diff --git a/register_participants.php b/register_participants.php index 8cd4e368..71421cb3 100644 --- a/register_participants.php +++ b/register_participants.php @@ -309,7 +309,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($ $regnum, $_SESSION['email'], 'new', - $schoolidquery, // Ensure $schoolidquery contains a valid integer + $schoolidquery, $config['FAIRYEAR'] ]); diff --git a/register_participants_project.php b/register_participants_project.php index f5ccccd1..c5814e1c 100644 --- a/register_participants_project.php +++ b/register_participants_project.php @@ -104,20 +104,20 @@ if (get_value_from_array($_POST, 'action') == 'save') { } else $shorttitle = stripslashes($_POST['shorttitle']); - $stmt = $pdo->prepare('UPDATE projects SET ' - . "title=?, " - . "shorttitle=?, " - . "projectdivisions_id=?, " - . "projecttype=?, " - . "language=?, " - . "req_table=?, " - . "req_electricity=?, " - . "req_special=?, " - . "human_participants=?, " - . "animal_participants=?, " - . "summary=?, " - . "summarycountok=?" - . "WHERE id=?"); + $stmt = $pdo->prepare('UPDATE projects SET + title=?, + shorttitle=?, + projectdivisions_id=?, + projecttype=?, + language=?, + req_table=?, + req_electricity=?, + req_special=?, + human_participants=?, + animal_participants=?, + summary=?, + summarycountok=? + WHERE id=?'); $stmt->execute([$title,$shorttitle,intval($_POST['projectdivisions_id']),stripslashes($_POST['projecttype']), stripslashes($_POST['language']),stripslashes($_POST['req_table']),stripslashes($_POST['req_electricity']), stripslashes($_POST['req_special']),stripslashes($_POST['human_participants']),stripslashes($_POST['animal_participants']), diff --git a/register_participants_signature_tcpdf.php b/register_participants_signature_tcpdf.php index 2190c848..a8f723ab 100644 --- a/register_participants_signature_tcpdf.php +++ b/register_participants_signature_tcpdf.php @@ -43,18 +43,22 @@ if (get_value_from_array($_GET, 'sample')) { exit; } - $q = $pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname -\t \t\t\tFROM registrations,students - \t \t\tWHERE students.email=? - AND registrations.num=? - AND registrations.id=? - AND students.registrations_id=registrations.id - AND registrations.year=? - AND students.year=?"); - '?=?' ; - $registration_id = $_SESSION['registration_id']; - $q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'], - $config['FAIRYEAR'],$registration_number,$_SESSION['registration_number']]); + $q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname + FROM registrations, students + WHERE students.email=? + AND registrations.num=? + AND registrations.id=? + AND students.registrations_id = registrations.id + AND registrations.year=? + AND students.year=?'); + + $q->execute([ + $_SESSION['email'], + $_SESSION['registration_number'], + $_SESSION['registration_id'], + $config['FAIRYEAR'], + $config['FAIRYEAR'] + ]); show_pdo_errors_if_any($pdo); @@ -86,7 +90,7 @@ if ($_GET['sample']) { $rr->school = 'SampleSchool'; } else { // grab the project info - $q = $pdo->prepare("SELECT projects.*, + $q = $pdo->prepare('SELECT projects.*, projectcategories.category, projectdivisions.division FROM projects @@ -96,11 +100,11 @@ if ($_GET['sample']) { AND projects.year=? AND projectdivisions.year=? AND projectcategories.year=? - "); - $q->execute([$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]); + '); + $q->execute([$_SESSION['registration_id'], $config['FAIRYEAR'], $config['FAIRYEAR'], $config['FAIRYEAR']]); $projectinfo = $q->fetch(PDO::FETCH_OBJ); - $q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?"); + $q = $pdo->prepare('SELECT * FROM students WHERE registrations_id=? AND year=?'); $q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]); while ($si = $q->fetch(PDO::FETCH_OBJ)) $studentinfoarray[] = $si; @@ -117,7 +121,7 @@ $pdf->WriteHTML('

' . i18n('Registration Summary') . '

$students = ''; foreach ($studentinfoarray AS $studentinfo) { if (!$_GET['sample']) { - $qq = $pdo->prepare("SELECT school FROM schools WHERE id=?"); + $qq = $pdo->prepare('SELECT school FROM schools WHERE id=?'); $qq->execute([$studentinfo->schools_id]); $rr = $qq->fetch(PDO::FETCH_OBJ); } diff --git a/register_participants_students.php b/register_participants_students.php index 76fc50f0..61307218 100644 --- a/register_participants_students.php +++ b/register_participants_students.php @@ -109,10 +109,7 @@ if (get_value_from_array($_POST, 'action') == 'save') { (registrations_id, firstname, lastname, pronunciation, sex, email, address, city, county, province, postalcode, phone, dateofbirth, grade, schools_id, tshirt, medicalalert, foodreq, teachername, teacheremail, year) - VALUES (' - . '?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ' - . '?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); - + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); $stmt->execute([ $_SESSION['registration_id'], stripslashes($_POST['firstname'][$x]), @@ -220,7 +217,7 @@ if (get_value_from_array($_GET, 'action') == 'removestudent') { } else { $students_id = intval($_GET['removestudent']); // first make sure this is one belonging to this registration id - $q = $pdo->prepare('SELECT id FROM students WHERE id=? AND registrations_id=/'); + $q = $pdo->prepare('SELECT id FROM students WHERE id=? AND registrations_id=?'); $q->execute([$students_id, $_SESSION['registration_id']]); if ($q->rowCount() == 1) { $stmt = $pdo->prepare('DELETE FROM students WHERE id=? AND registrations_id=?');