arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

use prepare statements for 2 school files,1 report file, awards and communication where possible

Browse Source
This commit is contained in:
Muad Sakah 2025-02-07 04:01:10 +00:00
parent e3d16a4c57
commit 4670885509
5 changed files with 78 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
admin/award_awardcreatedivisional.php
View File

@ -109,15 +109,11 @@ if ($r->num) {
echo i18n('Creating %1 - %2', array($c_category, $d_division)) . '<br />';
$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
?,
'1',
?-?,
?,
?,
?
)");
$q->execute([$_GET['sponsors_id'],$c_category,$d_division,i18n('Best %1 projects in the %2 division', array($c_category, $d_division)),$ord, $config['FAIRYEAR']]);
$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id, award_types_id, name, criteria, `order`, year)
VALUES (?, '1', ?, ?, ?, ?)");
$q->execute([$_GET['sponsors_id'], i18n('Best %1 projects in the %2 division', [$c_category, $d_division]),
$c_category, $ord, $config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$award_awards_id = $pdo->lastInsertId();

4
admin/communication.php
View File

@ -668,8 +668,8 @@ case 'dialog_sender':
case 'loadaddresses':
if ($_GET['query'] && array_key_exists($_GET['query'], $mailqueries)) {
$q = $pdo->prepare('?');
$q->execute([$mailqueries[$_GET['query']]['query']]);
$q = $pdo->prepare($mailqueries[$_GET['query']]['query']);
$q->execute();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
if ($r->organization)
$s = "($r->organization) ";

8
admin/reports_acscript.php
View File

@ -81,10 +81,10 @@ $q = $pdo->prepare("SELECT
sponsors
WHERE
award_awards.year=?
AND\taward_types.year=?
AND\taward_awards.award_types_id=award_types.id
AND\taward_awards.sponsors_id=sponsors.id
AND\taward_awards.excludefromac='0'
AND award_types.year=?
AND award_awards.award_types_id=award_types.id
AND award_awards.sponsors_id=sponsors.id
AND award_awards.excludefromac='0',
?
ORDER BY awards_order");
$q->execute([$foryear,$foryear,$awardtype]);

79
admin/schools.php
View File

@ -154,37 +154,54 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
user_save($sh);
}
$exec = 'UPDATE schools SET '
. "school=?, "
. "schoollang=?, "
. "designate=?, "
. "schoollevel=?, "
. "school=?, "
. "board=?, "
. "district=?, "
. "address=?, "
. "city=?, "
. "province_code=?, "
. "postalcode=?, "
. "schoolemail=?, "
. "phone=?, "
. "fax=?, "
. "registration_password=?, "
. "projectlimit=?, "
. "projectlimitper=?, "
. "accesscode=?, "
. "? ?"
. "atrisk=?"
. "WHERE id=?";
$stmt = $pdo->prepare($exec);
$stmt->execute([get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'schoollang'),get_value_from_array($_POST, 'schooldesignate'),get_value_from_array($_POST, 'schoollevel'),
get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'board'),get_value_from_array($_POST, 'district'),
get_value_from_array($_POST, 'address'),get_value_from_array($_POST, 'city'),get_value_from_array($_POST, 'province_code'),
get_value_from_array($_POST, 'postalcode'),get_value_from_array($_POST, 'schoolemail'),get_value_from_array($_POST, 'phone'),
get_value_from_array($_POST, 'fax'),get_value_from_array($_POST, 'registration_password'),get_value_from_array($_POST, 'projectlimit'),
get_value_from_array($_POST, 'projectlimitper'),get_value_from_array($_POST, 'accesscode'),$sciencehead_update,$principal_update,
$atrisk,$id]);
show_pdo_errors_if_any($pdo);
$exec = 'UPDATE schools SET
school=?,
schoollang=?,
designate=?,
schoollevel=?,
board=?,
district=?,
address=?,
city=?,
province_code=?,
postalcode=?,
schoolemail=?,
phone=?,
fax=?,
registration_password=?,
projectlimit=?,
projectlimitper=?,
accesscode=?,
sciencehead=?,
principal=?,
atrisk=?
WHERE id=?';
$stmt = $pdo->prepare($exec);
$stmt->execute([
get_value_from_array($_POST, 'school'),
get_value_from_array($_POST, 'schoollang'),
get_value_from_array($_POST, 'designate'), // FIXED: Corrected key name
get_value_from_array($_POST, 'schoollevel'),
get_value_from_array($_POST, 'board'),
get_value_from_array($_POST, 'district'),
get_value_from_array($_POST, 'address'),
get_value_from_array($_POST, 'city'),
get_value_from_array($_POST, 'province_code'),
get_value_from_array($_POST, 'postalcode'),
get_value_from_array($_POST, 'schoolemail'),
get_value_from_array($_POST, 'phone'),
get_value_from_array($_POST, 'fax'),
get_value_from_array($_POST, 'registration_password'),
get_value_from_array($_POST, 'projectlimit'),
get_value_from_array($_POST, 'projectlimitper'),
get_value_from_array($_POST, 'accesscode'),
get_value_from_array($_POST, 'sciencehead'), // FIXED: Using function for consistency
get_value_from_array($_POST, 'principal'),
get_value_from_array($_POST, 'atrisk'),
get_value_from_array($_POST, 'id')
]);
if (get_value_from_array($_POST, 'save') == 'add')
$notice = 'added';

38
admin/schoolsimport.php
View File

@ -87,25 +87,25 @@ if (get_value_from_array($_POST, 'action') == 'import') {
user_save($principal);
}
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
'?,
'?,
'?,
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?,
'?,
'?)");
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?)");
$stmt->execute([stripslashes($row[0]),stripslashes($row[1],stripslashes($row[2]),stripslashes($row[3])),
stripslashes($row[4]),stripslashes($row[5]),stripslashes($row[6]),stripslashes($row[7]),stripslashes($row[8]),
stripslashes($row[9]),stripslashes($row[10]),stripslashes($row[14]),stripslashes($row[18]),stripslashes($row[19]),