arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

use prepare statements for final 4 files where possible

Browse Source
This commit is contained in:
Muad Sakah 2025-02-07 20:36:47 +00:00
parent e4edb741c1
commit 1411b97954
4 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admin/award_download.php
View File

@ -150,8 +150,8 @@ switch (get_value_from_array($_GET, 'action')) {
$sponsor_id = $sponsorr->id; $sponsor_id = $sponsorr->id;
} else { } else {
$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes) $q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes)
VALUES (?,?, Imported from external source: ?)"); VALUES (?,?,'" . "Imported from external source: $r->name" . "')");
$q->execute([$sponsor_str,$year,$r->name]); $q->execute([$sponsor_str,$year]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
$sponsor_id = $pdo->lastInsertId(); $sponsor_id = $pdo->lastInsertId();
} }
@ -242,7 +242,7 @@ switch (get_value_from_array($_GET, 'action')) {
trophystudentreturn =?, trophystudentreturn =?,
trophyschoolkeeper =?, trophyschoolkeeper =?,
trophyschoolreturn =? trophyschoolreturn =?
WHERE id = ?"); WHERE id =?");
$q->execute([ $q->execute([
intval($prize['cash']), intval($prize['cash']),

12
config/backuprestore.php
View File

@ -40,13 +40,13 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
$dump .= '#SFIAB FAIR NAME: ' . $config['fairname'] . "\n"; $dump .= '#SFIAB FAIR NAME: ' . $config['fairname'] . "\n";
$dump .= "#-------------------------------------------------\n"; $dump .= "#-------------------------------------------------\n";
$tableq = $pdo->prepare("SHOW TABLES FROM ?"); $tableq = $pdo->prepare("SHOW TABLES FROM $DBNAME");
$tableq->execute($DBNAME); $tableq->execute();
while ($tr = $tableq->fetch(PDO::FETCH_NUM)) { while ($tr = $tableq->fetch(PDO::FETCH_NUM)) {
$table = $tr[0]; $table = $tr[0];
$dump .= "#TABLE: $table\n"; $dump .= "#TABLE: $table\n";
$columnq = $pdo->prepare("SHOW COLUMNS FROM ?"); $columnq = $pdo->prepare("SHOW COLUMNS FROM $table");
$columnq->execute($table); $columnq->execute();
$str = "INSERT INTO `$table` ("; $str = "INSERT INTO `$table` (";
unset($fields); unset($fields);
$fields = array(); $fields = array();
@ -57,8 +57,8 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
$str = substr($str, 0, -1); $str = substr($str, 0, -1);
$str .= ') VALUES ('; $str .= ') VALUES (';
$dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY ?"); $dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY $fields[0]");
$dataq->execute([$fields[0]]); $dataq->execute();
while ($data = $dataq->fetch(PDO::FETCH_OBJ)) { while ($data = $dataq->fetch(PDO::FETCH_OBJ)) {
$insertstr = $str; $insertstr = $str;
foreach ($fields AS $field) { foreach ($fields AS $field) {

4
config/rollover.php
View File

@ -91,8 +91,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
$where = '1'; $where = '1';
/* Get data */ /* Get data */
$q = $pdo->prepare("SELECT * FROM ? WHERE year=? AND ?"); $q = $pdo->prepare("SELECT * FROM $table WHERE year=? AND $where");
$q->execute([$table,$currentfairyear,$where]); $q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
$names = '`' . join('`,`', $fields) . '`'; $names = '`' . join('`,`', $fields) . '`';

4
scripts/rolloverschools.php
View File

@ -34,8 +34,8 @@ require_once ('../config_editor.inc.php');
function roll($currentfairyear, $newfairyear, $table, $fields) function roll($currentfairyear, $newfairyear, $table, $fields)
{ {
global $pdo; global $pdo;
$q = $pdo->prepare("SELECT * FROM ? WHERE year=?"); $q = $pdo->prepare("SELECT * FROM $table WHERE year=?");
$q->execute([$table,$currentfairyear]); $q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
$names = '`' . join('`,`', $fields) . '`'; $names = '`' . join('`,`', $fields) . '`';
while ($r = $q->fetch(PDO::FETCH_ASSOC)) { while ($r = $q->fetch(PDO::FETCH_ASSOC)) {