arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix issue with participant registration

Browse Source
This commit is contained in:
patrick 2025-03-06 03:32:21 +00:00
parent b0a737b534
commit 252a9520d6
2 changed files with 41 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common.inc.php
View File

@ -377,7 +377,7 @@ function send_header($title = '', $nav = null, $icon = null, $titletranslated =
</head> </head>
<body> <body>
<link rel="stylesheet" type="text/css" href="http://ws1.postescanada-canadapost.ca/css/addresscomplete-2.50.min.css?key=ej31-je29-tw29-bx75" /><script type="text/javascript" src="http://ws1.postescanada-canadapost.ca/js/addresscomplete-2.50.min.js?key=ej31-je29-tw29-bx75"></script> <link rel="stylesheet" type="text/css" href="https://ws1.postescanada-canadapost.ca/css/addresscomplete-2.50.min.css?key=ej31-je29-tw29-bx75" /><script type="text/javascript" src="https://ws1.postescanada-canadapost.ca/js/addresscomplete-2.50.min.js?key=ej31-je29-tw29-bx75"></script>
<!-- <? <!-- <?
if ($title && !$titletranslated) if ($title && !$titletranslated)
echo i18n($title); echo i18n($title);

80
register_participants_students.php
View File

@ -98,35 +98,35 @@ if (get_value_from_array($_POST, 'action') == 'save') {
$r = $q->fetch(PDO::FETCH_OBJ); $r = $q->fetch(PDO::FETCH_OBJ);
$schools_id = $r->schools_id; $schools_id = $r->schools_id;
$schoolvalue = "'$schools_id', "; $schoolvalue = "$schools_id, ";
} else { } else {
$schoolvalue = "'" . stripslashes($_POST['schools_id'][$x]) . "', "; $schoolvalue = $pdo->quote(stripslashes($_POST['schools_id'][$x])) . ", ";
} }
try { try {
// INSERT new record // INSERT new record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x]; $dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,pronunciation,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (' $stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,pronunciation,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
. "'" . $_SESSION['registration_id'] . "', " . $pdo->quote(stripslashes($_SESSION['registration_id'])) . ", "
. "'" . stripslashes($_POST['firstname'][$x]) . "', " . $pdo->quote(stripslashes($_POST['firstname'][$x])) . ", "
. "'" . stripslashes($_POST['lastname'][$x]) . "', " . $pdo->quote(stripslashes($_POST['lastname'][$x])) . ", "
. "'" . stripslashes($_POST['pronunciation'][$x]) . "', " . $pdo->quote(stripslashes($_POST['pronunciation'][$x])) . ", "
. "'" . stripslashes($_POST['email'][$x]) . "', " . $pdo->quote(stripslashes($_POST['email'][$x])) . ", "
. "'" . stripslashes($_POST['address'][$x]) . "', " . $pdo->quote(stripslashes($_POST['address'][$x])) . ", "
. "'" . stripslashes($_POST['city'][$x]) . "', " . $pdo->quote(stripslashes($_POST['city'][$x])) . ", "
. "'" . stripslashes($_POST['county'][$x]) . "', " . $pdo->quote(stripslashes($_POST['county'][$x])) . ", "
. "'" . stripslashes($_POST['province'][$x]) . "', " . $pdo->quote(stripslashes($_POST['province'][$x])) . ", "
. "'" . stripslashes($_POST['postalcode'][$x]) . "', " . $pdo->quote(stripslashes($_POST['postalcode'][$x])) . ", "
. "'" . stripslashes($_POST['phone'][$x]) . "', " . $pdo->quote(stripslashes($_POST['phone'][$x])) . ", "
. "'$dob', " . $pdo->quote($dob) . ", "
. "'" . stripslashes($_POST['grade'][$x]) . "', " . $pdo->quote(stripslashes($_POST['grade'][$x])) . ", "
. $schoolvalue . $schoolvalue
. "'" . stripslashes($_POST['tshirt'][$x]) . "', " . $pdo->quote(stripslashes($_POST['tshirt'][$x])) . ", "
. "'" . stripslashes($_POST['medicalalert'][$x]) . "', " . $pdo->quote(stripslashes($_POST['medicalalert'][$x])) . ", "
. "'" . stripslashes($_POST['foodreq'][$x]) . "', " . $pdo->quote(stripslashes($_POST['foodreq'][$x])) . ", "
. "'" . stripslashes($_POST['teachername'][$x]) . "', " . $pdo->quote(stripslashes($_POST['teachername'][$x])) . ", "
. "'" . stripslashes($_POST['teacheremail'][$x]) . "', " . $pdo->quote(stripslashes($_POST['teacheremail'][$x])) . ", "
. "'" . $config['FAIRYEAR'] . "')"); . $pdo->quote($config['FAIRYEAR']) . ")");
$stmt->execute(); $stmt->execute();
$students_id = $pdo->lastInsertId(); $students_id = $pdo->lastInsertId();
@ -135,7 +135,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
echo error(i18n('Failed to add student %1 %2. Please ensure all mandatory fields are complete.', array($_POST['firstname'][$x], $_POST['lastname'][$x]))); echo error(i18n('Failed to add student %1 %2. Please ensure all mandatory fields are complete.', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
} }
} else { } else {
// if they use schoolpassword or singlepassword, then we dont need to save teh schools_id because its already set when they inserted the record, and we dont allow them to change their school. // if they use schoolpassword or singlepassword, then we dont need to save the schools_id because its already set when they inserted the record, and we dont allow them to change their school.
if (($config['participant_registration_type'] == 'schoolpassword' || $config['participant_registration_type'] == 'invite') && !$_POST['schools_id'][$x]) { if (($config['participant_registration_type'] == 'schoolpassword' || $config['participant_registration_type'] == 'invite') && !$_POST['schools_id'][$x]) {
$schoolquery = ''; $schoolquery = '';
} else { } else {
@ -146,24 +146,24 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// UPDATE existing record // UPDATE existing record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x]; $dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('UPDATE students SET ' $stmt = $pdo->prepare('UPDATE students SET '
. "firstname='" . stripslashes($_POST['firstname'][$x]) . "', " . "firstname=" . $pdo->quote(stripslashes($_POST['firstname'][$x])) . ", "
. "lastname='" . stripslashes($_POST['lastname'][$x]) . "', " . "lastname=" . $pdo->quote(stripslashes($_POST['lastname'][$x])) . ", "
. "pronunciation='" . stripslashes($_POST['pronunciation'][$x]) . "', " . "pronunciation=" . $pdo->quote(stripslashes($_POST['pronunciation'][$x])) . ", "
. "email='" . stripslashes($_POST['email'][$x]) . "', " . "email=" . $pdo->quote(stripslashes($_POST['email'][$x])) . ", "
. "address='" . stripslashes($_POST['address'][$x]) . "', " . "address=" . $pdo->quote(stripslashes($_POST['address'][$x])) . ", "
. "city='" . stripslashes($_POST['city'][$x]) . "', " . "city=" . $pdo->quote(stripslashes($_POST['city'][$x])) . ", "
. "county='" . stripslashes($_POST['county'][$x]) . "', " . "county=" . $pdo->quote(stripslashes($_POST['county'][$x])) . ", "
. "province='" . stripslashes($_POST['province'][$x]) . "', " . "province=" . $pdo->quote(stripslashes($_POST['province'][$x])) . ", "
. "postalcode='" . stripslashes($_POST['postalcode'][$x]) . "', " . "postalcode=" . $pdo->quote(stripslashes($_POST['postalcode'][$x])) . ", "
. "phone='" . stripslashes($_POST['phone'][$x]) . "', " . "phone=" . $pdo->quote(stripslashes($_POST['phone'][$x])) . ", "
. "dateofbirth='$dob', " . "dateofbirth='$dob', "
. "grade='" . stripslashes($_POST['grade'][$x]) . "', " . "grade=" . $pdo->quote(stripslashes($_POST['grade'][$x])) . ", "
. $schoolquery . $schoolquery
. "medicalalert='" . stripslashes($_POST['medicalalert'][$x]) . "', " . "medicalalert=" . $pdo->quote(stripslashes($_POST['medicalalert'][$x])) . ", "
. "foodreq='" . stripslashes($_POST['foodreq'][$x]) . "', " . "foodreq=" . $pdo->quote(stripslashes($_POST['foodreq'][$x])) . ", "
. "teachername='" . stripslashes($_POST['teachername'][$x]) . "', " . "teachername=" . $pdo->quote(stripslashes($_POST['teachername'][$x])) . ", "
. "teacheremail='" . stripslashes($_POST['teacheremail'][$x]) . "', " . "teacheremail=" . $pdo->quote(stripslashes($_POST['teacheremail'][$x])) . ", "
. "tshirt='" . stripslashes($_POST['tshirt'][$x]) . "' " . "tshirt=" . $pdo->quote(stripslashes($_POST['tshirt'][$x]))
. "WHERE id='$students_id'"); . "WHERE id='$students_id'");
$stmt->execute(); $stmt->execute();
@ -353,7 +353,7 @@ for ($x = 1; $x <= $numtoshow; $x++) {
echo ' <td>' . i18n('Grade') . "</td><td>\n"; echo ' <td>' . i18n('Grade') . "</td><td>\n";
echo "<select name=\"grade[$x]\">\n"; echo "<select name=\"grade[$x]\">\n";
echo '<option value="">' . i18n('Grade') . "</option>\n"; echo '<option value="0">' . i18n('Grade') . "</option>\n";
for ($gr = $config['mingrade']; $gr <= $config['maxgrade']; $gr++) { for ($gr = $config['mingrade']; $gr <= $config['maxgrade']; $gr++) {
if ($studentinfo->grade == $gr) if ($studentinfo->grade == $gr)
$sel = 'selected="selected"'; $sel = 'selected="selected"';
@ -444,7 +444,7 @@ for ($x = 1; $x <= $numtoshow; $x++) {
$schoolq = $pdo->prepare('SELECT id,school,city FROM schools WHERE year=? ORDER by city,school'); $schoolq = $pdo->prepare('SELECT id,school,city FROM schools WHERE year=? ORDER by city,school');
$schoolq->execute([$config['FAIRYEAR']]); $schoolq->execute([$config['FAIRYEAR']]);
echo "<select name=\"schools_id[$x]\">\n"; echo "<select name=\"schools_id[$x]\">\n";
echo '<option value="">' . i18n('Choose School') . "</option>\n"; echo '<option value="0">' . i18n('Choose School') . "</option>\n";
while ($r = $schoolq->fetch(PDO::FETCH_OBJ)) { while ($r = $schoolq->fetch(PDO::FETCH_OBJ)) {
if ($studentinfo->schools_id == $r->id) if ($studentinfo->schools_id == $r->id)
$sel = 'selected="selected"'; $sel = 'selected="selected"';