forked from science-ation/science-ation
pushing just over 100 database lines completed
This commit is contained in:
Muad Sakah
parent
5ccfe2dd6f
commit
172189a3ed
@ -98,8 +98,8 @@ if (array_key_exists('username', $_GET)) {
|
||||
$username = $_GET['username'];
|
||||
$type = $_GET['type'];
|
||||
$un = $username;
|
||||
$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username=? GROUP BY uid");
|
||||
$q->execute([$un]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
if ($q->rowCount()) {
|
||||
@ -119,8 +119,8 @@ if (array_key_exists('username', $_GET)) {
|
||||
}
|
||||
} else {
|
||||
// undelete them?
|
||||
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id=?");
|
||||
$stmt->execute([$r->id]);
|
||||
// then load them?
|
||||
$u = user_load($r->id);
|
||||
}
|
||||
|
||||
@ -164,9 +164,9 @@ if (get_value_from_array($_GET, 'action') == 'update') {
|
||||
$user = user_load($id);
|
||||
|
||||
// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
|
||||
$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
|
||||
$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid=?
|
||||
ORDER BY year DESC LIMIT 1");
|
||||
$query->execute();
|
||||
$query->execute([$user['uid']]);
|
||||
|
||||
$user_new = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
@ -178,9 +178,9 @@ if (get_value_from_array($_GET, 'action') == 'update') {
|
||||
message_push(happy(i18n('User Updated')));
|
||||
|
||||
// find the newly updated user
|
||||
$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid='{$user['uid']}'
|
||||
$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid=?
|
||||
ORDER BY year DESC LIMIT 1");
|
||||
$q_reload->execute();
|
||||
$q_reload->execute([$user['uid']]);
|
||||
|
||||
$reload_user = $q_reload->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
@ -296,16 +296,16 @@ $querystr = "SELECT
|
||||
GROUP BY uid
|
||||
HAVING
|
||||
u1.deleted='no'
|
||||
$having_year
|
||||
$where_types
|
||||
$where_complete
|
||||
?
|
||||
?
|
||||
?
|
||||
ORDER BY
|
||||
lastname ASC,
|
||||
firstname ASC,
|
||||
year DESC";
|
||||
|
||||
$q = $pdo->prepare($querystr);
|
||||
$q->execute();
|
||||
$q->execute([$having_year,$where_types,$where_complete]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$num = $q->rowCount();
|
||||
@ -358,8 +358,8 @@ while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
if (in_array('fair', $types)) {
|
||||
$qq = $pdo->prepare("SELECT * FROM users_fair
|
||||
LEFT JOIN fairs ON fairs.id=users_fair.fairs_id
|
||||
WHERE users_id='{$r['id']}'");
|
||||
|
||||
WHERE users_id=?");
|
||||
$qq->execute([$r['id']]);
|
||||
$rr = $qq->fetch(PDO::FETCH_ASSOC);
|
||||
$name = '{' . get_value_from_array($rr, 'name') . '}' . ((trim($name) == '') ? '' : "<br />($name)");
|
||||
}
|
||||
|
||||
@ -56,21 +56,21 @@ switch ($action) {
|
||||
}
|
||||
|
||||
// first check how many we are allowed to have
|
||||
$q = $pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT number FROM award_prizes WHERE id=?");
|
||||
$q->execute([$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$number = $r['number'];
|
||||
|
||||
/* Get the award info */
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id=?");
|
||||
$q->execute([$award_awards_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$a = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
/* Get the project */
|
||||
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id=?");
|
||||
$q->execute([$projects_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$p = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$fairs_id = $p['fairs_id'];
|
||||
@ -89,24 +89,24 @@ switch ($action) {
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners
|
||||
LEFT JOIN projects ON winners.projects_id=projects.id
|
||||
WHERE
|
||||
projects.fairs_id='$fairs_id'
|
||||
awards_prizes_id='$prize_id'");
|
||||
$q->execute();
|
||||
projects.fairs_id=?
|
||||
awards_prizes_id=?");
|
||||
$q->execute([$fairs_id,$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$count = $r['count'];
|
||||
} else {
|
||||
/* Count is the total number assigned */
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id=?");
|
||||
$q->execute([$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$count = $r['count'];
|
||||
}
|
||||
|
||||
if ($count < $number) {
|
||||
$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$prize_id,$projects_id,$config['FAIRYEAR']]);
|
||||
happy_('Winning project added');
|
||||
} else {
|
||||
error_('This prize cannot accept any more winners. Maximum: %1', $number);
|
||||
@ -119,8 +119,8 @@ switch ($action) {
|
||||
$projects_id = intval($_GET['projects_id']);
|
||||
|
||||
if ($prize_id && $projects_id) {
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id=? AND projects_id=?");
|
||||
$stmt->execute([$prize_id,$projects_id]);
|
||||
happy_('Winning project removed');
|
||||
}
|
||||
exit;
|
||||
@ -140,12 +140,12 @@ switch ($action) {
|
||||
award_awards ,
|
||||
award_types
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND \taward_types.year=award_awards.year
|
||||
AND\taward_awards.id='$award_awards_id'
|
||||
AND\taward_awards.id=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$award_awards_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -177,12 +177,12 @@ switch ($action) {
|
||||
award_awards ,
|
||||
award_types
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND \taward_types.year=award_awards.year
|
||||
AND\taward_awards.id='$award_awards_id'
|
||||
AND\taward_awards.id=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$award_awards_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -218,15 +218,15 @@ switch ($action) {
|
||||
|
||||
case 'additional_materials':
|
||||
$fairs_id = intval($_GET['fairs_id']);
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id=?");
|
||||
$q->execute([$award_awards_id]);
|
||||
if ($fairs_id == 0) {
|
||||
echo "Unsupported Action: Can't get additional materials for fairs_id=0. Edit the project and set it's fair to anything except 'Local/Unspecified'.";
|
||||
exit;
|
||||
}
|
||||
$a = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id=?");
|
||||
$q->execute([$fairs_id]);
|
||||
$fair = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$pdf = fair_additional_materials($fair, $a, $config['FAIRYEAR']);
|
||||
foreach ($pdf['header'] as $h)
|
||||
@ -412,17 +412,17 @@ $q = $pdo->prepare("SELECT
|
||||
award_types.type,
|
||||
sponsors.organization
|
||||
FROM
|
||||
award_awards $fair_join,
|
||||
award_awards ?,
|
||||
award_types,
|
||||
sponsors
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND\taward_types.year='{$config['FAIRYEAR']}'
|
||||
AND\taward_types.year=?
|
||||
AND\taward_awards.sponsors_id=sponsors.id
|
||||
$fair_where
|
||||
?
|
||||
ORDER BY awards_order");
|
||||
$q->execute();
|
||||
$q->execute([$fair_join,$config['FAIRYEAR'],$config['FAIRYEAR'],$fair_where]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -500,11 +500,11 @@ function print_award(&$r, $fairs_id, $editor = false, $editor_data = array())
|
||||
FROM
|
||||
award_prizes
|
||||
WHERE
|
||||
award_awards_id='{$r['id']}'
|
||||
AND award_prizes.year='{$config['FAIRYEAR']}'
|
||||
award_awards_id=?
|
||||
AND award_prizes.year=?
|
||||
ORDER BY
|
||||
`order`");
|
||||
$q->execute();
|
||||
$q->execute([$r['id'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
echo '<table width="100%"><tr><td>';
|
||||
@ -535,9 +535,9 @@ function print_award(&$r, $fairs_id, $editor = false, $editor_data = array())
|
||||
winners
|
||||
LEFT JOIN projects ON projects.id=winners.projects_id
|
||||
WHERE
|
||||
winners.awards_prizes_id='{$pr->id}'
|
||||
$fairs_where ");
|
||||
$cq->execute();
|
||||
winners.awards_prizes_id=?
|
||||
? ");
|
||||
$cq->execute([$pr->id,$fairs_where]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$count = $cq->rowCount();
|
||||
// echo "winners=$count";
|
||||
|
||||
@ -32,8 +32,8 @@ require ('../common.inc.php');
|
||||
global $pdo;
|
||||
|
||||
// first, lets make sure someone isng tryint to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$pn = trim($_GET['n']);
|
||||
@ -56,20 +56,21 @@ if ($r->test) {
|
||||
LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
AND projects.projectnumber='$pn'
|
||||
AND projects.projectnumber=?
|
||||
LIMIT 1
|
||||
");
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR'],$pn]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$regid = $r['reg_id'];
|
||||
|
||||
$q2 = $pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
|
||||
$q2->execute();
|
||||
$q2 = $pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id=? ORDER BY lastname");
|
||||
$q2->execute([$regid]);
|
||||
$students = '';
|
||||
while ($stud = $q2->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($stud->webfirst == 'yes')
|
||||
|
||||
@ -31,8 +31,8 @@ require ('../common.inc.php');
|
||||
|
||||
global $pdo;
|
||||
// first, lets make sure someone isnt trying to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
if ($r->test) {
|
||||
@ -52,16 +52,16 @@ if ($r->test) {
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
1
|
||||
AND registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
ORDER BY
|
||||
projectcategories.id,
|
||||
projectdivisions.id,
|
||||
projects.projectnumber
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$lastcat = 'something_that_does_not_exist';
|
||||
|
||||
@ -31,8 +31,8 @@ require ('../common.inc.php');
|
||||
|
||||
global $pdo;
|
||||
// first, lets make sure someone isnt trying to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$ret = array();
|
||||
|
||||
@ -56,16 +56,16 @@ if ($r->test) {
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
1
|
||||
AND registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
ORDER BY
|
||||
projectcategories.id,
|
||||
projectdivisions.id,
|
||||
projects.projectnumber
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$lastcat = 'something_that_does_not_exist';
|
||||
|
||||
@ -40,13 +40,13 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
$dump .= '#SFIAB FAIR NAME: ' . $config['fairname'] . "\n";
|
||||
$dump .= "#-------------------------------------------------\n";
|
||||
|
||||
$tableq = $pdo->prepare("SHOW TABLES FROM `$DBNAME`");
|
||||
$tableq->execute();
|
||||
$tableq = $pdo->prepare("SHOW TABLES FROM ?");
|
||||
$tableq->execute($DBNAME);
|
||||
while ($tr = $tableq->fetch(PDO::FETCH_NUM)) {
|
||||
$table = $tr[0];
|
||||
$dump .= "#TABLE: $table\n";
|
||||
$columnq = $pdo->prepare("SHOW COLUMNS FROM `$table`");
|
||||
$columnq->execute();
|
||||
$columnq = $pdo->prepare("SHOW COLUMNS FROM ?");
|
||||
$columnq->execute($table);
|
||||
$str = "INSERT INTO `$table` (";
|
||||
unset($fields);
|
||||
$fields = array();
|
||||
@ -57,8 +57,8 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
$str = substr($str, 0, -1);
|
||||
$str .= ') VALUES (';
|
||||
|
||||
$dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
|
||||
$dataq->execute();
|
||||
$dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY ?");
|
||||
$dataq->execute([$fields[0]]);
|
||||
while ($data = $dataq->fetch(PDO::FETCH_OBJ)) {
|
||||
$insertstr = $str;
|
||||
foreach ($fields AS $field) {
|
||||
@ -171,25 +171,25 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
if (mb_ereg('^[a-z0-9]{32}$', $_POST['realfilename']) && file_exists('../data/backuprestore/' . $_POST['realfilename'])) {
|
||||
$filename = $_POST['realfilename'];
|
||||
echo i18n('Proceeding with database restore from %1', array($_POST['filename'])) . '...';
|
||||
$lines = file("../data/backuprestore/$filename");
|
||||
$lines = file("../data/backuprestore/?");
|
||||
$err = false;
|
||||
echo '<pre>';
|
||||
foreach ($lines AS $line) {
|
||||
$line = trim($line);
|
||||
if (mb_ereg('^#TABLE: (.*)', $line, $args)) {
|
||||
// empty out the table
|
||||
$sql = 'TRUNCATE TABLE `' . $args[1] . '`';
|
||||
$sql = 'TRUNCATE TABLE ?';
|
||||
// echo $sql."\n";
|
||||
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$args[1]]);
|
||||
} else if (mb_ereg('^#', $line)) {
|
||||
// just skip it
|
||||
} else {
|
||||
// insert the new data
|
||||
|
||||
$stmt = $pdo->prepare($line);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$filename]);
|
||||
if ($pdo->errorInfo()) {
|
||||
echo $line . "\n";
|
||||
echo $pdo->errorInfo() . "\n";
|
||||
@ -226,13 +226,13 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
user_purge($judge, 'judge');
|
||||
} else {
|
||||
// Find max year of judge
|
||||
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = ' . $judge['uid'] . ' ORDER BY year DESC limit 1');
|
||||
$max_year_query->execute();
|
||||
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid =? ORDER BY year DESC limit 1');
|
||||
$max_year_query->execute([$judge['uid']]);
|
||||
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
|
||||
// Grab old judge info.
|
||||
// Old judge info consists of all entries in the database that are not the most recent for the specific judge
|
||||
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid =' . $judge['uid'] . ' AND year NOT LIKE ' . $judge_max_year['year']);
|
||||
$deletable->execute();
|
||||
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid =? AND year NOT LIKE ?');
|
||||
$deletable->execute([$judge['uid'],$judge_max_year['year']]);
|
||||
// and if they have old data from previous fair years
|
||||
if ($deletable->rowCount() > 0) {
|
||||
// delete old data one by one
|
||||
@ -260,8 +260,8 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
error(i18n($pdo->errorInfo()[0]));
|
||||
}
|
||||
} else if (get_value_from_array($_POST, 'action') == 'clean_parents') {
|
||||
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !=' . $config['FAIRYEAR']);
|
||||
$query_parents->execute();
|
||||
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !=?');
|
||||
$query_parents->execute([$config['FAIRYEAR']]);
|
||||
while ($parent = $query_parents->fetch(PDO::FETCH_ASSOC)) {
|
||||
if (!is_array($parent['types'])) {
|
||||
$parent['types'] = array($parent['types']);
|
||||
|
||||
@ -42,21 +42,21 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
// ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'category') && isset($_POST['mingrade']) && $_POST['maxgrade']) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Category ID %1 already exists', array($_POST['id']), array('category ID')));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectcategories SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "category='" . stripslashes($_POST['category']) . "', "
|
||||
. "category_shortform='" . stripslashes($_POST['category_shortform']) . "', "
|
||||
. "mingrade='" . $_POST['mingrade'] . "', "
|
||||
. "maxgrade='" . $_POST['maxgrade'] . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "'");
|
||||
. "id=?, "
|
||||
. "category=?, "
|
||||
. "category_shortform=?, "
|
||||
. "mingrade=?, "
|
||||
. "maxgrade=?"
|
||||
. "WHERE id=?");
|
||||
echo happy(i18n('Category successfully saved'));
|
||||
$stmt->execute();
|
||||
$stmt->execute([$_POST['id'],stripslashes($_POST['category']),stripslashes($_POST['category_shortform']),$_POST['mingrade'],$_POST['maxgrade'],$_POST['saveid']]);
|
||||
}
|
||||
} else {
|
||||
echo error(i18n('All fields are required'));
|
||||
@ -66,8 +66,8 @@ if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
// ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
|
||||
if (get_value_from_array($_POST, 'id') && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount()) {
|
||||
echo error(i18n('Category ID %1 already exists', array($_POST['id']), array('category ID')));
|
||||
} else {
|
||||
@ -89,11 +89,11 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
// ###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
|
||||
// for this division exist they should be deleted
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
// ####
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
echo happy(i18n('Category successfully removed'));
|
||||
}
|
||||
|
||||
@ -118,8 +118,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo '<input type="hidden" name="action" value="' . get_value_from_array($_GET, 'action') . "\">\n";
|
||||
if (get_value_from_array($_GET, 'action') == 'edit') {
|
||||
echo '<input type="hidden" name="saveid" value="' . get_value_from_array($_GET, 'edit') . "\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE id='" . get_value_from_array($_GET, 'edit') . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([get_value_from_array($_GET, 'edit'),$config['FAIRYEAR']]);
|
||||
$categoryr = $q->fetch(PDO::FETCH_OBJ);
|
||||
$buttontext = 'Save';
|
||||
} else if (get_value_from_array($_GET, 'action') == 'new') {
|
||||
@ -135,8 +135,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo ' <td><input type="submit" value="' . i18n($buttontext) . '"></td>';
|
||||
echo '</tr>';
|
||||
} else {
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY mingrade");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY mingrade");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
echo " <td align=\"center\">$r->id</td>";
|
||||
|
||||
@ -57,8 +57,8 @@ if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
$d = stripslashes($val);
|
||||
$t = stripslashes($_POST['savetimes'][$key]);
|
||||
$v = "$d $t";
|
||||
$stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='" . $config['FAIRYEAR'] . "' AND id='$key'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE dates SET date=? WHERE year=? AND id=?");
|
||||
$stmt->execute([$v,$config['FAIRYEAR'],$key]);
|
||||
}
|
||||
}
|
||||
echo happy(i18n('Dates successfully saved'));
|
||||
@ -83,8 +83,8 @@ $dates = array('fairdate' => array(),
|
||||
|
||||
/* Now copy the SQL data into the above array */
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM dates WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY date");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM dates WHERE year=? ORDER BY date");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$dates[$r->name]['description'] = $r->description;
|
||||
$dates[$r->name]['id'] = $r->id;
|
||||
@ -131,12 +131,12 @@ foreach ($dates as $dn => $d) {
|
||||
$def = $defaultdates[$dn];
|
||||
// hmm if we dont have a record for this date this year, INSERT the sql from the default
|
||||
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
|
||||
'" . $def->date . "',
|
||||
'" . $dn . "',
|
||||
'" . $def->description . "',
|
||||
'" . $config['FAIRYEAR'] . "'
|
||||
?,
|
||||
?,
|
||||
?,
|
||||
?
|
||||
)");
|
||||
$stmt->execute();
|
||||
$stmt->execute([$def->date,$dn,$def->description,$config['FAIRYEAR']]);
|
||||
$d['id'] = $pdo->lastInsertId();
|
||||
$d['description'] = $def->description;
|
||||
$d['date'] = $def->date;
|
||||
|
||||
@ -45,22 +45,22 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division')) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Division ID %1 already exists', array($_POST['id']), array('division ID')));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectdivisions SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "division='" . stripslashes($_POST['division']) . "', "
|
||||
. "division_shortform='" . stripslashes($_POST['division_shortform']) . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "' AND year='{$config['FAIRYEAR']}'");
|
||||
$stmt->execute();
|
||||
. "id=?, "
|
||||
. "division=?, "
|
||||
. "division_shortform=?"
|
||||
. "WHERE id=? AND year=?");
|
||||
$stmt->execute([$_POST['id'],stripslashes($_POST['division']),stripslashes($_POST['division_shortform']),$_POST['saveid'],$config['FAIRYEAR']]);
|
||||
|
||||
// ###### Feature Specific - filtering divisions by category
|
||||
if ($config['filterdivisionbycategory'] == 'yes') {
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='" . $_POST['saveid'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id=? AND year=?");
|
||||
$stmt->execute([ $_POST['saveid'],$config['FAIRYEAR']]);
|
||||
if (is_array($_POST['divcat'])) {
|
||||
foreach ($_POST['divcat'] as $tempcat) {
|
||||
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( '
|
||||
|
||||
@ -35,8 +35,8 @@ send_header('CWSF Project Divisions',
|
||||
// //// FIX ME!!!!!
|
||||
if (count(get_value_from_array($_POST, 'cwsfdivision', []))) {
|
||||
foreach ($_POST['cwsfdivision'] AS $k => $v) {
|
||||
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid=? WHERE id=? AND year=?");
|
||||
$stmt->execute([$v,$k,$config['FAIRYEAR']]);
|
||||
}
|
||||
echo happy(i18n('Corresponding CWSF divisions saved'));
|
||||
}
|
||||
@ -53,8 +53,8 @@ echo '<th>' . i18n('Your Division') . "</th>\n";
|
||||
echo '<th>' . i18n('Corresponding CWSF Division') . "</th>\n";
|
||||
echo '</tr>';
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
echo ' <td>' . i18n($r->division) . '</td>';
|
||||
|
||||
@ -88,7 +88,7 @@ if (get_value_from_array($_GET, 'action') == 'install' && get_value_from_array($
|
||||
$packs = loadLanguagePacks();
|
||||
$loaded = 0;
|
||||
if ($packs[$_GET['install']]) {
|
||||
$lines = file("http://www.sfiab.ca/languages/{$packs[$_GET['install']]['filename']}");
|
||||
$lines = file("http://www.sfiab.ca/languages/?");
|
||||
$totallines = count($lines);
|
||||
$numtranslations = round($totallines / 2);
|
||||
echo i18n('There are %1 translations in this language pack... processing...', array($numtranslations));
|
||||
@ -98,7 +98,7 @@ if (get_value_from_array($_GET, 'action') == 'install' && get_value_from_array($
|
||||
|
||||
if (substr($line, 0, 6) == 'UPDATE' || substr($line, 0, 6) == 'INSERT') {
|
||||
$stmt = $pdo->prepare($line);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$packs[$_GET['install']]['filename']]);
|
||||
$a = $pdo->rowwCount();
|
||||
$loaded += $a;
|
||||
} else
|
||||
|
||||
@ -43,8 +43,8 @@
|
||||
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
foreach($config['languages'] AS $lang=>$langname) {
|
||||
$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=".$pdo->quote($config['FAIRYEAR'])." and textname=".$pdo->quote($r->textname)."");
|
||||
$q_current->execute();
|
||||
$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=? and textname=?");
|
||||
$q_current->execute([$pdo->quote($config['FAIRYEAR']),$pdo->quote($r->textname)]);
|
||||
|
||||
if ($q_current->rowCount() == 0) {
|
||||
$q1 = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
|
||||
@ -82,8 +82,8 @@
|
||||
|
||||
if(get_value_from_array($_GET, 'textname'))
|
||||
{
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname=? AND year=?");
|
||||
$q->execute([$_GET['textname'],$config['FAIRYEAR']]);
|
||||
//needs to be at least one entry in any languages
|
||||
if($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
@ -93,14 +93,14 @@
|
||||
|
||||
|
||||
foreach($config['languages'] AS $lang=>$langname) {
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname=? AND year=? AND lang=?");
|
||||
$q->execute([$_GET['textname'],$config['FAIRYEAR'],$lang]);
|
||||
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
if(!$r)
|
||||
{
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$pdo->quote($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES (?,?,?)");
|
||||
$stmt->execute([$pdo->quote($_GET['textname']),$config['FAIRYEAR'],$lang]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -140,8 +140,8 @@
|
||||
echo i18n("Choose a page text to edit");
|
||||
echo "<table class=\"summarytable\">";
|
||||
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year=? AND lang=? ORDER BY textname");
|
||||
$q->execute([$config['FAIRYEAR'],$config['default_language']]);
|
||||
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
|
||||
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
|
||||
@ -66,8 +66,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
*/
|
||||
|
||||
/* Get field list for this table */
|
||||
$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SHOW COLUMNS IN ?");
|
||||
$q->execute([$table]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while (($c = $q->fetch(PDO::FETCH_ASSOC))) {
|
||||
$col[$c['Field']] = $c;
|
||||
@ -91,8 +91,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
$where = '1';
|
||||
|
||||
/* Get data */
|
||||
$q = $pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM ? WHERE year=? AND ?");
|
||||
$q->execute([$table,$currentfairyear,$where]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$names = '`' . join('`,`', $fields) . '`';
|
||||
|
||||
@ -108,8 +108,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
$vals .= ',' . $pdo->quote($r[$f]);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO ?(`year`,?) VALUES (??)");
|
||||
$stmt->execute([$table,$names,$newfairyear,$vals]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
}
|
||||
@ -134,8 +134,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// now the dates
|
||||
echo i18n('Rolling dates') . '<br />';
|
||||
$q = $pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
|
||||
@ -149,8 +149,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// page text
|
||||
echo i18n('Rolling page texts') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
|
||||
@ -166,8 +166,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project categories') . '<br />';
|
||||
// project categories
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
|
||||
@ -183,8 +183,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project divisions') . '<br />';
|
||||
// project divisions
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
|
||||
@ -199,8 +199,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project category-division links') . '<br />';
|
||||
// project categories divisions links
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
|
||||
@ -213,8 +213,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project sub-divisions') . '<br />';
|
||||
// project subdivisions
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
|
||||
@ -228,8 +228,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling safety questions') . '<br />';
|
||||
// safety questions
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
|
||||
@ -245,8 +245,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
echo i18n('Rolling awards') . '<br />';
|
||||
// awards
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
/* Roll the one award */
|
||||
@ -265,8 +265,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling award types') . '<br />';
|
||||
// award types
|
||||
$q = $pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_types WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
|
||||
@ -280,8 +280,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling schools') . '<br />';
|
||||
// award types
|
||||
$q = $pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM schools WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$puid = ($r->principal_uid == null) ? 'NULL' : ("'" . intval($r->principal_uid) . "'");
|
||||
@ -314,8 +314,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
}
|
||||
|
||||
echo i18n('Rolling questions') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM questions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
|
||||
@ -341,8 +341,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// timeslots and rounds
|
||||
echo i18n('Rolling judging timeslots and rounds') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=? AND round_id='0'");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$d = $newfairyear - $currentfairyear;
|
||||
@ -352,8 +352,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
$stmt->execute();
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=?");
|
||||
$qq->execute([$r['id']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
|
||||
@ -365,8 +365,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
}
|
||||
|
||||
echo '<br /><br />';
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='FAIRYEAR' AND year=0");
|
||||
$stmt->execute([$newfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo happy(i18n('Fair year has been rolled over from %1 to %2', array($currentfairyear, $newfairyear)));
|
||||
send_footer();
|
||||
|
||||
@ -82,8 +82,8 @@ function rolloverfiscalyear($newYear)
|
||||
|
||||
// first we'll roll over fundraising_campaigns:
|
||||
$fields = '`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`';
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear =?");
|
||||
$q->execute([$oldYear]);
|
||||
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
foreach (array('startdate', 'enddate', 'followupdate') as $dateField) {
|
||||
@ -100,16 +100,16 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_campaigns (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_campaigns (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// next we'll hit findraising_donor_levels
|
||||
$fields = '`level`,`min`,`max`,`description`';
|
||||
if ($pdo->errorInfo()[0] == 0)
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear =?");
|
||||
$q->execute([$oldYear]);
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$r['fiscalyear'] = $newYear;
|
||||
$fields = array_keys($r);
|
||||
@ -117,16 +117,16 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_donor_levels (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_donor_levels (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// and now we'll do findraising_goals
|
||||
$fields = '`goal`,`name`,`description`,`system`,`budget`,`deadline`';
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT ? FROM fundraising_goals WHERE fiscalyear =?");
|
||||
$q->execute([$fields,$oldYear]);
|
||||
}
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$dateval = $r['deadline'];
|
||||
@ -142,15 +142,15 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_goals (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_goals (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// finally, let's update the fiscal year itself:
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='FISCALYEAR'");
|
||||
$stmt->execute([$newYear]);
|
||||
}
|
||||
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
|
||||
@ -67,8 +67,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
}
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
echo happy(i18n('Safety question successfully removed'));
|
||||
}
|
||||
|
||||
@ -82,8 +82,8 @@ if ((get_value_from_array($_GET, 'action') == 'edit' && get_value_from_array($_G
|
||||
} else if ($_GET['action'] == 'edit') {
|
||||
$buttontext = 'Save safety question';
|
||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE id='" . $_GET['edit'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE id=? AND year=?");
|
||||
$q->execute([$_GET['edit'],$config['FAIRYEAR'] ]);
|
||||
echo '<input type="hidden" name="save" value="' . $_GET['edit'] . "\">\n";
|
||||
if (!$r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$showform = false;
|
||||
@ -141,8 +141,8 @@ echo '<br />';
|
||||
echo '<a href="safetyquestions.php?action=new">' . i18n('Add new safety question') . '</a>';
|
||||
|
||||
echo '<table class="summarytable">';
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY ord");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year=? ORDER BY ord");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
echo '<tr><th>' . i18n('Ord') . '</th><th>' . i18n('Question') . '</th><th>' . i18n('Type') . '</th><th>' . i18n('Required') . '</th><th>' . i18n('Actions') . '</th></tr>';
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
|
||||
@ -85,16 +85,16 @@ function judge_status_questions($u)
|
||||
*/
|
||||
global $config, $pdo;
|
||||
// get the questions we're looking for
|
||||
$q = $pdo->prepare('SELECT id FROM questions WHERE year=' . $config['FAIRYEAR'] . " AND required='yes'");
|
||||
$q->execute([]);
|
||||
$q = $pdo->prepare('SELECT id FROM questions WHERE year=?'"AND required='yes'");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$idList = array();
|
||||
while ($row = $q->fetch(PDO::FETCH_ASSOC))
|
||||
$idList[] = $row['id'];
|
||||
|
||||
$rval = 'complete';
|
||||
if (count($idList)) {
|
||||
$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(' . implode(',', $idList) . ') AND users_id=' . $u['id'] . ' AND answer IS NOT NULL');
|
||||
$q->execute();
|
||||
$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(?) AND users_id=? AND answer IS NOT NULL');
|
||||
$q->execute([implode(',', $idList),$u['id']]);
|
||||
$row = $q->fetch(PDO::FETCH_ASSOC);
|
||||
if (intval($row['tally']) != count($idList))
|
||||
$rval = 'incomplete';
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user