diff --git a/admin/award_download.php b/admin/award_download.php
index f4deba09..e4e90875 100644
--- a/admin/award_download.php
+++ b/admin/award_download.php
@@ -36,7 +36,7 @@ switch (get_value_from_array($_GET, 'action')) {
$q->execute([$fairs_id]);
$fair = $q->fetch(PDO::FETCH_ASSOC);
if (!($fair['username'] && $fair['password'])) {
- echo error(i18n("Username and Password are not set for source '%1'. Please set them in the SFIAB Configuration/External Award Sources editor first", array($r->name)));
+ echo error(i18n("Username and Password are not set for source '%1'. Please set them in the Science-ation Configuration/External Award Sources editor first", array($r->name)));
return;
}
diff --git a/admin/committees.php b/admin/committees.php
index 28eed071..cb510b3d 100644
--- a/admin/committees.php
+++ b/admin/committees.php
@@ -110,7 +110,7 @@ function actionSubmit()
// Edit
var id = document.forms.memberaction.users_uid.options[document.forms.memberaction.users_uid.selectedIndex];
openeditor(id.value);
-// alert("id="+id.value);
+ alert("id="+id.value);
return false;
}
if(document.forms.memberaction.action.selectedIndex==3) //remove
@@ -123,7 +123,7 @@ function actionSubmit()
//-->
quote($_GET['type']);
+ $type = $_GET['type'];
$q = $pdo->prepare('SELECT * FROM emails WHERE type=?');
$q->execute([$type]);
while ($e = $q->fetch(PDO::FETCH_ASSOC)) {
@@ -161,15 +161,15 @@ case 'email_save':
$subject = iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $subject);
// Now its safe to escape it for the db query
- $name = $pdo->quote(stripslashes($name));
- $description = $pdo->quote(stripslashes($description));
- $from = $pdo->quote(stripslashes($from));
- $subject = $pdo->quote(stripslashes($subject));
- $bodyhtml = $pdo->quote(stripslashes($bodyhtml));
+ $name = stripslashes($name);
+ $description = stripslashes($description);
+ $from = stripslashes($from);
+ $subject = stripslashes($subject);
+ $bodyhtml = stripslashes($bodyhtml);
- $type = $pdo->quote($_POST['type']);
- $key = $pdo->quote($_POST['key']);
- $fcid = $pdo->quote($_POST['fcid']);
+ $type = $_POST['type'];
+ $key = $_POST['key'];
+ $fcid = $_POST['fcid'];
if ($id == 0) {
if ($key && $name) {
@@ -969,7 +969,7 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
echo 'Click here to see the sending progress';
} else {
if (!$config['fairmanageremail'])
- echo notice(i18n("Warning: The 'Fair Manager Email' has not been set in SFIAB Configuration / Configuration Variables / Global. Please set it. The 'Fair Manager Email' is the default 'From' address for all emails and without a 'From' address, no emails can be sent!"));
+ echo notice(i18n("Warning: The 'Fair Manager Email' has not been set in Science-ation Configuration / Configuration Variables / Global. Please set it. The 'Fair Manager Email' is the default 'From' address for all emails and without a 'From' address, no emails can be sent!"));
echo '' . i18n('Email Queue Status and History') . '
';
echo '' . i18n('Add New Email') . '';
diff --git a/admin/registration.php b/admin/registration.php
index cd3c00bd..e20380a1 100644
--- a/admin/registration.php
+++ b/admin/registration.php
@@ -32,7 +32,6 @@ send_header('Participant Registration',
'Administration' => 'admin/index.php'),
'participant_registration');
echo '
';
-echo '' . i18n("Input Received $plural_participationform") . '
';
echo '' . i18n('Registration List and Student/Project Editor') . '
';
echo '' . i18n('Registration Statistics') . '
';
echo '' . i18n('Website Consent') . '
';
diff --git a/admin/reports.inc.php b/admin/reports.inc.php
index accb0335..f230b724 100644
--- a/admin/reports.inc.php
+++ b/admin/reports.inc.php
@@ -385,9 +385,9 @@ foreach($report_stock as $n=>$v) {
`field`,`value`,`x`, `y`, `w`, `h`,
`lines`, `face`, `align`,`valign`,
`fontname`,`fontstyle`,`fontsize`,`on_overflow`)
- VALUES ?");
+ VALUES $q");
- $stmt->execute([$q]);
+ $stmt->execute();
show_pdo_errors_if_any($pdo);
}
diff --git a/admin/user_editor_window.php b/admin/user_editor_window.php
index c14f3825..47a908f2 100644
--- a/admin/user_editor_window.php
+++ b/admin/user_editor_window.php
@@ -135,6 +135,7 @@ if (array_key_exists('username', $_GET)) {
}
$u = user_load($id);
+print_r($u);
$selected = get_value_from_array($_GET, 'tab');
if (!array_key_exists($selected, $tabs)) {
diff --git a/common.inc.php b/common.inc.php
index ceb84a12..3b07d5b5 100644
--- a/common.inc.php
+++ b/common.inc.php
@@ -31,7 +31,7 @@ include_once ('helper.inc.php');
// so we will set it in the code instead just to make sure
error_reporting(E_ALL);
ini_set('log_errors', 'On');
-ini_set('display_errors', 'Off');
+//ini_set('display_errors', 'Off');
// error_reporting( E_ALL ^ E_WARNING );
//error_reporting(E_ALL ^ E_WARNING ^ E_NOTICE ^ E_DEPRECATED);
@@ -672,7 +672,6 @@ function send_popup_header($title = '')
else
$HEADER_SENT = true;
- echo "\n";
?>
@@ -1215,7 +1214,7 @@ function committee_warnings()
// FIXME Clear out Important Dates as part of rollover
if ($r->rollovercheck) {
- echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over."));
+ echo error(i18n("It has been more than 4 months since your fair. In order to prepare the system for the next year's fair, you should go to the Science-ation Configuration page, and click on 'Rollover Fair Year'. Do not start updating the system with new information until the year has been properly rolled over."));
}
$q = $pdo->prepare('SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL
diff --git a/config/award_sources.php b/config/award_sources.php
index b4c0e704..c14171ae 100644
--- a/config/award_sources.php
+++ b/config/award_sources.php
@@ -34,7 +34,7 @@ require ('../tableeditor.class.php');
user_auth_required('committee', 'config');
send_header('External Award Sources Manager',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'external_award_sources');
$editor = new TableEditor('award_sources',
diff --git a/config/backuprestore.php b/config/backuprestore.php
index 9c655ceb..ca7354a3 100644
--- a/config/backuprestore.php
+++ b/config/backuprestore.php
@@ -87,7 +87,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
} else if (get_value_from_array($_POST, 'action') == 'restore') {
echo send_header('Database Backup/Restore',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'backup_restore');
echo i18n('Processing file: %1', array($_FILES['restore']['name'])) . "
\n";
echo "
\n";
@@ -164,7 +164,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
} else if (get_value_from_array($_POST, 'action') == 'restoreproceed') {
echo send_header('Database Backup/Restore',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'backup_restore');
// make sure the filename's good before we used it
@@ -248,7 +248,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
echo send_header('Database Backup/Restore',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'backup_restore');
$stmt = $pdo->prepare('OPTIMIZE TABLE users, users_judge');
@@ -272,7 +272,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
echo send_header('Database Backup/Restore',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'backup_restore');
$stmt = $pdo->prepare('OPTIMIZE TABLE users, users_parent');
@@ -286,7 +286,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
} else {
echo send_header('Database Backup/Restore',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'backup_restore');
// we try to remove temp files every time we load this page, who knows, maybe they navigated away
diff --git a/config/categories.php b/config/categories.php
index 23df2b87..0593f75a 100644
--- a/config/categories.php
+++ b/config/categories.php
@@ -31,12 +31,12 @@ user_auth_required('committee', 'config');
if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
send_header((get_value_from_array($_GET, 'action') == 'edit') ? 'Edit Category' : 'New Category',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php',
+ 'Science-ation Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'), 'project_age_categories');
} else {
send_header('Age Categories',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'), 'project_age_categories');
+ 'Science-ation Configuration' => 'config/index.php'), 'project_age_categories');
}
if (get_value_from_array($_POST, 'action') == 'edit') {
diff --git a/config/dates.php b/config/dates.php
index 58f1c740..1cd88472 100644
--- a/config/dates.php
+++ b/config/dates.php
@@ -29,7 +29,7 @@ require_once ('../helper.inc.php');
user_auth_required('committee', 'config');
send_header('Dates',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'important_dates');
$q = $pdo->prepare("SELECT * FROM dates WHERE year='-1'");
diff --git a/config/divisions.php b/config/divisions.php
index 51f71511..1881f36b 100644
--- a/config/divisions.php
+++ b/config/divisions.php
@@ -33,13 +33,13 @@ $divisionr = null;
if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
send_header(get_value_from_array($_GET, 'action') == 'edit' ? 'Edit Division' : 'New Division',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php',
+ 'Science-ation Configuration' => 'config/index.php',
'Project Divisions' => 'config/divisions.php'),
'project_divisions');
} else {
send_header('Project Divisions',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'project_divisions');
}
diff --git a/config/divisions_cwsf.php b/config/divisions_cwsf.php
index cc68b9c3..80d5f5e2 100644
--- a/config/divisions_cwsf.php
+++ b/config/divisions_cwsf.php
@@ -29,7 +29,7 @@ require_once ('../helper.inc.php');
user_auth_required('committee', 'config');
send_header('CWSF Project Divisions',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'cwsf_project_divisions');
// //// FIX ME!!!!!
diff --git a/config/images.php b/config/images.php
index aff59c6b..209b4988 100644
--- a/config/images.php
+++ b/config/images.php
@@ -28,7 +28,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header('Fair Logo Image',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'images');
if (get_value_from_array($_POST, 'action') == 'addimage') {
diff --git a/config/index.php b/config/index.php
index b72f8f6c..bde5e51b 100644
--- a/config/index.php
+++ b/config/index.php
@@ -29,7 +29,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
-send_header('SFIAB Configuration',
+send_header('Science-ation Configuration',
array('Committee Main' => 'committee_main.php'),
'configuration');
diff --git a/config/judges_questions.php b/config/judges_questions.php
index 8454ea87..a552366b 100644
--- a/config/judges_questions.php
+++ b/config/judges_questions.php
@@ -29,7 +29,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header('Judge Registration Questions',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'judge_registration_questions');
questions_editor('judgereg', $config['FAIRYEAR'], 'question',
diff --git a/config/languagepacks.php b/config/languagepacks.php
index e85b1f0e..c0b97c35 100644
--- a/config/languagepacks.php
+++ b/config/languagepacks.php
@@ -28,7 +28,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header('Language Packs',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'language_pack_installer');
echo i18n("Checking for language packs will access a remote server, if you wish to continue click the 'Check for available language packs' link below");
diff --git a/config/pagetexts.php b/config/pagetexts.php
index 62946565..c010ea78 100644
--- a/config/pagetexts.php
+++ b/config/pagetexts.php
@@ -33,7 +33,7 @@
send_header("Page Texts",
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php')
+ 'Science-ation Configuration' => 'config/index.php')
,"page_texts"
);
@@ -44,7 +44,7 @@
{
foreach($config['languages'] AS $lang=>$langname) {
$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=? and textname=?");
- $q_current->execute([$pdo->quote($config['FAIRYEAR']),$pdo->quote($r->textname)]);
+ $q_current->execute([$config['FAIRYEAR'],$r->textname]);
if ($q_current->rowCount() == 0) {
$q1 = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
@@ -54,8 +54,8 @@
?,
?)");
- $q1->execute([$pdo->quote($r->textname),$pdo->quote($r->textdescription),$pdo->quote($r->text),
- $pdo->quote($config['FAIRYEAR']),$pdo->quote($lang)]);
+ $q1->execute([$r->textname,$r->textdescription,$r->text,
+ $config['FAIRYEAR'],$lang]);
}
}
}
@@ -65,7 +65,7 @@
{
foreach($config['languages'] AS $lang=>$langname) {
$textvar="text_$lang";
- $text=$pdo->quote(stripslashes($_POST[$textvar]));
+ $text=stripslashes($_POST[$textvar]);
$stmt = $pdo->prepare("UPDATE pagetext
SET
@@ -75,7 +75,7 @@
textname=?
AND year=?
AND lang=?");
- $stmt->execute([$text,$pdo->quote($_POST['textname']),$config['FAIRYEAR'],$lang]);
+ $stmt->execute([$text,$_POST['textname'],$config['FAIRYEAR'],$lang]);
}
echo happy(i18n("Page texts successfully saved"));
@@ -101,7 +101,7 @@
if(!$r)
{
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES (?,?,?)");
- $stmt->execute([$pdo->quote($_GET['textname']),$config['FAIRYEAR'],$lang]);
+ $stmt->execute([$_GET['textname'],$config['FAIRYEAR'],$lang]);
show_pdo_errors_if_any($pdo);
}
diff --git a/config/rollover.php b/config/rollover.php
index f394ae1f..454a83b9 100644
--- a/config/rollover.php
+++ b/config/rollover.php
@@ -29,7 +29,7 @@ require_once ('../config_editor.inc.php');
user_auth_required('committee', 'config');
send_header('Year Rollover',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'rollover_fair_year');
?>
diff --git a/config/rolloverfiscal.php b/config/rolloverfiscal.php
index e2a7133c..f3d34d3e 100644
--- a/config/rolloverfiscal.php
+++ b/config/rolloverfiscal.php
@@ -28,7 +28,7 @@ if (array_key_exists('action', $_POST)) {
send_header('Fiscal Year Rollover',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'rollover_fiscal_year');
draw_body();
send_footer();
diff --git a/config/safetyquestions.php b/config/safetyquestions.php
index 05ca0acb..8a98a47f 100644
--- a/config/safetyquestions.php
+++ b/config/safetyquestions.php
@@ -28,7 +28,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header('Safety Questions',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'project_safety_questions');
if (get_value_from_array($_POST, 'action') == 'save' && get_value_from_array($_POST, 'save')) {
if ($_POST['question']) {
diff --git a/config/signaturepage.php b/config/signaturepage.php
index 575d6162..1cb45a1c 100644
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@@ -29,7 +29,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header("$participationform",
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'exhibitor_signature_page');
if (get_value_from_array($_POST, 'action') == 'save') {
diff --git a/config/subdivisions.php b/config/subdivisions.php
index c59f3f14..8d47ae1c 100644
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@@ -29,13 +29,13 @@ user_auth_required('committee', 'config');
if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
send_header(get_value_from_array($_GET, 'action') == 'edit' ? 'Edit Sub-Division' : 'New Sub-Division',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php',
+ 'Science-ation Configuration' => 'config/index.php',
'Project Sub-Divisions' => 'config/subdivisions.php'),
'project_sub_divisions');
} else {
send_header('Project Sub-Divisions',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'project_sub_divisions');
}
diff --git a/config/variables.php b/config/variables.php
index 533a642b..80c04a01 100644
--- a/config/variables.php
+++ b/config/variables.php
@@ -64,7 +64,7 @@ if ($action == 'update') {
send_header('Configuration Variables',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'configuration_variables');
$q = $pdo->prepare('SELECT DISTINCT(category) AS cat FROM config ORDER BY cat');
diff --git a/config/versionchecker.php b/config/versionchecker.php
index f4030aaf..453b7a2b 100644
--- a/config/versionchecker.php
+++ b/config/versionchecker.php
@@ -28,7 +28,7 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'config');
send_header('Version Checker',
array('Committee Main' => 'committee_main.php',
- 'SFIAB Configuration' => 'config/index.php'),
+ 'Science-ation Configuration' => 'config/index.php'),
'new_version_checker');
echo i18n("Checking for new versions will access a remote server, if you wish to continue click the 'Check for new versions' link below");
diff --git a/fair_info.php b/fair_info.php
index 90284a63..68f7fd0b 100644
--- a/fair_info.php
+++ b/fair_info.php
@@ -72,13 +72,13 @@ switch (get_value_from_array($_GET, 'action')) {
$enable_awards = ($_POST['enable_awards'] == 'yes') ? 'yes' : 'no';
$enable_winners = ($_POST['enable_winners'] == 'yes') ? 'yes' : 'no';
- $q = $pdo->prepare("UPDATE contacts SET name =?, abbrv =?, url =?, website=?,
- type=? , username=?,
- password=?,
- enable_stats=?,
- enable_awards=?,
- enable_winners=? WHERE id =?");
- $q->execute([$name, $abbrv, $url, $website, $type, $username, $password, $enable_stats, $enable_awards, $enable_winners, $age, $email, $id]);
+ $q = $pdo->prepare("UPDATE contacts SET name = $name, abbrv = '$abbrv', url = '$url', website='$website',
+ type='$type' , username='$username',
+ password='$password',
+ enable_stats='$enable_stats',
+ enable_awards='$enable_awards',
+ enable_winners='$enable_winners' WHERE id = $id");
+ $q->execute();
$u['fairs_id'] = $id;
user_save($u);
diff --git a/install.php b/install.php
index ac933b1c..21785c40 100644
--- a/install.php
+++ b/install.php
@@ -20,7 +20,6 @@
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
-echo "\n";
?>
diff --git a/install2.php b/install2.php
index 81273eb4..1488ff9a 100644
--- a/install2.php
+++ b/install2.php
@@ -20,7 +20,6 @@
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
-echo "\n";
?>
diff --git a/install3.php b/install3.php
index 57d7c8b7..8c96ce1d 100644
--- a/install3.php
+++ b/install3.php
@@ -20,7 +20,6 @@
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
-echo "\n";
?>
diff --git a/register_participants.php b/register_participants.php
index a07a7c22..71314196 100644
--- a/register_participants.php
+++ b/register_participants.php
@@ -272,7 +272,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
} else if ($config['participant_registration_type'] == 'openorinvite') {
// thats fine too, continue on and create them the account.
} else {
- echo error(i18n('There is an error with the SFIAB configuration. participant_registration_type is not defined. Contact the fair organizers to get this fixed.'));
+ echo error(i18n('There is an error with the Science-ation Configuration. participant_registration_type is not defined. Contact the fair organizers to get this fixed.'));
$allownew = false;
$showform = false;
}
diff --git a/register_participants_safety.php b/register_participants_safety.php
index 7710bbaa..bfbccf50 100644
--- a/register_participants_safety.php
+++ b/register_participants_safety.php
@@ -74,7 +74,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
$safetyids = array_keys($_POST['safety']);
foreach ($safetyids AS $key => $val) {
$stmt = $pdo->prepare('INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (?,?,?,?) ');
- $stmt->execute([$pdo->quote($_SESSION['registration_id']),$pdo->quote($val),$pdo->quote($config['FAIRYEAR']),$pdo->quote(stripslashes($_POST['safety'][$val]))]);
+ $stmt->execute([$_SESSION['registration_id'], $val, $config['FAIRYEAR'], stripslashes($_POST['safety'][$val])]);
show_pdo_errors_if_any($pdo);
}
}
diff --git a/register_participants_students.php b/register_participants_students.php
index 4f9f0abb..f8ea676b 100644
--- a/register_participants_students.php
+++ b/register_participants_students.php
@@ -104,35 +104,29 @@ if (get_value_from_array($_POST, 'action') == 'save') {
}
// INSERT new record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
- $stmt = $pdo->prepare('INSERT INTO students
- (registrations_id, firstname, lastname, pronunciation, sex, email, address, city, county, province,
- postalcode, phone, dateofbirth, grade, schools_id, tshirt, medicalalert, foodreq,
- teachername, teacheremail, year)
- VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
- $stmt->execute([
- $_SESSION['registration_id'],
- stripslashes($_POST['firstname'][$x]),
- stripslashes($_POST['lastname'][$x]),
- stripslashes($_POST['pronunciation'][$x]),
- stripslashes($_POST['sex'][$x]),
- stripslashes($_POST['email'][$x]),
- stripslashes($_POST['address'][$x]),
- stripslashes($_POST['city'][$x]),
- stripslashes($_POST['county'][$x]),
- stripslashes($_POST['province'][$x]),
- stripslashes($_POST['postalcode'][$x]),
- stripslashes($_POST['phone'][$x]),
- $dob,
- stripslashes($_POST['grade'][$x]),
- $schoolvalue,
- stripslashes($_POST['tshirt'][$x]),
- stripslashes($_POST['medicalalert'][$x]),
- stripslashes($_POST['foodreq'][$x]),
- stripslashes($_POST['teachername'][$x]),
- stripslashes($_POST['teacheremail'][$x]),
- $config['FAIRYEAR']
- ]);
-
+ $stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
+ . "'" . $_SESSION['registration_id'] . "', "
+ . "'" . stripslashes($_POST['firstname'][$x]) . "', "
+ . "'" . stripslashes($_POST['lastname'][$x]) . "', "
+ . "'" . stripslashes($_POST['pronunciation'][$x]) . "', "
+ . "'" . stripslashes($_POST['sex'][$x]) . "', "
+ . "'" . stripslashes($_POST['email'][$x]) . "', "
+ . "'" . stripslashes($_POST['address'][$x]) . "', "
+ . "'" . stripslashes($_POST['city'][$x]) . "', "
+ . "'" . stripslashes($_POST['county'][$x]) . "', "
+ . "'" . stripslashes($_POST['province'][$x]) . "', "
+ . "'" . stripslashes($_POST['postalcode'][$x]) . "', "
+ . "'" . stripslashes($_POST['phone'][$x]) . "', "
+ . "'$dob', "
+ . "'" . stripslashes($_POST['grade'][$x]) . "', "
+ . $schoolvalue
+ . "'" . stripslashes($_POST['tshirt'][$x]) . "', "
+ . "'" . stripslashes($_POST['medicalalert'][$x]) . "', "
+ . "'" . stripslashes($_POST['foodreq'][$x]) . "', "
+ . "'" . stripslashes($_POST['teachername'][$x]) . "', "
+ . "'" . stripslashes($_POST['teacheremail'][$x]) . "', "
+ . "'" . $config['FAIRYEAR'] . "')");
+ $stmt->execute();
$students_id = $pdo->lastInsertId();
echo notice(i18n('%1 %2 successfully added', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
@@ -146,50 +140,28 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// UPDATE existing record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
- $stmt = $pdo->prepare('UPDATE students SET
- firstname =?,
- lastname =?,
- pronunciation =?,
- sex =?,
- email =?,
- address =?,
- city =?,
- county =?,
- province=?,
- postalcode =?,
- phone =?,
- dateofbirth =?,
- grade =?,
- $schoolquery
- medicalalert =?,
- foodreq =?,
- teachername =?,
- teacheremail =?,
- tshirt =?
- WHERE id =?');
-
- $stmt->execute([
- stripslashes($_POST['firstname'][$x]),
- stripslashes($_POST['lastname'][$x]),
- stripslashes($_POST['pronunciation'][$x]),
- stripslashes($_POST['sex'][$x]),
- stripslashes($_POST['email'][$x]),
- stripslashes($_POST['address'][$x]),
- stripslashes($_POST['city'][$x]),
- stripslashes($_POST['county'][$x]),
- stripslashes($_POST['province'][$x]),
- stripslashes($_POST['postalcode'][$x]),
- stripslashes($_POST['phone'][$x]),
- $dob,
- stripslashes($_POST['grade'][$x]),
- stripslashes($_POST['medicalalert'][$x]),
- stripslashes($_POST['foodreq'][$x]),
- stripslashes($_POST['teachername'][$x]),
- stripslashes($_POST['teacheremail'][$x]),
- stripslashes($_POST['tshirt'][$x]),
- $students_id
- ]);
-
+ $stmt = $pdo->prepare('UPDATE students SET '
+ . "firstname='" . stripslashes($_POST['firstname'][$x]) . "', "
+ . "lastname='" . stripslashes($_POST['lastname'][$x]) . "', "
+ . "pronunciation='" . stripslashes($_POST['pronunciation'][$x]) . "', "
+ . "sex='" . stripslashes($_POST['sex'][$x]) . "', "
+ . "email='" . stripslashes($_POST['email'][$x]) . "', "
+ . "address='" . stripslashes($_POST['address'][$x]) . "', "
+ . "city='" . stripslashes($_POST['city'][$x]) . "', "
+ . "county='" . stripslashes($_POST['county'][$x]) . "', "
+ . "province='" . stripslashes($_POST['province'][$x]) . "', "
+ . "postalcode='" . stripslashes($_POST['postalcode'][$x]) . "', "
+ . "phone='" . stripslashes($_POST['phone'][$x]) . "', "
+ . "dateofbirth='$dob', "
+ . "grade='" . stripslashes($_POST['grade'][$x]) . "', "
+ . $schoolquery
+ . "medicalalert='" . stripslashes($_POST['medicalalert'][$x]) . "', "
+ . "foodreq='" . stripslashes($_POST['foodreq'][$x]) . "', "
+ . "teachername='" . stripslashes($_POST['teachername'][$x]) . "', "
+ . "teacheremail='" . stripslashes($_POST['teacheremail'][$x]) . "', "
+ . "tshirt='" . stripslashes($_POST['tshirt'][$x]) . "' "
+ . "WHERE id='$students_id'");
+
echo notice(i18n('%1 %2 successfully updated', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
}
/* Update the regfee items link */
diff --git a/user.inc.php b/user.inc.php
index 98214ccb..0e6557f4 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -823,8 +823,8 @@ function user_create($type, $username, $u = NULL)
* Since the user already has a type, user_save won't create this
* entry for us, so do it here
*/
- $stmt = $pdo->prepare('INSERT INTO users_? (users_id) VALUES(?)');
- $stmt->execute([$type, $uid]);
+ $stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES(?)");
+ $stmt->execute([$uid]);
show_pdo_errors_if_any($pdo);
/* Load the complete user */
$u = user_load($uid);
diff --git a/user_personal.php b/user_personal.php
index e33b4ab9..4469542d 100644
--- a/user_personal.php
+++ b/user_personal.php
@@ -87,7 +87,7 @@ $type = $_SESSION['users_type'];
$u = user_load($eid);
-/* Load the fields the user can edit, and theones that are required */
+/* Load the fields the user can edit, and the ones that are required */
$fields = array();
$required = array();
$errorfields = array();
@@ -104,6 +104,7 @@ switch (get_value_from_array($_GET, 'action')) {
if ($users_id != $_SESSION['users_id']) {
user_auth_required('committee', 'admin');
}
+
$u = user_load($users_id);
$save = true;