Rebranding and SQL fixes

2025-02-14 00:19:02 +00:00 · 2025-02-14 00:19:02 +00:00 · 2b687ebc2b
commit 2b687ebc2b
parent 274e6ebda1
34 changed files with 107 additions and 138 deletions
--- a/admin/award_download.php
+++ b/admin/award_download.php
@ -36,7 +36,7 @@ switch (get_value_from_array($_GET, 'action')) {
 		$q->execute([$fairs_id]);
 		$fair = $q->fetch(PDO::FETCH_ASSOC);
 		if (!($fair['username'] && $fair['password'])) {
-			echo error(i18n("Username and Password are not set for source '%1'.  Please set them in the SFIAB Configuration/External Award Sources editor first", array($r->name)));
+			echo error(i18n("Username and Password are not set for source '%1'.  Please set them in the Science-ation Configuration/External Award Sources editor first", array($r->name)));
 			return;
 		}
--- a/admin/committees.php
+++ b/admin/committees.php
@ -110,7 +110,7 @@ function actionSubmit()
 		// Edit
 		var id = document.forms.memberaction.users_uid.options[document.forms.memberaction.users_uid.selectedIndex];
 		openeditor(id.value);
-//		alert("id="+id.value);
+		alert("id="+id.value);
 		return false;
 	}
 	if(document.forms.memberaction.action.selectedIndex==3) //remove
@ -123,7 +123,7 @@ function actionSubmit()
 //-->
 </script>
 <?
-global $uid;
+
 if (get_value_from_array($_POST, 'addcommittee')) {
 	// add a new committee
 	// re-order the committees
--- a/admin/communication.php
+++ b/admin/communication.php
@ -69,7 +69,7 @@ case 'dialog_choose':
 	<select id="comm_dialog_choose_emails_id">
 		<option value="-1">-- <?= i18n('Choose a Communication') ?> --</option>
 	<?
-	$type = $pdo->quote($_GET['type']);
+	$type = $_GET['type'];
 	$q = $pdo->prepare('SELECT * FROM emails WHERE type=?');
 	$q->execute([$type]);
 	while ($e = $q->fetch(PDO::FETCH_ASSOC)) {
@ -161,15 +161,15 @@ case 'email_save':
 	$subject = iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $subject);
 	// Now its safe to escape it for the db query
-	$name = $pdo->quote(stripslashes($name));
+	$name = stripslashes($name);
-	$description = $pdo->quote(stripslashes($description));
+	$description = stripslashes($description);
-	$from = $pdo->quote(stripslashes($from));
+	$from = stripslashes($from);
-	$subject = $pdo->quote(stripslashes($subject));
+	$subject = stripslashes($subject);
-	$bodyhtml = $pdo->quote(stripslashes($bodyhtml));
+	$bodyhtml = stripslashes($bodyhtml);
-	$type = $pdo->quote($_POST['type']);
+	$type = $_POST['type'];
-	$key = $pdo->quote($_POST['key']);
+	$key = $_POST['key'];
-	$fcid = $pdo->quote($_POST['fcid']);
+	$fcid = $_POST['fcid'];
 	if ($id == 0) {
 		if ($key && $name) {
@ -969,7 +969,7 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
 	echo '<a href="communication_send_status.php">Click here to see the sending progress</a>';
 } else {
 	if (!$config['fairmanageremail'])
-		echo notice(i18n("Warning: The 'Fair Manager Email' has not been set in SFIAB Configuration / Configuration Variables / Global.  Please set it.  The 'Fair Manager Email' is the default 'From' address for all emails and without a 'From' address, no emails can be sent!"));
+		echo notice(i18n("Warning: The 'Fair Manager Email' has not been set in Science-ation Configuration / Configuration Variables / Global.  Please set it.  The 'Fair Manager Email' is the default 'From' address for all emails and without a 'From' address, no emails can be sent!"));
 	echo '<a href="communication_send_status.php">' . i18n('Email Queue Status and History') . '</a><br />';
 	echo '<a href="#" onclick="return opencommunicationeditor(null,null,null)">' . i18n('Add New Email') . '</a>';
--- a/admin/registration.php
+++ b/admin/registration.php
@ -32,7 +32,6 @@ send_header('Participant Registration',
        'Administration' => 'admin/index.php'),
    'participant_registration');
 echo '<br />';
 echo '<a href="registration_receivedforms.php">' . i18n("Input Received $plural_participationform") . '</a> <br />';
 echo '<a href="registration_list.php">' . i18n('Registration List and Student/Project Editor') . '</a> <br />';
 echo '<a href="registration_stats.php">' . i18n('Registration Statistics') . '</a> <br />';
 echo '<a href="registration_webconsent.php">' . i18n('Website Consent') . '</a> <br />';
--- a/admin/reports.inc.php
+++ b/admin/reports.inc.php
@ -385,9 +385,9 @@ foreach($report_stock as $n=>$v) {
 				`field`,`value`,`x`, `y`, `w`, `h`,
 				`lines`, `face`, `align`,`valign`,
 				`fontname`,`fontstyle`,`fontsize`,`on_overflow`) 
-			VALUES ?");
+			VALUES $q");
-	$stmt->execute([$q]);
+	$stmt->execute();
 	show_pdo_errors_if_any($pdo);
 }
--- a/admin/user_editor_window.php
+++ b/admin/user_editor_window.php
@ -135,6 +135,7 @@ if (array_key_exists('username', $_GET)) {
 }
 $u = user_load($id);
 print_r($u);
 $selected = get_value_from_array($_GET, 'tab');
 if (!array_key_exists($selected, $tabs)) {
--- a/common.inc.php
+++ b/common.inc.php
@ -31,7 +31,7 @@ include_once ('helper.inc.php');
 // so we will set it in the code instead just to make sure
 error_reporting(E_ALL);
 ini_set('log_errors', 'On');
-ini_set('display_errors', 'Off');
+//ini_set('display_errors', 'Off');
 // error_reporting( E_ALL ^ E_WARNING );
 //error_reporting(E_ALL ^ E_WARNING ^ E_NOTICE ^ E_DEPRECATED);
@ -672,7 +672,6 @@ function send_popup_header($title = '')
 	else
 		$HEADER_SENT = true;
 	echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n";
 	?>
 	<!DOCTYPE html>
 	<html>
@ -1215,7 +1214,7 @@ function committee_warnings()
 	// FIXME Clear out Important Dates as part of rollover
 	if ($r->rollovercheck) {
-		echo error(i18n("It has been more than 4 months since your fair.  In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'.  Do not start updating the system with new information until the year has been properly rolled over."));
+		echo error(i18n("It has been more than 4 months since your fair.  In order to prepare the system for the next year's fair, you should go to the Science-ation Configuration page, and click on 'Rollover Fair Year'.  Do not start updating the system with new information until the year has been properly rolled over."));
 	}
 	$q = $pdo->prepare('SELECT * FROM award_prizes WHERE `external_identifier` IS NOT NULL 
--- a/config/award_sources.php
+++ b/config/award_sources.php
@ -34,7 +34,7 @@ require ('../tableeditor.class.php');
 user_auth_required('committee', 'config');
 send_header('External Award Sources Manager',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'external_award_sources');
 $editor = new TableEditor('award_sources',
--- a/config/backuprestore.php
+++ b/config/backuprestore.php
@ -87,7 +87,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
 } else if (get_value_from_array($_POST, 'action') == 'restore') {
 	echo send_header('Database Backup/Restore',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'backup_restore');
 	echo i18n('Processing file: %1', array($_FILES['restore']['name'])) . "<br />\n";
 	echo "<br />\n";
@ -164,7 +164,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
 } else if (get_value_from_array($_POST, 'action') == 'restoreproceed') {
 	echo send_header('Database Backup/Restore',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'backup_restore');
 	// make sure the filename's good before we used it
@ -248,7 +248,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
 	echo send_header('Database Backup/Restore',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'backup_restore');
 	$stmt = $pdo->prepare('OPTIMIZE TABLE users, users_judge');
@ -272,7 +272,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
 	echo send_header('Database Backup/Restore',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'backup_restore');
 	$stmt = $pdo->prepare('OPTIMIZE TABLE users, users_parent');
@ -286,7 +286,7 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
 } else {
 	echo send_header('Database Backup/Restore',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'backup_restore');
 	// we try to remove temp files every time we load this page, who knows, maybe they navigated away
--- a/config/categories.php
+++ b/config/categories.php
@ -31,12 +31,12 @@ user_auth_required('committee', 'config');
 if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
 	send_header((get_value_from_array($_GET, 'action') == 'edit') ? 'Edit Category' : 'New Category',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php',
+			'Science-ation Configuration' => 'config/index.php',
 			'Age Categories' => 'config/categories.php'), 'project_age_categories');
 } else {
 	send_header('Age Categories',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'), 'project_age_categories');
+			'Science-ation Configuration' => 'config/index.php'), 'project_age_categories');
 }
 if (get_value_from_array($_POST, 'action') == 'edit') {
--- a/config/dates.php
+++ b/config/dates.php
@ -29,7 +29,7 @@ require_once ('../helper.inc.php');
 user_auth_required('committee', 'config');
 send_header('Dates',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'important_dates');
 $q = $pdo->prepare("SELECT * FROM dates WHERE year='-1'");
--- a/config/divisions.php
+++ b/config/divisions.php
@ -33,13 +33,13 @@ $divisionr = null;
 if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
 	send_header(get_value_from_array($_GET, 'action') == 'edit' ? 'Edit Division' : 'New Division',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php',
+			'Science-ation Configuration' => 'config/index.php',
 			'Project Divisions' => 'config/divisions.php'),
 		'project_divisions');
 } else {
 	send_header('Project Divisions',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'project_divisions');
 }
--- a/config/divisions_cwsf.php
+++ b/config/divisions_cwsf.php
@ -29,7 +29,7 @@ require_once ('../helper.inc.php');
 user_auth_required('committee', 'config');
 send_header('CWSF Project Divisions',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'cwsf_project_divisions');
 // //// FIX ME!!!!!
--- a/config/images.php
+++ b/config/images.php
@ -28,7 +28,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header('Fair Logo Image',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'images');
 if (get_value_from_array($_POST, 'action') == 'addimage') {
--- a/config/index.php
+++ b/config/index.php
@ -29,7 +29,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
-send_header('SFIAB Configuration',
+send_header('Science-ation Configuration',
    array('Committee Main' => 'committee_main.php'),
    'configuration');
--- a/config/judges_questions.php
+++ b/config/judges_questions.php
@ -29,7 +29,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header('Judge Registration Questions',
    array('Committee Main' => 'committee_main.php',
-        'SFIAB Configuration' => 'config/index.php'),
+        'Science-ation Configuration' => 'config/index.php'),
    'judge_registration_questions');
 questions_editor('judgereg', $config['FAIRYEAR'], 'question',
--- a/config/languagepacks.php
+++ b/config/languagepacks.php
@ -28,7 +28,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header('Language Packs',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'language_pack_installer');
 echo i18n("Checking for language packs will access a remote server, if you wish to continue click the 'Check for available language packs' link below");
--- a/config/pagetexts.php
+++ b/config/pagetexts.php
@ -33,7 +33,7 @@
 send_header("Page Texts",
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php')
+			'Science-ation Configuration' => 'config/index.php')
            ,"page_texts"
 			);
@ -44,7 +44,7 @@
 {
 	 foreach($config['languages'] AS $lang=>$langname) {
 		$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=? and textname=?");
-		$q_current->execute([$pdo->quote($config['FAIRYEAR']),$pdo->quote($r->textname)]);
+		$q_current->execute([$config['FAIRYEAR'],$r->textname]);
 		if ($q_current->rowCount() == 0) {
 			$q1 = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
@ -54,8 +54,8 @@
 				?,
 				?)");
-			$q1->execute([$pdo->quote($r->textname),$pdo->quote($r->textdescription),$pdo->quote($r->text),
+			$q1->execute([$r->textname,$r->textdescription,$r->text,
-			$pdo->quote($config['FAIRYEAR']),$pdo->quote($lang)]);
+			$config['FAIRYEAR'],$lang]);
 		}
    }
 }
@ -65,7 +65,7 @@
 {
 	 foreach($config['languages'] AS $lang=>$langname) {
 		$textvar="text_$lang";
-		$text=$pdo->quote(stripslashes($_POST[$textvar]));
+		$text=stripslashes($_POST[$textvar]);
 		$stmt = $pdo->prepare("UPDATE pagetext 
 				SET 
@ -75,7 +75,7 @@
 					textname=? 
 					AND year=?
 					AND lang=?");
-		$stmt->execute([$text,$pdo->quote($_POST['textname']),$config['FAIRYEAR'],$lang]);
+		$stmt->execute([$text,$_POST['textname'],$config['FAIRYEAR'],$lang]);
 	}
 	echo happy(i18n("Page texts successfully saved"));
@ -101,7 +101,7 @@
 			if(!$r)
 			{
 					$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES (?,?,?)");
-					$stmt->execute([$pdo->quote($_GET['textname']),$config['FAIRYEAR'],$lang]);
+					$stmt->execute([$_GET['textname'],$config['FAIRYEAR'],$lang]);
 					show_pdo_errors_if_any($pdo);
 			}
--- a/config/rollover.php
+++ b/config/rollover.php
@ -29,7 +29,7 @@ require_once ('../config_editor.inc.php');
 user_auth_required('committee', 'config');
 send_header('Year Rollover',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'rollover_fair_year');
 ?>
--- a/config/rolloverfiscal.php
+++ b/config/rolloverfiscal.php
@ -28,7 +28,7 @@ if (array_key_exists('action', $_POST)) {
 send_header('Fiscal Year Rollover',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'rollover_fiscal_year');
 draw_body();
 send_footer();
--- a/config/safetyquestions.php
+++ b/config/safetyquestions.php
@ -28,7 +28,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header('Safety Questions',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'project_safety_questions');
 if (get_value_from_array($_POST, 'action') == 'save' && get_value_from_array($_POST, 'save')) {
 	if ($_POST['question']) {
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@ -29,7 +29,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header("$participationform",
    array('Committee Main' => 'committee_main.php',
-        'SFIAB Configuration' => 'config/index.php'),
+        'Science-ation Configuration' => 'config/index.php'),
    'exhibitor_signature_page');
 if (get_value_from_array($_POST, 'action') == 'save') {
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@ -29,13 +29,13 @@ user_auth_required('committee', 'config');
 if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GET, 'action') == 'new') {
 	send_header(get_value_from_array($_GET, 'action') == 'edit' ? 'Edit Sub-Division' : 'New Sub-Division',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php',
+			'Science-ation Configuration' => 'config/index.php',
 			'Project Sub-Divisions' => 'config/subdivisions.php'),
 		'project_sub_divisions');
 } else {
 	send_header('Project Sub-Divisions',
 		array('Committee Main' => 'committee_main.php',
-			'SFIAB Configuration' => 'config/index.php'),
+			'Science-ation Configuration' => 'config/index.php'),
 		'project_sub_divisions');
 }
--- a/config/variables.php
+++ b/config/variables.php
@ -64,7 +64,7 @@ if ($action == 'update') {
 send_header('Configuration Variables',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'configuration_variables');
 $q = $pdo->prepare('SELECT DISTINCT(category) AS cat FROM config ORDER BY cat');
--- a/config/versionchecker.php
+++ b/config/versionchecker.php
@ -28,7 +28,7 @@ require_once ('../user.inc.php');
 user_auth_required('committee', 'config');
 send_header('Version Checker',
 	array('Committee Main' => 'committee_main.php',
-		'SFIAB Configuration' => 'config/index.php'),
+		'Science-ation Configuration' => 'config/index.php'),
 	'new_version_checker');
 echo i18n("Checking for new versions will access a remote server, if you wish to continue click the 'Check for new versions' link below");
--- a/fair_info.php
+++ b/fair_info.php
@ -72,13 +72,13 @@ switch (get_value_from_array($_GET, 'action')) {
 		$enable_awards = ($_POST['enable_awards'] == 'yes') ? 'yes' : 'no';
 		$enable_winners = ($_POST['enable_winners'] == 'yes') ? 'yes' : 'no';
-		$q = $pdo->prepare("UPDATE contacts SET name =?, abbrv =?, url =?, website=?,
+		$q = $pdo->prepare("UPDATE contacts SET name = $name, abbrv = '$abbrv', url = '$url', website='$website',
-				type=? , username=?,
+				type='$type' , username='$username',
-				password=?,
+				password='$password',
-				enable_stats=?,
+				enable_stats='$enable_stats',
-				enable_awards=?,
+				enable_awards='$enable_awards',
-				enable_winners=? WHERE id =?");
+				enable_winners='$enable_winners' WHERE id = $id");
-		$q->execute([$name, $abbrv, $url, $website, $type, $username, $password, $enable_stats, $enable_awards, $enable_winners, $age, $email, $id]);
+		$q->execute();
 		$u['fairs_id'] = $id;
 		user_save($u);
--- a/install.php
+++ b/install.php
@ -20,7 +20,6 @@
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
 */
 echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n";
 ?>
 <!DOCTYPE html> 
 <html>
--- a/install2.php
+++ b/install2.php
@ -20,7 +20,6 @@
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
 */
 echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n";
 ?>
 <!DOCTYPE html> 
 <html>
--- a/install3.php
+++ b/install3.php
@ -20,7 +20,6 @@
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
 */
 echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n";
 ?>
 <!DOCTYPE html> 
 <html>
--- a/register_participants.php
+++ b/register_participants.php
@ -272,7 +272,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
 			} else if ($config['participant_registration_type'] == 'openorinvite') {
 				// thats fine too, continue on and create them the account.
 			} else {
-				echo error(i18n('There is an error with the SFIAB configuration.  participant_registration_type is not defined.  Contact the fair organizers to get this fixed.'));
+				echo error(i18n('There is an error with the Science-ation Configuration.  participant_registration_type is not defined.  Contact the fair organizers to get this fixed.'));
 				$allownew = false;
 				$showform = false;
 			}
--- a/register_participants_safety.php
+++ b/register_participants_safety.php
@ -74,7 +74,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
 			$safetyids = array_keys($_POST['safety']);
 			foreach ($safetyids AS $key => $val) {
 				$stmt = $pdo->prepare('INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (?,?,?,?) ');
-				$stmt->execute([$pdo->quote($_SESSION['registration_id']),$pdo->quote($val),$pdo->quote($config['FAIRYEAR']),$pdo->quote(stripslashes($_POST['safety'][$val]))]);
+				$stmt->execute([$_SESSION['registration_id'], $val, $config['FAIRYEAR'], stripslashes($_POST['safety'][$val])]);
 				show_pdo_errors_if_any($pdo);
 			}
 		}
--- a/register_participants_students.php
+++ b/register_participants_students.php
@ -104,35 +104,29 @@ if (get_value_from_array($_POST, 'action') == 'save') {
 				}
 				// INSERT new record
 				$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
-				$stmt = $pdo->prepare('INSERT INTO students 
+				$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
-    (registrations_id, firstname, lastname, pronunciation, sex, email, address, city, county, province, 
+					. "'" . $_SESSION['registration_id'] . "', "
-     postalcode, phone, dateofbirth, grade, schools_id, tshirt, medicalalert, foodreq, 
+					. "'" . stripslashes($_POST['firstname'][$x]) . "', "
-     teachername, teacheremail, year) 
+					. "'" . stripslashes($_POST['lastname'][$x]) . "', "
-    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
+					. "'" . stripslashes($_POST['pronunciation'][$x]) . "', "
-				$stmt->execute([
+					. "'" . stripslashes($_POST['sex'][$x]) . "', "
-					$_SESSION['registration_id'],
+					. "'" . stripslashes($_POST['email'][$x]) . "', "
-					stripslashes($_POST['firstname'][$x]),
+					. "'" . stripslashes($_POST['address'][$x]) . "', "
-					stripslashes($_POST['lastname'][$x]),
+					. "'" . stripslashes($_POST['city'][$x]) . "', "
-					stripslashes($_POST['pronunciation'][$x]),
+					. "'" . stripslashes($_POST['county'][$x]) . "', "
-					stripslashes($_POST['sex'][$x]),
+					. "'" . stripslashes($_POST['province'][$x]) . "', "
-					stripslashes($_POST['email'][$x]),
+					. "'" . stripslashes($_POST['postalcode'][$x]) . "', "
-					stripslashes($_POST['address'][$x]),
+					. "'" . stripslashes($_POST['phone'][$x]) . "', "
-					stripslashes($_POST['city'][$x]),
+					. "'$dob', "
-					stripslashes($_POST['county'][$x]),
+					. "'" . stripslashes($_POST['grade'][$x]) . "', "
-					stripslashes($_POST['province'][$x]),
+					. $schoolvalue
-					stripslashes($_POST['postalcode'][$x]),
+					. "'" . stripslashes($_POST['tshirt'][$x]) . "', "
-					stripslashes($_POST['phone'][$x]),
+					. "'" . stripslashes($_POST['medicalalert'][$x]) . "', "
-					$dob,
+					. "'" . stripslashes($_POST['foodreq'][$x]) . "', "
-					stripslashes($_POST['grade'][$x]),
+					. "'" . stripslashes($_POST['teachername'][$x]) . "', "
-					$schoolvalue,
+					. "'" . stripslashes($_POST['teacheremail'][$x]) . "', "
-					stripslashes($_POST['tshirt'][$x]),
+					. "'" . $config['FAIRYEAR'] . "')");
-					stripslashes($_POST['medicalalert'][$x]),
+				$stmt->execute();
 					stripslashes($_POST['foodreq'][$x]),
 					stripslashes($_POST['teachername'][$x]),
 					stripslashes($_POST['teacheremail'][$x]),
 					$config['FAIRYEAR']
 				]);
 				$students_id = $pdo->lastInsertId();
 				echo notice(i18n('%1 %2 successfully added', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
@ -146,49 +140,27 @@ if (get_value_from_array($_POST, 'action') == 'save') {
 				// UPDATE existing record
 				$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
-				$stmt = $pdo->prepare('UPDATE students SET 
+				$stmt = $pdo->prepare('UPDATE students SET '
-					firstname =?, 
+					. "firstname='" . stripslashes($_POST['firstname'][$x]) . "', "
-					lastname =?, 
+					. "lastname='" . stripslashes($_POST['lastname'][$x]) . "', "
-					pronunciation =?,
+					. "pronunciation='" . stripslashes($_POST['pronunciation'][$x]) . "', "
-					sex =?, 
+					. "sex='" . stripslashes($_POST['sex'][$x]) . "', "
-					email =?, 
+					. "email='" . stripslashes($_POST['email'][$x]) . "', "
-					address =?, 
+					. "address='" . stripslashes($_POST['address'][$x]) . "', "
-					city =?,
+					. "city='" . stripslashes($_POST['city'][$x]) . "', "
-					county =?, 
+					. "county='" . stripslashes($_POST['county'][$x]) . "', "
-					province=?, 
+					. "province='" . stripslashes($_POST['province'][$x]) . "', "
-					postalcode =?, 
+					. "postalcode='" . stripslashes($_POST['postalcode'][$x]) . "', "
-					phone =?, 
+					. "phone='" . stripslashes($_POST['phone'][$x]) . "', "
-					dateofbirth =?,
+					. "dateofbirth='$dob', "
-					grade =?, 
+					. "grade='" . stripslashes($_POST['grade'][$x]) . "', "
-					$schoolquery
+					. $schoolquery
-					medicalalert =?, 
+					. "medicalalert='" . stripslashes($_POST['medicalalert'][$x]) . "', "
-					foodreq =?, 
+					. "foodreq='" . stripslashes($_POST['foodreq'][$x]) . "', "
-					teachername =?,
+					. "teachername='" . stripslashes($_POST['teachername'][$x]) . "', "
-					teacheremail =?, 
+					. "teacheremail='" . stripslashes($_POST['teacheremail'][$x]) . "', "
-					tshirt =? 
+					. "tshirt='" . stripslashes($_POST['tshirt'][$x]) . "' "
-					WHERE id =?');
+					. "WHERE id='$students_id'");
 				$stmt->execute([
 					stripslashes($_POST['firstname'][$x]),
 					stripslashes($_POST['lastname'][$x]),
 					stripslashes($_POST['pronunciation'][$x]),
 					stripslashes($_POST['sex'][$x]),
 					stripslashes($_POST['email'][$x]),
 					stripslashes($_POST['address'][$x]),
 					stripslashes($_POST['city'][$x]),
 					stripslashes($_POST['county'][$x]),
 					stripslashes($_POST['province'][$x]),
 					stripslashes($_POST['postalcode'][$x]),
 					stripslashes($_POST['phone'][$x]),
 					$dob,
 					stripslashes($_POST['grade'][$x]),
 					stripslashes($_POST['medicalalert'][$x]),
 					stripslashes($_POST['foodreq'][$x]),
 					stripslashes($_POST['teachername'][$x]),
 					stripslashes($_POST['teacheremail'][$x]),
 					stripslashes($_POST['tshirt'][$x]),
 					$students_id
 				]);
 				echo notice(i18n('%1 %2 successfully updated', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
 			}
--- a/user.inc.php
+++ b/user.inc.php
@ -823,8 +823,8 @@ function user_create($type, $username, $u = NULL)
 		 * Since the user already has a type, user_save won't create this
 		 * entry for us, so do it here
 		 */
-		$stmt = $pdo->prepare('INSERT INTO users_? (users_id) VALUES(?)');
+		$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES(?)");
-		$stmt->execute([$type, $uid]);
+		$stmt->execute([$uid]);
 		show_pdo_errors_if_any($pdo);
 		/* Load the complete user */
 		$u = user_load($uid);
--- a/user_personal.php
+++ b/user_personal.php
@ -87,7 +87,7 @@ $type = $_SESSION['users_type'];
 $u = user_load($eid);
-/* Load the fields the user can edit, and theones that are required */
+/* Load the fields the user can edit, and the ones that are required */
 $fields = array();
 $required = array();
 $errorfields = array();
@ -104,6 +104,7 @@ switch (get_value_from_array($_GET, 'action')) {
 		if ($users_id != $_SESSION['users_id']) {
 			user_auth_required('committee', 'admin');
 		}
 		$u = user_load($users_id);
 		$save = true;