diff --git a/admin/student_editor.php b/admin/student_editor.php
index b363f79c..e68aac03 100644
--- a/admin/student_editor.php
+++ b/admin/student_editor.php
@@ -151,26 +151,26 @@ function students_save()
 			}
 			// INSERT new record
 			$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
-			$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?"
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?)");
+			$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (
+				?, 
+				?, 
+				?, 
+				?, 
+				?,
+				?,
+				?,
+				?, 
+				?,
+				?,
+				?,
+				?,
+				?,
+				?,
+				?,
+				?,
+				?,
+				?,
+				?)');
 			$stmt->execute([$registrations_id,iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])),
 			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])),stripslashes($_POST['sex'][$x]),
 			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])),
@@ -192,37 +192,47 @@ function students_save()
 
 			// UPDATE existing record
 			$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
-			$stmt = $pdo->prepare('UPDATE students SET '
-				. "firstname=?, "
-				. "lastname=?, "
-				. "sex=/, "
-				. "email=?, "
-				. "address=?, "
-				. "city=?, "
-				. "province=?, "
-				. "postalcode=?, "
-				. "phone=?, "
-				. "dateofbirth=?, "
-				. "grade=?, "
-				. "?"
-				. "medicalalert=?, "
-				. "foodreq=?, "
-				. "teachername=?, "
-				. "teacheremail=?, "
-				. "tshirt=/ "
-				. "WHERE id=?");
-			$stmt->execute([iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])),
-			stripslashes($_POST['sex'][$x]),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])),
-			stripslashes($_POST['postalcode'][$x]),stripslashes($_POST['phone'][$x]),
-			$dob,stripslashes($_POST['grade'][$x]),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $schoolquery,stripslashes($_POST['medicalalert'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['foodreq'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])),
-			iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])),
-			stripslashes($_POST['tshirt'][$x]),$_POST['id'][$x]]);
+			$stmt = $pdo->prepare('UPDATE students SET 
+				firstname=?, 
+				lastname=?, 
+				sex=?, 
+				email=?, 
+				address=?, 
+				city=?, 
+				province=?, 
+				postalcode=?, 
+				phone=?, 
+				dateofbirth=?, 
+				grade=?, 
+				schoolquery=?, 
+				medicalalert=?, 
+				foodreq=?, 
+				teachername=?, 
+				teacheremail=?, 
+				tshirt=? 
+				WHERE id=?');
+
+			$stmt->execute([
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])),
+				stripslashes($_POST['sex'][$x]),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])),
+				stripslashes($_POST['postalcode'][$x]),
+				stripslashes($_POST['phone'][$x]),
+				$dob,
+				stripslashes($_POST['grade'][$x]),
+				$schoolquery,  
+				stripslashes($_POST['medicalalert'][$x]),
+				stripslashes($_POST['foodreq'][$x]),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])),
+				iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])),
+				stripslashes($_POST['tshirt'][$x]),
+				$_POST['id'][$x]
+			]);
+
 			happy_('%1 %2 successfully updated', array(iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $_POST['firstname'][$x]), iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $_POST['lastname'][$x])));
 		}
 		$x++;
diff --git a/judge.inc.php b/judge.inc.php
index c830ed75..8798c75c 100644
--- a/judge.inc.php
+++ b/judge.inc.php
@@ -93,8 +93,8 @@ function judge_status_questions($u)
 
 	$rval = 'complete';
 	if (count($idList)) {
-		$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(?) AND users_id=? AND answer IS NOT NULL');
-		$q->execute([implode(',', $idList),$u['id']]);
+		$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(' . implode(',', $idList) . ') AND users_id=? AND answer IS NOT NULL');
+		$q->execute([$u['id']]);
 		$row = $q->fetch(PDO::FETCH_ASSOC);
 		if (intval($row['tally']) != count($idList))
 			$rval = 'incomplete';
@@ -148,9 +148,8 @@ function judge_status_availability(&$u)
 	if ($config['judges_availability_enable'] == 'no')
 		return 'complete';
 
-	$q = $pdo->prepare("SELECT id FROM judges_availability 
-			WHERE users_id=\"?\"");
-	$q->execute([$u['id']]);
+		$q = $pdo->prepare("SELECT id FROM judges_availability WHERE users_id=?");
+		$q->execute([$u['id']]);		
 	if ($q->rowCount() > 0)
 		return 'complete';
 
diff --git a/questions.inc.php b/questions.inc.php
index c5c4090c..421d4775 100644
--- a/questions.inc.php
+++ b/questions.inc.php
@@ -180,11 +180,11 @@ function questions_update_question($qs)
 	global $pdo;
 	$qs['ord'] = $qs['ord'] ?? '';
 	$stmt = $pdo->prepare("UPDATE questions SET 
-			`question`=?,
-			`type`=?,
-			`db_heading`=?,
-			`required`=?,
-			`ord`=?
+			question=?,
+			type=?,
+			db_heading=?,
+			required=?,
+			ord=?
 			WHERE id=?");
 	$stmt->execute([$qs['question'], $qs['type'], $qs['db_heading'], $qs['required'], intval($qs['ord']), $qs['id']]);
 	show_pdo_errors_if_any($pdo);
@@ -193,15 +193,7 @@ function questions_update_question($qs)
 function questions_save_new_question($qs, $year)
 {
 	global $pdo;
-	$stmt = $pdo->prepare('INSERT INTO questions '
-		. '(question,type,section,db_heading,required,ord,year) VALUES (
-		?,
-		?,
-		?,
-		?,
-		?,
-		?,
-		?)');
+	$stmt = $pdo->prepare('INSERT INTO questions (question,type,section,db_heading,required,ord,year) VALUES (?,?,?,?,?,?,?)');
 	$stmt->execute([$qs['question'],$qs['type'],$qs['section'],$qs['db_heading'],$qs['required'],$year]);
 	show_pdo_errors_if_any($pdo);
 }
diff --git a/scripts/rolloverschools.php b/scripts/rolloverschools.php
index 85ba499f..f8802653 100644
--- a/scripts/rolloverschools.php
+++ b/scripts/rolloverschools.php
@@ -44,8 +44,8 @@ function roll($currentfairyear, $newfairyear, $table, $fields)
 			$vals .= ",'" . $r[$f] . "'";
 		}
 
-		$stmt = $pdo->prepare("INSERT INTO ?(`year`,?) VALUES (??)");
-		$stmt->execute([$table,$names,$newfairyear,$vals]);
+		$stmt = $pdo->prepare("INSERT INTO $table(`year`,?) VALUES (?,?)");
+		$stmt->execute([$names,$newfairyear,$vals]);
 		show_pdo_errors_if_any($pdo);
 	}
 }
diff --git a/tableeditor.class.php b/tableeditor.class.php
index 55875d3a..9bd49714 100644
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@@ -465,11 +465,11 @@ class TableEditor
 		foreach ($this->editfields AS $f => $n)
 			$query .= ", ?";
 		$query .= " FROM ?";
-		$query .= " WHERE ?=?";
+		$query .= " WHERE {$this->primaryKey}=?";		
 		if ($this->DEBUG)
 			echo $query;
 		$editquery = $pdo->prepare($query);
-		$editquery->execute([$this->primaryKey,$f,$this->table,$this->primaryKey,$_GET['edit']]);
+		$editquery->execute([$this->primaryKey,$f,$this->table,$_GET['edit']]);
 		$editdata = $editquery->fetch(PDO::FETCH_ASSOC);
 		return $editdata;
 	}
@@ -504,20 +504,20 @@ class TableEditor
 		if ($insert_mode) {
 			$query .= ')';
 		} else {
-			$query .= " WHERE ?=?";
-		}
+			
+			$query .= " WHERE {$this->primaryKey}=?";		}
 
 		if ($this->DEBUG)
 			echo $query;
 		$stmt = $pdo->prepare($query);
-		$stmt->execute([$this->primaryKey,$keyval]);
+		$stmt->execute($keyval);
 	}
 
 	function defaultDelete($keyval)
 	{
 		global $pdo;
-		$stmt = $pdo->prepare("DELETE FROM ? WHERE ?=?");
-		$stmt->execute([$this->table,$this->primaryKey,$keyval]);
+		$stmt = $pdo->prepare("DELETE FROM $this->table WHERE {$this->primaryKey}=?");
+		$stmt->execute([$keyval]);
 		echo happy(i18n('Successfully deleted %1', array($this->recordType)));
 	}