forked from science-ation/science-ation
17-19 files have been changed and roughly 200-250 database lines have been modified
This commit is contained in:
Muad Sakah
parent
172189a3ed
commit
1846545b7a
@ -8,10 +8,10 @@ function getJudgingTeams()
|
||||
FROM
|
||||
judges_teams
|
||||
WHERE
|
||||
judges_teams.year='" . $config['FAIRYEAR'] . "'
|
||||
judges_teams.year=?
|
||||
ORDER BY
|
||||
num,name");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
|
||||
$lastteamid = -1;
|
||||
$lastteamnum = -1;
|
||||
@ -28,8 +28,8 @@ function getJudgingTeams()
|
||||
$rounds = array();
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
|
||||
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
|
||||
WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
|
||||
$tq->execute();
|
||||
WHERE judges_teams_timeslots_link.judges_teams_id=?");
|
||||
$tq->execute([$r->id]);
|
||||
$teams[$r->id]['timeslots'] = array();
|
||||
$teams[$r->id]['rounds'] = array();
|
||||
|
||||
@ -39,8 +39,8 @@ function getJudgingTeams()
|
||||
}
|
||||
|
||||
foreach ($rounds as $round_id) {
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
|
||||
$tq->execute();
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$tq->execute([$round_id]);
|
||||
$teams[$r->id]['rounds'][] = $tq->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
@ -55,12 +55,12 @@ function getJudgingTeams()
|
||||
judges_teams_link
|
||||
WHERE
|
||||
judges_teams_link.users_id=users.id AND
|
||||
judges_teams_link.judges_teams_id='$r->id'
|
||||
judges_teams_link.judges_teams_id=?
|
||||
ORDER BY
|
||||
captain DESC,
|
||||
lastname,
|
||||
firstname");
|
||||
$mq->execute();
|
||||
$mq->execute([$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$teamlangs = array();
|
||||
@ -87,9 +87,9 @@ function getJudgingTeams()
|
||||
$lq = $pdo->prepare("SELECT projects.language
|
||||
FROM judges_teams_timeslots_projects_link
|
||||
LEFT JOIN projects ON judges_teams_timeslots_projects_link.projects_id=projects.id
|
||||
WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
|
||||
judges_teams_id='$r->id' AND language!='' ");
|
||||
$lq->execute();
|
||||
WHERE judges_teams_timeslots_projects_link.year=? AND
|
||||
judges_teams_id=? AND language!='' ");
|
||||
$lq->execute([$config['FAIRYEAR'],$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$projectlangs = array();
|
||||
while ($lr = $lq->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -113,13 +113,13 @@ function getJudgingTeams()
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND judges_teams_awards_link.judges_teams_id='$r->id'
|
||||
AND judges_teams_awards_link.judges_teams_id=?
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
name
|
||||
");
|
||||
$aq->execute();
|
||||
$aq->execute([$r->id,$config['FAIRYEAR']]);
|
||||
while ($ar = $aq->fetch(PDO::FETCH_OBJ)) {
|
||||
$teams[$r->id]['awards'][] = array(
|
||||
'id' => $ar->id,
|
||||
@ -144,13 +144,13 @@ function getJudgingTeam($teamid)
|
||||
FROM
|
||||
judges_teams
|
||||
WHERE
|
||||
judges_teams.year='" . $config['FAIRYEAR'] . "' AND
|
||||
judges_teams.id='$teamid'
|
||||
judges_teams.year=? AND
|
||||
judges_teams.id=?
|
||||
ORDER BY
|
||||
num,
|
||||
name
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$teamid]);
|
||||
|
||||
$team = array();
|
||||
|
||||
@ -172,12 +172,12 @@ function getJudgingTeam($teamid)
|
||||
judges_teams_link
|
||||
WHERE
|
||||
judges_teams_link.users_id=users.id AND
|
||||
judges_teams_link.judges_teams_id='$r->id'
|
||||
judges_teams_link.judges_teams_id=?
|
||||
ORDER BY
|
||||
captain DESC,
|
||||
lastname,
|
||||
firstname");
|
||||
$mq->execute();
|
||||
$mq->execute([$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
while ($mr = $mq->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -200,13 +200,13 @@ function getJudgingTeam($teamid)
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND judges_teams_awards_link.judges_teams_id='$r->id'
|
||||
AND judges_teams_awards_link.judges_teams_id=?
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
name
|
||||
");
|
||||
$aq->execute();
|
||||
$aq->execute([$r->id,$config['FAIRYEAR']]);
|
||||
while ($ar = $aq->fetch(PDO::FETCH_OBJ)) {
|
||||
$team['awards'][] = array(
|
||||
'id' => $ar->id,
|
||||
@ -248,11 +248,11 @@ function judges_load_all()
|
||||
$ret = array();
|
||||
|
||||
$query = "SELECT id FROM users WHERE types LIKE '%judge%'
|
||||
AND year='{$config['FAIRYEAR']}'
|
||||
AND year=?
|
||||
AND deleted='no'
|
||||
ORDER BY lastname, firstname";
|
||||
$r = $pdo->prepare($query);
|
||||
$r->execute();
|
||||
$r->execute([$config['FAIRYEAR']]);
|
||||
while ($i = $r->fetch(PDO::FETCH_ASSOC)) {
|
||||
$u = user_load($i['id']);
|
||||
if ($u['judge_complete'] == 'no')
|
||||
|
||||
@ -40,16 +40,16 @@ if (get_value_from_array($_POST, 'action'))
|
||||
if ($action == 'delete' && get_value_from_array($_GET, 'delete')) {
|
||||
// ALSO DELETE: team members, timeslots, projects, awards
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team')));
|
||||
}
|
||||
|
||||
@ -58,25 +58,26 @@ if (get_value_or_default($action) == 'deletealldivisional') {
|
||||
FROM \t
|
||||
judges_teams
|
||||
WHERE
|
||||
year='" . $config['FAIRYEAR'] . "'
|
||||
year=?
|
||||
AND autocreate_type_id='1'
|
||||
");
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$numdeleted = 0;
|
||||
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
|
||||
// okay now we can start deleting things! whew!
|
||||
// first delete any linkings to the team
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$numdeleted++;
|
||||
}
|
||||
if ($numdeleted)
|
||||
@ -89,24 +90,24 @@ if (get_value_or_default($action) == 'deleteall') {
|
||||
$q2 = $pdo->prepare("SELECT *
|
||||
FROM \tjudges_teams
|
||||
WHERE
|
||||
year='" . $config['FAIRYEAR'] . "'
|
||||
year=?
|
||||
");
|
||||
$q2->execute();
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
$numdeleted = 0;
|
||||
while ($r2 = $q2->FETCH(PDO::FETCH_OBJ)) {
|
||||
// okay now we can start deleting things! whew!
|
||||
// first delete any linkings to the team
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$numdeleted++;
|
||||
}
|
||||
if ($numdeleted)
|
||||
@ -120,8 +121,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
// but when we're done, if we're "assign" then go back to edit that team
|
||||
// if we're save, then go back to the team list
|
||||
$err = false;
|
||||
$q = $pdo->prepare("UPDATE judges_teams SET num='" . $_POST['team_num'] . "', name='" . (stripslashes($_POST['team_name'])) . "' WHERE id='$edit'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE judges_teams SET num=?, name=? WHERE id=?");
|
||||
$q->execute([ $_POST['team_num'],(stripslashes($_POST['team_name'])),$edit]);
|
||||
if ($pdo->errorInfo()) {
|
||||
$err = true;
|
||||
message_push(error($pdo->errorInfo()));
|
||||
@ -133,8 +134,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
// the judges wouldnt know which projects to judge for which award. This doesnt apply for divisions
|
||||
// because the category/division is obvious based on project numbesr. A divisional judge team could easily
|
||||
// be assigned to do all of Comp Sci - Junior, Intermediate and Senior without any problems.
|
||||
$q = $pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='" . $_POST['award'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id=?");
|
||||
$q->execute([$_POST['award']]);
|
||||
$aw = $q->fetch(PDO::FETCHH_OBJ);
|
||||
|
||||
$addaward = true;
|
||||
@ -144,12 +145,12 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
award_awards,
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.judges_teams_id='$edit'
|
||||
judges_teams_awards_link.judges_teams_id=?
|
||||
AND judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.type='Special'
|
||||
");
|
||||
$q->exxecute();
|
||||
$q->exxecute([$edit]);
|
||||
$r = $q->fetch(PDO::FETCHH_OBJ);
|
||||
echo "special awards: $r->num";
|
||||
if ($r->num) {
|
||||
@ -162,8 +163,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
|
||||
if ($addaward) {
|
||||
// link up the award
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('" . $_POST['award'] . "','$edit','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$_POST['award'],$edit,$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Award assigned to team')));
|
||||
}
|
||||
}
|
||||
@ -182,8 +183,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
}
|
||||
|
||||
if (get_value_or_default($action) == 'unassign') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='" . $_GET['unassign'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND award_awards_id=? AND year=?");
|
||||
$stmt->execute([$edit,$_GET['unassign'],$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Award unassigned from judge team')));
|
||||
// keep editing the same team
|
||||
$action = 'edit';
|
||||
@ -191,8 +192,8 @@ if (get_value_or_default($action) == 'unassign') {
|
||||
|
||||
if (get_value_or_default($action) == 'createall') {
|
||||
// first make sure we dont have any non-divisional award teams (dont want people hitting refresh and adding all the teams twice
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
if ($r->c) {
|
||||
message_push(error(i18n("Cannot 'Create All' teams when any divisional teams currently exist. Try deleting all existing non-divisional teams first.")));
|
||||
@ -207,18 +208,18 @@ if (get_value_or_default($action) == 'createall') {
|
||||
award_types
|
||||
WHERE \t
|
||||
award_awards.award_types_id=award_types.id
|
||||
AND award_awards.year='" . $config['FAIRYEAR'] . "'
|
||||
AND award_types.year='" . $config['FAIRYEAR'] . "'
|
||||
AND award_awards.year=?
|
||||
AND award_types.year=?
|
||||
AND award_types_id!='1'
|
||||
ORDER BY
|
||||
award_types_order,
|
||||
award_awards.order,
|
||||
name");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
|
||||
// startat
|
||||
$q2 = $pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
|
||||
$q2->execute();
|
||||
$q2 = $pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year=?");
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
$r2 = $q2->fetch(PDO::FETCH_OBJ);
|
||||
if ($r2->lastnum)
|
||||
$num = $r2->lastnum + 1;
|
||||
@ -239,8 +240,8 @@ if (get_value_or_default($action) == 'createall') {
|
||||
$team_id = $pdo->lastInsertId();
|
||||
if ($team_id) {
|
||||
// now link the new team to the award
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$r->id,$team_id,$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Created team #%1: %2', array($num, $name))));
|
||||
} else {
|
||||
message_push(error(i18n('Error creating team #%1: %2', array($num, $name))));
|
||||
@ -251,8 +252,8 @@ if (get_value_or_default($action) == 'createall') {
|
||||
}
|
||||
|
||||
if (get_value_or_default($action) == 'add' && $_GET['num']) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES ('" . $_GET['num'] . "','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES (?,?)");
|
||||
$stmt->execute([$_GET['num'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$edit = $pdo->lastInsertId();
|
||||
$action = 'edit';
|
||||
@ -342,10 +343,10 @@ function addclicked()
|
||||
)
|
||||
LEFT JOIN judges_teams_awards_link ON award_awards.id = judges_teams_awards_link.award_awards_id
|
||||
WHERE
|
||||
award_awards.year='" . $config['FAIRYEAR'] . "' AND
|
||||
award_awards.year=? AND
|
||||
judges_teams_awards_link.award_awards_id IS NULL
|
||||
AND award_types.id=award_awards.award_types_id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
award_type_order,
|
||||
name";
|
||||
@ -353,7 +354,7 @@ function addclicked()
|
||||
|
||||
echo '<tr><td colspan=2>';
|
||||
$q = $pdo->prepare($querystr);
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo '<select name="award">';
|
||||
@ -395,8 +396,8 @@ function addclicked()
|
||||
|
||||
echo '<table width="95%">';
|
||||
echo '<tr><td>';
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
if (!$r->c) {
|
||||
echo '<a href="judges_teams.php?action=createall">' . i18n('Automatically create one new team for every non-divisional award') . '</a><br />';
|
||||
|
||||
@ -92,16 +92,16 @@ if ($action == 'saveround') {
|
||||
if ($save == true) {
|
||||
if ($round_id == 0) {
|
||||
/* New entry */
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0',?)");
|
||||
$stmt->execute([$config['FAIRYEAR']]);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`='$date',
|
||||
starttime='$starttime', endtime='$endtime',
|
||||
`name`='$name',
|
||||
`type`='$type' WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`=?,
|
||||
starttime=?, endtime=?,
|
||||
`name`=?,
|
||||
`type`=? WHERE id=?");
|
||||
$stmt->execute([$date,$starttime,$endtime,$name,$type,$round_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
message_push(happy(i18n('Round successfully saved')));
|
||||
@ -110,18 +110,18 @@ if ($action == 'saveround') {
|
||||
}
|
||||
|
||||
if ($action == 'deleteround') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id=?");
|
||||
$stmt->execute([$round_id]);
|
||||
/* Also delete all timeslots */
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id=?");
|
||||
$stmt->execute([$round_id]);
|
||||
message_push(happy(i18n('Round successfully removed')));
|
||||
$action = '';
|
||||
}
|
||||
if ($action == 'deletetimeslot') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id=?");
|
||||
$stmt->execute([$timeslot_id]);
|
||||
message_push(happy(i18n('Timeslot successfully removed')));
|
||||
$action = '';
|
||||
}
|
||||
@ -129,8 +129,8 @@ if ($action == 'deletetimeslot') {
|
||||
if ($action == 'savetimeslot') {
|
||||
$save = true;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$date = $round_data['date'];
|
||||
@ -152,15 +152,15 @@ if ($action == 'savetimeslot') {
|
||||
if ($save == true) {
|
||||
if ($timeslot_id == 0) {
|
||||
/* New entry */
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
|
||||
'$date','timeslot','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES(?,
|
||||
?,'timeslot',?)");
|
||||
$stmt->execute([$round_id,$date,$config['FAIRYEAR']]);
|
||||
$timeslot_id = $pdo->lastInsertId();
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
|
||||
WHERE id='$timeslot_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime=?, endtime=?
|
||||
WHERE id=?");
|
||||
$stmt->execute([$starttime,$endtime,$timeslot_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
message_push(happy(i18n('Timeslot successfully saved')));
|
||||
@ -176,8 +176,8 @@ if ($action == 'savemultiple') {
|
||||
$break = intval($_POST['break']);
|
||||
|
||||
if (array_key_exists('starttime_hour', $_POST) && array_key_exists('starttime_minute', $_POST) && $addnum && $duration) {
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$date = $round_data['date'];
|
||||
@ -242,8 +242,8 @@ if ($action == 'addround' || $action == 'editround') {
|
||||
$r['date'] = $config['dates']['fairdate'];
|
||||
} else {
|
||||
echo '<h3>Edit Judging Round</h3>';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
if ($q->rowCount() != 1) {
|
||||
echo "UNKNOWN ROUND $round_id";
|
||||
exit;
|
||||
@ -289,8 +289,8 @@ if ($action == 'addtimeslot' || $action == 'edittimeslot') {
|
||||
echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
|
||||
echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($action == 'addtimeslot') {
|
||||
@ -299,8 +299,8 @@ if ($action == 'addtimeslot' || $action == 'edittimeslot') {
|
||||
$r['date'] = $round_data['date'];
|
||||
} else {
|
||||
echo '<h3>Edit Judging Timeslot</h3>';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$timeslot_id]);
|
||||
if ($q->rowCount() != 1) {
|
||||
echo "UNKNOWN ROUND $round_id";
|
||||
exit;
|
||||
@ -334,8 +334,8 @@ if ($action == 'addmultiple') {
|
||||
echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
|
||||
echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
echo '<table border="0">';
|
||||
@ -375,12 +375,12 @@ if ($action == '') {
|
||||
echo '<th>' . i18n('Actions') . '</th>';
|
||||
echo '</tr>';
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=? AND `type`!='timeslot' ORDER BY date,starttime");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=? ORDER BY `date`,`starttime`");
|
||||
$qq->execute([$r->id]);
|
||||
$c = $qq->rowCount() + 1;
|
||||
|
||||
echo "<td rowspan=\"$c\"><b>" . format_date($r->date) . '</b></td>';
|
||||
|
||||
@ -51,10 +51,10 @@ if ($_GET['projectid']) {
|
||||
$score_error = '*** ERROR **** You entered a value greater than 100.00';
|
||||
}
|
||||
$stmt = $pdo->prepare("UPDATE judges_teams_timeslots_projects_link
|
||||
\t \t\t\t\t\tSET score=" . $score
|
||||
. ' WHERE judges_teams_id = ' . $_POST['team_' . $curr_team . '_id']
|
||||
. " and projects_id =$project_id and year=$year");
|
||||
$stmt->execute();
|
||||
\t \t\t\t\t\tSET score=?"
|
||||
. ' WHERE judges_teams_id =?'
|
||||
. " and projects_id =? and year=?");
|
||||
$stmt->execute([$score,$_POST['team_' . $curr_team . '_id'],$project_id,$year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
$curr_team--;
|
||||
@ -64,18 +64,18 @@ if ($_GET['projectid']) {
|
||||
?>
|
||||
<?
|
||||
if ($project_id) {
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE projects.id = '" . $project_id . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE projects.id =?");
|
||||
$q->execute([$project_id]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$project_number = $r->projectnumber;
|
||||
$project_title = $r->title;
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$cats[$r->id] = $r->category;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
|
||||
$q = $pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id,
|
||||
\t score,
|
||||
@ -83,8 +83,8 @@ if ($project_id) {
|
||||
\t FROM judges_teams_timeslots_projects_link,
|
||||
\t judges_teams
|
||||
\t WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id
|
||||
\t AND projects_id = " . $project_id . ' ORDER BY judges_teams_id');
|
||||
$q->execute();
|
||||
\t AND projects_id =? ORDER BY judges_teams_id");
|
||||
$q->execute([$project_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo 'Project# ' . $project_number . ' ' . $project_title . '<br />';
|
||||
if ($score_error != '') {
|
||||
|
||||
@ -101,15 +101,15 @@ if ($_GET['csv'] != 'yes') {
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($_GET['csv'] == 'yes') {
|
||||
echo "$r->projectnumber \t $r->title \t" . $cats[$r->projectcategories_id] . "\t" . $divs[$r->projectdivisions_id] . " \t $r->score \t $r->norm_score ";
|
||||
echo "$r->projectnumber \t ? \t ? \t ? \t ? \t ? ";
|
||||
$p = $pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id,
|
||||
\t \t\t\t\t score,
|
||||
\t judges_teams.num
|
||||
\t FROM judges_teams_timeslots_projects_link,
|
||||
\t judges_teams
|
||||
\t WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id
|
||||
\t AND projects_id = " . $r->projectid . ' ORDER BY judges_teams_id');
|
||||
$p->execute();
|
||||
\t AND projects_id =? ORDER BY judges_teams_id");
|
||||
$p->execute([$r->title,$cats[$r->projectcategories_id] ,$divs[$r->projectdivisions_id],$r->score,$r->norm_score,$r->projectid]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($s = $p->fetch(PDO::FETCH_OBJ)) {
|
||||
$team = getJudgingTeam($s->judges_teams_id);
|
||||
|
||||
@ -293,8 +293,8 @@ function countwords()
|
||||
<?
|
||||
// ###### Feature Specific - filtering divisions by category
|
||||
if ($config['filterdivisionbycategory'] == 'yes') {
|
||||
$q = $pdo->prepare('SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=' . $projectcategories_id . " AND projectdivisions.year='" . $config['FAIRYEAR'] . "' AND projectcategoriesdivisions_link.year='" . $config['FAIRYEAR'] . "' ORDER BY division");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare('SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=? AND projectdivisions.year=? AND projectcategoriesdivisions_link.year=? ORDER BY division');
|
||||
$q->execute([$projectcategories_id,$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
// ###
|
||||
} else
|
||||
|
||||
@ -56,20 +56,20 @@ if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
|
||||
$val = get_value_from_array($_POST, 'exhibitordeclaration');
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :useex, `text` = :text WHERE name = 'exhibitordeclaration'");
|
||||
$stmt->bindParam(':useex', $useex);
|
||||
$stmt->bindParam(':text', $val);
|
||||
$stmt->execute();
|
||||
$stmt->bindParam(':useex', '?');
|
||||
$stmt->bindParam(':text', '?');
|
||||
$stmt->execute([$useex,$val]);
|
||||
|
||||
$val = get_value_from_array($_POST, 'exhibitordeclaration');
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :usepg, `text` = :text WHERE name = 'parentdeclaration'");
|
||||
$stmt->bindParam(':usepg', $usepg);
|
||||
$stmt->bindParam(':text', $val);
|
||||
$stmt->execute();
|
||||
$stmt->bindParam(':usepg', '?');
|
||||
$stmt->bindParam(':text', '?');
|
||||
$stmt->execute([$usepg,$val]);
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='" . get_value_from_array($_POST, 'postamble') . "' WHERE name='postamble'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`=?, `text`=? WHERE name='postamble'");
|
||||
$stmt->execute([$usepa,get_value_from_array($_POST, 'postamble')]);
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`=?, `text`='' WHERE name='regfee'");
|
||||
$stmt->execute([$userf]);
|
||||
echo happy(i18n("$sentence_begin_participationform text successfully saved"));
|
||||
}
|
||||
|
||||
|
||||
@ -41,17 +41,17 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'projectdivisions_id') && get_value_from_array($_POST, 'subdivision')) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Sub-Division ID %1 already exists', array($_POST['id'])));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectsubdivisions SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "projectdivisions_id='" . $_POST['projectdivisions_id'] . "', "
|
||||
. "subdivision='" . stripslashes($_POST['subdivision']) . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "'");
|
||||
$stmt->execute();
|
||||
. "id=?, "
|
||||
. "projectdivisions_id=?, "
|
||||
. "subdivision=?"
|
||||
. "WHERE id=?");
|
||||
$stmt->execute([$_POST['id'],$_POST['projectdivisions_id'],stripslashes($_POST['subdivision']),$_POST['saveid']]);
|
||||
echo happy(i18n('Sub-Division successfully saved'));
|
||||
}
|
||||
} else {
|
||||
@ -69,8 +69,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
} else
|
||||
$newid = $_POST['id'];
|
||||
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$newid,$config['FAIRYEAR']]);
|
||||
if ($q->rowCount()) {
|
||||
echo error(i18n('Sub-Division ID %1 already exists', array($newid)));
|
||||
} else {
|
||||
@ -88,8 +88,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
}
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='" . $_GET['remove'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id=?");
|
||||
$stmt->execute([$_GET['remove']]);
|
||||
echo happy(i18n('Sub-Division successfully removed'));
|
||||
}
|
||||
|
||||
@ -111,8 +111,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
$divisionr = array();
|
||||
if (get_value_from_array($_GET, 'action') == 'edit') {
|
||||
echo '<input type="hidden" name="saveid" value="' . get_value_from_array($_GET, 'edit') . "\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='" . get_value_from_array($_GET, 'edit') . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([get_value_from_array($_GET, 'edit'),$config['FAIRYEAR']]);
|
||||
$divisionr = $q->fetch(PDO::FETCH_OBJ);
|
||||
$buttontext = 'Save';
|
||||
} else if ($_GET['action'] == 'new') {
|
||||
@ -121,8 +121,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo '<tr>';
|
||||
echo ' <td>';
|
||||
echo '<select name="projectdivisions_id">';
|
||||
$dq = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY division");
|
||||
$dq->execute();
|
||||
$dq = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY division");
|
||||
$dq->execute([$config['FAIRYEAR']]);
|
||||
while ($dr = $dq->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($dr->id == $divisionr->projectdivisions_id)
|
||||
$sel = 'selected="selected"';
|
||||
@ -146,12 +146,12 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
projectsubdivisions,
|
||||
projectdivisions
|
||||
WHERE
|
||||
projectsubdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
projectsubdivisions.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND projectsubdivisions.projectdivisions_id=projectdivisions.id
|
||||
ORDER BY
|
||||
division,subdivision");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
|
||||
@ -46,8 +46,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
if (get_value_from_array($_POST, 'specialconfig')) {
|
||||
foreach ($_POST['specialconfig'] as $key => $val) {
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='" . stripslashes($val) . "' WHERE year='0' AND var='$key'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE year='0' AND var=?");
|
||||
$stmt->execute([stripslashes($val),$key]);
|
||||
}
|
||||
}
|
||||
message_push(happy(i18n('Configuration successfully saved')));
|
||||
|
||||
@ -3,16 +3,16 @@ function db_update_111_post()
|
||||
{
|
||||
global $config, $pdo;
|
||||
// grab the index page
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
if (!$q->rowCount()) {
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='-1'");
|
||||
$q->execute();
|
||||
}
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
// insert it into the CMS under index.html
|
||||
$stmt = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html','$r->lastupdate','$r->lang','" . $r->text . "','1')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html',?,?,?,'1')");
|
||||
$stmt->execute([$r->lastupdate,$r->lang,$r->text]);
|
||||
}
|
||||
// and remove it from the pagetext
|
||||
$stmt = $pdo->prepare("DELETE FROM pagetext WHERE textname='index'");
|
||||
|
||||
@ -4,8 +4,8 @@ function db_update_116_post()
|
||||
global $config, $pdo;
|
||||
|
||||
/* Fix the users that have a 0 year */
|
||||
$q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE `users` SET year=? WHERE year=0");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
/* Fix users without a username */
|
||||
@ -25,8 +25,8 @@ function db_update_116_post()
|
||||
$username = '';
|
||||
for ($x = 0; $x < 16; $x++)
|
||||
$username .= $available[rand(0, $len)];
|
||||
$stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET username=? WHERE id=?");
|
||||
$stmt->execute([$username,$r->id]);
|
||||
}
|
||||
|
||||
// okay now finally, there's a chance of duplicates from
|
||||
@ -37,9 +37,9 @@ function db_update_116_post()
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$orig_r = $r;
|
||||
$qq = $pdo->prepare("SELECT * FROM `users` WHERE
|
||||
(`username`='{$r['username']}' OR `email`='{$r['email']}')
|
||||
AND `id`!={$r['id']}");
|
||||
$qq->execute();
|
||||
(`username`=? OR `email`=?)
|
||||
AND `id`!=?");
|
||||
$qq->execute([$r['username'],$r['email'],$r['id']]);
|
||||
if ($qq->rowCount() == 0)
|
||||
continue;
|
||||
|
||||
@ -93,8 +93,8 @@ function db_update_116_post()
|
||||
}
|
||||
if (count($set)) {
|
||||
$query = join(',', $set);
|
||||
$stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `users` SET ? WHERE id=?");
|
||||
$stmt->execute([$query,$r['id']]);
|
||||
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
|
||||
}
|
||||
|
||||
@ -104,13 +104,13 @@ function db_update_116_post()
|
||||
|
||||
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
|
||||
/* Delete the dupe */
|
||||
$stmt = $pdo->prepare("DELETE FROM `users` $where_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM `users` ?");
|
||||
$stmt->execute([$where_id]);
|
||||
/* Update volunteer linkage */
|
||||
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`=? ?");
|
||||
$stmt->execute([$r['id'],$where_users_id]);
|
||||
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`=? ?");
|
||||
$stmt->execute([$r['id'],$where_users_id]);
|
||||
|
||||
echo "done with this user.\n";
|
||||
}
|
||||
@ -120,9 +120,9 @@ function db_update_116_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
|
||||
VALUES ('{$i->id}','yes','{$i->complete}')");
|
||||
VALUES (?,'yes',?)");
|
||||
|
||||
$stmt->execute();
|
||||
$stmt->execute([$i->id,$i->complete]);
|
||||
}
|
||||
|
||||
/* Update any remaining volunteer entries */
|
||||
@ -130,9 +130,9 @@ function db_update_116_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("UPDATE users_volunteer
|
||||
SET volunteer_complete='{$i->complete}'
|
||||
WHERE users_id='{$i->id}'");
|
||||
$stmt->execute();
|
||||
SET volunteer_complete=?
|
||||
WHERE users_id=?");
|
||||
$stmt->execute([$i->complete,$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -142,8 +142,8 @@ function db_update_116_post()
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("UPDATE users_committee
|
||||
SET committee_active='yes'
|
||||
WHERE users_id='{$i->id}'");
|
||||
$stmt->execute();
|
||||
WHERE users_id=?");
|
||||
$stmt->execute([$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -196,8 +196,8 @@ function db_update_116_post()
|
||||
$updateexclude = array('id', 'uid', 'types', 'username', 'password', 'passwordset', 'oldpassword', 'year', 'created', 'lastlogin', 'firstaid', 'cpr', 'deleted', 'deleteddatetime');
|
||||
|
||||
// check if a user already exists with this username
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username='" . $j->email . "' OR email='" . $j->email . "') AND year='$j->year'");
|
||||
$uq->execute();
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username? OR email=?) AND year=?");
|
||||
$uq->execute([$j->email,$j->email,$j->year]);
|
||||
if ($j->email && $ur = $uq->fetch(PDO::FETCH_OBJ)) {
|
||||
$id = $ur->id;
|
||||
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
|
||||
@ -208,9 +208,9 @@ function db_update_116_post()
|
||||
$sqlset .= "`$f`='" . $j->$f . "', ";
|
||||
}
|
||||
}
|
||||
$sql = "UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='" . $j->email . "' WHERE id='$id'";
|
||||
$sql = "UPDATE users SET ? `types`=?,judge',`username`=? WHERE id=?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$sqlset,$ur->types,$j->email,$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo " Updated user record with judge info, but only merged:\n";
|
||||
echo " ($sqlset)\n";
|
||||
@ -218,14 +218,14 @@ function db_update_116_post()
|
||||
/* Insert the judge */
|
||||
$fields = '`' . join('`,`', array_keys($u)) . '`';
|
||||
$vals = "'" . join("','", array_values($u)) . "'";
|
||||
$q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO users (?) VALUES (?)");
|
||||
$q->execute([$fields,$vals]);
|
||||
$id = $pdo->lastInsertId();
|
||||
|
||||
if ($map[$j->id]['uid'] == '') {
|
||||
$map[$j->id]['uid'] = $id;
|
||||
$q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE users SET `uid`=? WHERE id=?");
|
||||
$q->execute([$id,$id]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -246,8 +246,8 @@ function db_update_116_post()
|
||||
// $j->attending_lunch,
|
||||
|
||||
/* catprefs */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id=? AND year=?");
|
||||
$q->execute([$j->id,$j->year]);
|
||||
$catpref = array();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$catpref[$i->projectcategories_id] = $i->rank;
|
||||
@ -256,8 +256,8 @@ function db_update_116_post()
|
||||
$uj['cat_prefs'] = serialize($catpref);
|
||||
|
||||
/* divprefs and subdivision prefs */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id=? AND year=?");
|
||||
$q->execute([$j->id,$j->year]);
|
||||
$divpref = array();
|
||||
$divsubpref = array();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -270,8 +270,8 @@ function db_update_116_post()
|
||||
$uj['divsub_prefs'] = serialize($divsubpref);
|
||||
|
||||
/* languages */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id=?");
|
||||
$q->execute([$j->id]);
|
||||
$langs = array();
|
||||
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -291,8 +291,8 @@ function db_update_116_post()
|
||||
'willing_chair' => 'Willing Chair');
|
||||
foreach ($qmap as $field => $head) {
|
||||
/* Find the question ID */
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE year=? AND db_heading=?");
|
||||
$q->execute([$j->year,$head]);
|
||||
if ($q->rowCount() == 0) {
|
||||
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
|
||||
continue;
|
||||
@ -302,10 +302,10 @@ function db_update_116_post()
|
||||
|
||||
/* Now find the answer */
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE
|
||||
year='{$j->year}' AND
|
||||
registrations_id='{$j->id}' AND
|
||||
questions_id='{$i->id}'");
|
||||
$q->execute();
|
||||
year=? AND
|
||||
registrations_id=? AND
|
||||
questions_id=?");
|
||||
$q->execute([$j->year,$j->id,$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
if ($q->rowCount() == 0) {
|
||||
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
|
||||
@ -319,8 +319,8 @@ function db_update_116_post()
|
||||
|
||||
$fields = '`' . join('`,`', array_keys($uj)) . '`';
|
||||
$vals = "'" . join("','", array_values($uj)) . "'";
|
||||
$q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO users_judge (?) VALUES (?)");
|
||||
$q->execute([$fields,$vals]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
/*
|
||||
@ -329,24 +329,24 @@ function db_update_116_post()
|
||||
*/
|
||||
|
||||
/* judges_teams_link */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$jtl[$i->id] = $id;
|
||||
|
||||
/* judges_specialawards_sel */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$jsal[$i->id] = $id;
|
||||
|
||||
/* question_answers */
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$qa[$i->id] = $id;
|
||||
@ -355,21 +355,21 @@ function db_update_116_post()
|
||||
/* Now write back the judge ids */
|
||||
if (count($jtl)) {
|
||||
foreach ($jtl as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
if (count($jsal)) {
|
||||
foreach ($jsal as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
if (count($qa)) {
|
||||
foreach ($qa as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE question_answers SET registrations_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@ -9,20 +9,20 @@ function db_update_117_post()
|
||||
'willing_chair' => 'Willing Chair');
|
||||
|
||||
foreach ($qmap as $field => $head) {
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE db_heading='{$head}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE db_heading=?");
|
||||
$q->execute([$head]);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$id = $i->id;
|
||||
|
||||
/* Drop all answers for this question */
|
||||
$stmt = $pdo->prepare("DELETE FROM question_answers
|
||||
WHERE questions_id='$id'");
|
||||
$stmt->execute();
|
||||
WHERE questions_id=?");
|
||||
$stmt->execute([$id]);
|
||||
}
|
||||
|
||||
/* Now dump the question itself */
|
||||
$stmt = $pdo->prepare("DELETE FROM questions
|
||||
WHERE id='$id'");
|
||||
$stmt->execute();
|
||||
WHERE id=?");
|
||||
$stmt->execute([$id]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,8 +23,8 @@ function db_update_118_post()
|
||||
$active = 'yes';
|
||||
}
|
||||
// see if a user exists with this email
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username='" . $r->email . "' OR email='" . $r->email . "') ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
|
||||
$uq->execute();
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username=? OR email=?) ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
|
||||
$uq->execute([ $r->email,$r->email]);
|
||||
if ($r->email && $ur = $uq->fetch(PDO::FETCH_OBJ)) {
|
||||
$user_id = $ur->id;
|
||||
echo "Using existing users.id=$user_id for award_contacts.id=$r->id because email address ($r->email) matches\n";
|
||||
@ -37,9 +37,9 @@ function db_update_118_post()
|
||||
$sqlset .= "`$f`='" . $r->$f . "', ";
|
||||
}
|
||||
}
|
||||
$sql = "UPDATE users SET $sqlset `types`='{$ur->types},sponsor' WHERE id='$user_id'";
|
||||
$sql = "UPDATE users SET ? `types`=?,sponsor' WHERE id=?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$sqlset,$ur->types,$user_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo " Updated user record\n";
|
||||
} else {
|
||||
@ -70,8 +70,8 @@ function db_update_118_post()
|
||||
|
||||
$user_id = $pdo->lastInsertId();
|
||||
// and link it to themselves as a starting record
|
||||
$stmt = $pdo->prepare("UPDATE users SET uid='$user_id' WHERE id='$user_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET uid=? WHERE id=?");
|
||||
$stmt->execute([$user_id,$user_id]);
|
||||
echo "Creating new users.id=$user_id for award_contacts.id=$r->id\n";
|
||||
}
|
||||
|
||||
|
||||
@ -4,8 +4,8 @@ function db_update_122_post()
|
||||
{
|
||||
global $config, $pdo;
|
||||
$year = $config['FAIRYEAR'];
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=?");
|
||||
$q->execute([$year]);
|
||||
$round = array();
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$type = $r['type'];
|
||||
@ -27,21 +27,21 @@ function db_update_122_post()
|
||||
|
||||
foreach ($round as $type => $d) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
|
||||
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
|
||||
$stmt->execute();
|
||||
VALUES ('0',?,?,?,?,?)");
|
||||
$stmt->execute([$type,$d['date'],$d['starttime'],$d['endtime'],$year]);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
|
||||
round_id='$round_id', type='timeslot'
|
||||
round_id=?, type='timeslot'
|
||||
|
||||
WHERE type='$type' AND year='$year'");
|
||||
$stmt->execute();
|
||||
WHERE type=? AND year=?");
|
||||
$stmt->execute([$round_id,$type,$year]);
|
||||
/* Undo the set we just did to the round we just inserted */
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
|
||||
round_id='0',type='$type'
|
||||
round_id='0',type=?
|
||||
|
||||
WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
WHERE id=?");
|
||||
$stmt->execute([$type,$round_id]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -26,9 +26,9 @@ function db_update_129_pre()
|
||||
$stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
|
||||
`url`,`website`,`username`,`password`,`enable_stats`,
|
||||
`enable_awards`,`enable_winners`) VALUES (
|
||||
'', '$name', '', 'ysf', '$url', '$web',
|
||||
'$username','$password','no','$en','$en')");
|
||||
$stmt->execute();
|
||||
'',?, '', 'ysf',?,?,
|
||||
?,?,'no',?,?)");
|
||||
$stmt->execute([$name,$url,$web,$username,$password,$en,$en]);
|
||||
|
||||
/* Link the fair to the user */
|
||||
$u['fairs_id'] = $pdo->lastInsertId();
|
||||
@ -48,9 +48,9 @@ function db_update_129_pre()
|
||||
if (!in_array($old_id, $keys))
|
||||
continue;
|
||||
|
||||
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
|
||||
WHERE id='{$r['id']}'");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id=?
|
||||
WHERE id=?");
|
||||
$qq->execute([$source_map[$old_id],$r['id']]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -240,8 +240,8 @@ function db129_user_set_password($id, $password = NULL)
|
||||
/* pass $u by reference so we can update it */
|
||||
$save_old = false;
|
||||
if ($password == NULL) {
|
||||
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id=?");
|
||||
$q->execute([$id]);
|
||||
$u = $q->fetch(PDO::FETCH_ASSOC);
|
||||
/* Generate a new password */
|
||||
$password = db129_user_generate_password(12);
|
||||
@ -260,9 +260,9 @@ function db129_user_set_password($id, $password = NULL)
|
||||
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||
$set .= "password='$p', passwordset=$save_set ";
|
||||
|
||||
$query = "UPDATE users SET $set WHERE id='$id'";
|
||||
$query = "UPDATE users SET ? WHERE id=?";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$set,$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
return $password;
|
||||
|
||||
@ -5,8 +5,8 @@ function db_update_81_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$asid = $i->award_sponsors_id;
|
||||
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id=? LIMIT 1");
|
||||
$stmt->execute([$asid]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@ -40,10 +40,10 @@ function db_update_87_post()
|
||||
}
|
||||
}
|
||||
if ($newval != false) {
|
||||
$query = "UPDATE users SET passwordset=$newval WHERE id='$id'";
|
||||
$query = "UPDATE users SET passwordset=? WHERE id=?";
|
||||
echo "$query\n";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$newval,$id]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,8 +38,8 @@ $r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$config = array('FAIRYEAR' => $r->val);
|
||||
|
||||
/* Load config just in case there's a PHP script that wants it */
|
||||
$q = $pdo->prepare("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM config WHERE year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$config[$r->var] = $r->val;
|
||||
|
||||
@ -129,8 +129,8 @@ if ($dbcodeversion && $dbdbversion) {
|
||||
}
|
||||
|
||||
echo "\nAll done - updating new DB version to $dbcodeversion\n";
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='DBVERSION' AND year='0'");
|
||||
$stmt->execute([$dbcodeversion]);
|
||||
}
|
||||
} else {
|
||||
echo "ERROR: dbcodeversion and dbdbversion are not defined\n";
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user