forked from science-ation/science-ation
use prepare statements for fundraising section where possible
This commit is contained in:
Muad Sakah
parent
5776e10151
commit
2a8bb8209f
@ -465,9 +465,9 @@ case 'managelist':
|
||||
print_r($_POST);
|
||||
if (is_array($_POST['prospectremovefromlist'])) {
|
||||
$uidlist = implode(',', $_POST['prospectremovefromlist']);
|
||||
$query = "DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=? AND users_uid IN (?)";
|
||||
$query = "DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=? AND users_uid IN ($uidlist)";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute([$campaignid,$uidlist]);
|
||||
$stmt->execute([$campaignid]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
// if theres nobody left in the list we need to reset the filter params as well
|
||||
|
||||
@ -25,23 +25,24 @@ if ($_GET['action'] == 'fundraisingmain') {
|
||||
$typetotal = 0;
|
||||
$typeprobtotal = 0;
|
||||
$sq = $pdo->prepare("
|
||||
SELECT fundraising_donations.id, sponsors.organization AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
|
||||
\t FROM fundraising_donations
|
||||
\t JOIN sponsors ON fundraising_donations.sponsors_id=sponsors.id
|
||||
\t WHERE (fundraising_donations.fundraising_goal=? ?)
|
||||
\t AND fundraising_donations.fiscalyear=?
|
||||
(SELECT fundraising_donations.id, sponsors.organization AS name,
|
||||
fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
|
||||
FROM fundraising_donations
|
||||
JOIN sponsors ON fundraising_donations.sponsors_id = sponsors.id
|
||||
WHERE (fundraising_donations.fundraising_goal = ? OR fundraising_donations.fundraising_goal = ?)
|
||||
AND fundraising_donations.fiscalyear = ?)
|
||||
|
||||
UNION
|
||||
UNION
|
||||
|
||||
SELECT fundraising_donations.id, CONCAT(users.firstname,' ',users.lastname) AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
|
||||
\t FROM fundraising_donations
|
||||
\t JOIN users ON fundraising_donations.users_uid=users.uid
|
||||
\t WHERE (fundraising_donations.fundraising_goal=? ?)
|
||||
\t AND fundraising_donations.fiscalyear=?
|
||||
(SELECT fundraising_donations.id, CONCAT(users.firstname, ' ', users.lastname) AS name,
|
||||
fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
|
||||
FROM fundraising_donations
|
||||
JOIN users ON fundraising_donations.users_uid = users.uid
|
||||
WHERE (fundraising_donations.fundraising_goal = ? OR fundraising_donations.fundraising_goal = ?)
|
||||
AND fundraising_donations.fiscalyear = ?)
|
||||
|
||||
\t ORDER BY status DESC, probability DESC, name
|
||||
");
|
||||
$sq->execute([$r->goal,$orsql,$config['FISCALYEAR'],$r->goal,$orsql,$config['FISCALYEAR']]);
|
||||
ORDER BY status DESC, probability DESC, name");
|
||||
$sq->execute([$r->goal, $orsql, $config['FISCALYEAR'], $r->goal, $orsql, $config['FISCALYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($sr = $sq->fetch(PDO::FETCH_OBJ)) {
|
||||
echo "<tr id=\"sponsorships_$sr->id\" class=\"fundraising{$sr->status}\">";
|
||||
|
||||
@ -46,11 +46,11 @@ if ($id && $type) {
|
||||
}
|
||||
$sql = "SELECT * FROM fundraising_campaigns WHERE fiscalyear=? ";
|
||||
if ($_GET['fundraising_campaigns_id']) {
|
||||
$sql .= " AND id='" . intval($_GET['fundraising_campaigns_id']) . "'";
|
||||
$sql .= " AND id=?";
|
||||
}
|
||||
$sql .= ' ORDER BY name';
|
||||
$q = $pdo->prepare($sql);
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
$q->execute([$config['FISCALYEAR'],intval($_GET['fundraising_campaigns_id'])]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$rep->heading($r->name);
|
||||
@ -128,11 +128,11 @@ if ($id && $type) {
|
||||
}
|
||||
$sql = "SELECT * FROM fundraising_goals WHERE fiscalyear=? ";
|
||||
if ($_GET['goal']) {
|
||||
$sql .= " AND goal='" . $_GET['goal'] . "'";
|
||||
$sql .= " AND goal=?";
|
||||
}
|
||||
$sql .= ' ORDER BY name';
|
||||
$q = $pdo->prepare($sql);
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
$q->execute([$config['FISCALYEAR'],$_GET['goal']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
|
||||
@ -69,11 +69,7 @@ if ($_POST['action'] == 'sponsorshipadd') {
|
||||
$stmt = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES (?,?,?,?,?,?)");
|
||||
$stmt->execute([$sponsors_id,$fundraising_type,$value,$status,$probability,$config['FISCALYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
|
||||
?,
|
||||
NOW(),
|
||||
?,
|
||||
'" . "Created sponsorship: type=?, value=\$?, status=?, probability=?%") . "')";
|
||||
$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (?,NOW(),?, Created sponsorship: type=?, value=\$?, status=?, probability=?%) ");
|
||||
happy_('Added new sponsorship');
|
||||
$stmt->execute([$sponsors_id,$_SESSION['users_id'],$fundraising_type,$value,$status,$probability]);
|
||||
} else
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user