Fix schools queries

2025-02-14 19:36:57 +00:00 · 2025-02-14 19:36:57 +00:00 · 3a330dcfa7
commit 3a330dcfa7
parent 55753f0bec
1 changed files with 25 additions and 49 deletions
--- a/admin/schools.php
+++ b/admin/schools.php
@ -33,8 +33,8 @@ user_auth_required('committee', 'admin');

 if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POST, 'save') == 'add') {
 	if (get_value_from_array($_POST, 'save') == 'add') {
-		$q = $pdo->prepare('INSERT INTO schools (year) VALUES (?)');
-		$q->execute([$config['FAIRYEAR']]);
+		$q = $pdo->prepare("INSERT INTO schools (year) VALUES ('" . $config['FAIRYEAR'] . "')");
+		$q->execute();
 		$id = $pdo->lastInsertId();
 	} else
 		$id = intval(get_value_from_array($_POST, 'id'));
@ -154,54 +154,30 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
 		user_save($sh);
 	}

-	$exec = 'UPDATE schools SET 
-    school=?, 
-    schoollang=?, 
-    designate=?, 
-    schoollevel=?, 
-    board=?, 
-    district=?, 
-    address=?, 
-    city=?, 
-    province_code=?, 
-    postalcode=?, 
-    schoolemail=?, 
-    phone=?, 
-    fax=?, 
-    registration_password=?, 
-    projectlimit=?, 
-    projectlimitper=?, 
-    accesscode=?, 
-    sciencehead=?, 
-    principal=?, 
-    atrisk=? 
-    WHERE id=?';
-
+	$exec = 'UPDATE schools SET '
+		. "school='" . get_value_from_array($_POST, 'school') . "', "
+		. "schoollang='" . get_value_from_array($_POST, 'schoollang') . "', "
+		. "designate='" . get_value_from_array($_POST, 'schooldesignate') . "', "
+		. "schoollevel='" . get_value_from_array($_POST, 'schoollevel') . "', "
+		. "school='" . get_value_from_array($_POST, 'school') . "', "
+		. "board='" . get_value_from_array($_POST, 'board') . "', "
+		. "district='" . get_value_from_array($_POST, 'district') . "', "
+		. "address='" . get_value_from_array($_POST, 'address') . "', "
+		. "city='" . get_value_from_array($_POST, 'city') . "', "
+		. "province_code='" . get_value_from_array($_POST, 'province_code') . "', "
+		. "postalcode='" . get_value_from_array($_POST, 'postalcode') . "', "
+		. "schoolemail='" . get_value_from_array($_POST, 'schoolemail') . "', "
+		. "phone='" . get_value_from_array($_POST, 'phone') . "', "
+		. "fax='" . get_value_from_array($_POST, 'fax') . "', "
+		. "registration_password='" . get_value_from_array($_POST, 'registration_password') . "', "
+		. "projectlimit='" . get_value_from_array($_POST, 'projectlimit', -1) . "', "
+		. "projectlimitper='" . get_value_from_array($_POST, 'projectlimitper', 1) . "', "
+		. "accesscode='" . get_value_from_array($_POST, 'accesscode') . "', "
+		. $sciencehead_update . $principal_update
+		. "atrisk='$atrisk' "
+		. "WHERE id='$id'";
 	$stmt = $pdo->prepare($exec);
-	$stmt->execute([
-		get_value_from_array($_POST, 'school'),
-		get_value_from_array($_POST, 'schoollang'),
-		get_value_from_array($_POST, 'designate'),  // FIXED: Corrected key name
-		get_value_from_array($_POST, 'schoollevel'),
-		get_value_from_array($_POST, 'board'),
-		get_value_from_array($_POST, 'district'),
-		get_value_from_array($_POST, 'address'),
-		get_value_from_array($_POST, 'city'),
-		get_value_from_array($_POST, 'province_code'),
-		get_value_from_array($_POST, 'postalcode'),
-		get_value_from_array($_POST, 'schoolemail'),
-		get_value_from_array($_POST, 'phone'),
-		get_value_from_array($_POST, 'fax'),
-		get_value_from_array($_POST, 'registration_password'),
-		get_value_from_array($_POST, 'projectlimit'),
-		get_value_from_array($_POST, 'projectlimitper'),
-		get_value_from_array($_POST, 'accesscode'),
-		get_value_from_array($_POST, 'sciencehead'),  // FIXED: Using function for consistency
-		get_value_from_array($_POST, 'principal'),
-		get_value_from_array($_POST, 'atrisk'),
-		get_value_from_array($_POST, 'id')
-	]);
-
+	$stmt->execute();
 	show_pdo_errors_if_any($pdo);

 	if (get_value_from_array($_POST, 'save') == 'add')