Fix schools queries

2025-02-14 19:36:57 +00:00 · 2025-02-14 19:36:57 +00:00 · 3a330dcfa7
commit 3a330dcfa7
parent 55753f0bec
1 changed files with 25 additions and 49 deletions
--- a/admin/schools.php
+++ b/admin/schools.php
@ -33,8 +33,8 @@ user_auth_required('committee', 'admin');
 if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POST, 'save') == 'add') {
 	if (get_value_from_array($_POST, 'save') == 'add') {
-		$q = $pdo->prepare('INSERT INTO schools (year) VALUES (?)');
+		$q = $pdo->prepare("INSERT INTO schools (year) VALUES ('" . $config['FAIRYEAR'] . "')");
-		$q->execute([$config['FAIRYEAR']]);
+		$q->execute();
 		$id = $pdo->lastInsertId();
 	} else
 		$id = intval(get_value_from_array($_POST, 'id'));
@ -154,54 +154,30 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
 		user_save($sh);
 	}
-	$exec = 'UPDATE schools SET 
+	$exec = 'UPDATE schools SET '
-    school=?, 
+		. "school='" . get_value_from_array($_POST, 'school') . "', "
-    schoollang=?, 
+		. "schoollang='" . get_value_from_array($_POST, 'schoollang') . "', "
-    designate=?, 
+		. "designate='" . get_value_from_array($_POST, 'schooldesignate') . "', "
-    schoollevel=?, 
+		. "schoollevel='" . get_value_from_array($_POST, 'schoollevel') . "', "
-    board=?, 
+		. "school='" . get_value_from_array($_POST, 'school') . "', "
-    district=?, 
+		. "board='" . get_value_from_array($_POST, 'board') . "', "
-    address=?, 
+		. "district='" . get_value_from_array($_POST, 'district') . "', "
-    city=?, 
+		. "address='" . get_value_from_array($_POST, 'address') . "', "
-    province_code=?, 
+		. "city='" . get_value_from_array($_POST, 'city') . "', "
-    postalcode=?, 
+		. "province_code='" . get_value_from_array($_POST, 'province_code') . "', "
-    schoolemail=?, 
+		. "postalcode='" . get_value_from_array($_POST, 'postalcode') . "', "
-    phone=?, 
+		. "schoolemail='" . get_value_from_array($_POST, 'schoolemail') . "', "
-    fax=?, 
+		. "phone='" . get_value_from_array($_POST, 'phone') . "', "
-    registration_password=?, 
+		. "fax='" . get_value_from_array($_POST, 'fax') . "', "
-    projectlimit=?, 
+		. "registration_password='" . get_value_from_array($_POST, 'registration_password') . "', "
-    projectlimitper=?, 
+		. "projectlimit='" . get_value_from_array($_POST, 'projectlimit', -1) . "', "
-    accesscode=?, 
+		. "projectlimitper='" . get_value_from_array($_POST, 'projectlimitper', 1) . "', "
-    sciencehead=?, 
+		. "accesscode='" . get_value_from_array($_POST, 'accesscode') . "', "
-    principal=?, 
+		. $sciencehead_update . $principal_update
-    atrisk=? 
+		. "atrisk='$atrisk' "
-    WHERE id=?';
+		. "WHERE id='$id'";
 	$stmt = $pdo->prepare($exec);
-	$stmt->execute([
+	$stmt->execute();
 		get_value_from_array($_POST, 'school'),
 		get_value_from_array($_POST, 'schoollang'),
 		get_value_from_array($_POST, 'designate'),  // FIXED: Corrected key name
 		get_value_from_array($_POST, 'schoollevel'),
 		get_value_from_array($_POST, 'board'),
 		get_value_from_array($_POST, 'district'),
 		get_value_from_array($_POST, 'address'),
 		get_value_from_array($_POST, 'city'),
 		get_value_from_array($_POST, 'province_code'),
 		get_value_from_array($_POST, 'postalcode'),
 		get_value_from_array($_POST, 'schoolemail'),
 		get_value_from_array($_POST, 'phone'),
 		get_value_from_array($_POST, 'fax'),
 		get_value_from_array($_POST, 'registration_password'),
 		get_value_from_array($_POST, 'projectlimit'),
 		get_value_from_array($_POST, 'projectlimitper'),
 		get_value_from_array($_POST, 'accesscode'),
 		get_value_from_array($_POST, 'sciencehead'),  // FIXED: Using function for consistency
 		get_value_from_array($_POST, 'principal'),
 		get_value_from_array($_POST, 'atrisk'),
 		get_value_from_array($_POST, 'id')
 	]);
 	show_pdo_errors_if_any($pdo);
 	if (get_value_from_array($_POST, 'save') == 'add')