diff --git a/admin/schools.php b/admin/schools.php index 125d4cb2..e35321e5 100644 --- a/admin/schools.php +++ b/admin/schools.php @@ -33,8 +33,8 @@ user_auth_required('committee', 'admin'); if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POST, 'save') == 'add') { if (get_value_from_array($_POST, 'save') == 'add') { - $q = $pdo->prepare('INSERT INTO schools (year) VALUES (?)'); - $q->execute([$config['FAIRYEAR']]); + $q = $pdo->prepare("INSERT INTO schools (year) VALUES ('" . $config['FAIRYEAR'] . "')"); + $q->execute(); $id = $pdo->lastInsertId(); } else $id = intval(get_value_from_array($_POST, 'id')); @@ -154,54 +154,30 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS user_save($sh); } - $exec = 'UPDATE schools SET - school=?, - schoollang=?, - designate=?, - schoollevel=?, - board=?, - district=?, - address=?, - city=?, - province_code=?, - postalcode=?, - schoolemail=?, - phone=?, - fax=?, - registration_password=?, - projectlimit=?, - projectlimitper=?, - accesscode=?, - sciencehead=?, - principal=?, - atrisk=? - WHERE id=?'; - + $exec = 'UPDATE schools SET ' + . "school='" . get_value_from_array($_POST, 'school') . "', " + . "schoollang='" . get_value_from_array($_POST, 'schoollang') . "', " + . "designate='" . get_value_from_array($_POST, 'schooldesignate') . "', " + . "schoollevel='" . get_value_from_array($_POST, 'schoollevel') . "', " + . "school='" . get_value_from_array($_POST, 'school') . "', " + . "board='" . get_value_from_array($_POST, 'board') . "', " + . "district='" . get_value_from_array($_POST, 'district') . "', " + . "address='" . get_value_from_array($_POST, 'address') . "', " + . "city='" . get_value_from_array($_POST, 'city') . "', " + . "province_code='" . get_value_from_array($_POST, 'province_code') . "', " + . "postalcode='" . get_value_from_array($_POST, 'postalcode') . "', " + . "schoolemail='" . get_value_from_array($_POST, 'schoolemail') . "', " + . "phone='" . get_value_from_array($_POST, 'phone') . "', " + . "fax='" . get_value_from_array($_POST, 'fax') . "', " + . "registration_password='" . get_value_from_array($_POST, 'registration_password') . "', " + . "projectlimit='" . get_value_from_array($_POST, 'projectlimit', -1) . "', " + . "projectlimitper='" . get_value_from_array($_POST, 'projectlimitper', 1) . "', " + . "accesscode='" . get_value_from_array($_POST, 'accesscode') . "', " + . $sciencehead_update . $principal_update + . "atrisk='$atrisk' " + . "WHERE id='$id'"; $stmt = $pdo->prepare($exec); - $stmt->execute([ - get_value_from_array($_POST, 'school'), - get_value_from_array($_POST, 'schoollang'), - get_value_from_array($_POST, 'designate'), // FIXED: Corrected key name - get_value_from_array($_POST, 'schoollevel'), - get_value_from_array($_POST, 'board'), - get_value_from_array($_POST, 'district'), - get_value_from_array($_POST, 'address'), - get_value_from_array($_POST, 'city'), - get_value_from_array($_POST, 'province_code'), - get_value_from_array($_POST, 'postalcode'), - get_value_from_array($_POST, 'schoolemail'), - get_value_from_array($_POST, 'phone'), - get_value_from_array($_POST, 'fax'), - get_value_from_array($_POST, 'registration_password'), - get_value_from_array($_POST, 'projectlimit'), - get_value_from_array($_POST, 'projectlimitper'), - get_value_from_array($_POST, 'accesscode'), - get_value_from_array($_POST, 'sciencehead'), // FIXED: Using function for consistency - get_value_from_array($_POST, 'principal'), - get_value_from_array($_POST, 'atrisk'), - get_value_from_array($_POST, 'id') - ]); - + $stmt->execute(); show_pdo_errors_if_any($pdo); if (get_value_from_array($_POST, 'save') == 'add')