm m-1 btn-danger" href="?ctrl=project&action=delete&id={$objProject->getId()}" name="toDelete">Supprimer</a>
+			<a class="btn btn-sm m-1 btn-danger" href="?ctrl=project&action=delete&id={$objProject->getId()}" name="toDelete" onclick="return confirm('Attention ! Êtes-vous sûr de vouloir supprimer ce projet ? Cette action est irréversible.');">
+   Supprimer l'utilisateur>Supprimer</a>
 		</div>
 	{elseif $projectStatus eq "refusé"}
 		<p class="text-danger fw-bold">Portfolio refusé</p>