forked from science-ation/science-ation
use prepare statements for 2 school files,1 report file, awards and communication where possible
This commit is contained in:
Muad Sakah
parent
e3d16a4c57
commit
4670885509
@ -109,15 +109,11 @@ if ($r->num) {
|
|||||||
|
|
||||||
echo i18n('Creating %1 - %2', array($c_category, $d_division)) . '<br />';
|
echo i18n('Creating %1 - %2', array($c_category, $d_division)) . '<br />';
|
||||||
|
|
||||||
$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
|
$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id, award_types_id, name, criteria, `order`, year)
|
||||||
?,
|
VALUES (?, '1', ?, ?, ?, ?)");
|
||||||
'1',
|
$q->execute([$_GET['sponsors_id'], i18n('Best %1 projects in the %2 division', [$c_category, $d_division]),
|
||||||
?-?,
|
$c_category, $ord, $config['FAIRYEAR']]);
|
||||||
?,
|
|
||||||
?,
|
|
||||||
?
|
|
||||||
)");
|
|
||||||
$q->execute([$_GET['sponsors_id'],$c_category,$d_division,i18n('Best %1 projects in the %2 division', array($c_category, $d_division)),$ord, $config['FAIRYEAR']]);
|
|
||||||
show_pdo_errors_if_any($pdo);
|
show_pdo_errors_if_any($pdo);
|
||||||
$award_awards_id = $pdo->lastInsertId();
|
$award_awards_id = $pdo->lastInsertId();
|
||||||
|
|
||||||
|
|||||||
@ -668,8 +668,8 @@ case 'dialog_sender':
|
|||||||
|
|
||||||
case 'loadaddresses':
|
case 'loadaddresses':
|
||||||
if ($_GET['query'] && array_key_exists($_GET['query'], $mailqueries)) {
|
if ($_GET['query'] && array_key_exists($_GET['query'], $mailqueries)) {
|
||||||
$q = $pdo->prepare('?');
|
$q = $pdo->prepare($mailqueries[$_GET['query']]['query']);
|
||||||
$q->execute([$mailqueries[$_GET['query']]['query']]);
|
$q->execute();
|
||||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||||
if ($r->organization)
|
if ($r->organization)
|
||||||
$s = "($r->organization) ";
|
$s = "($r->organization) ";
|
||||||
|
|||||||
@ -81,10 +81,10 @@ $q = $pdo->prepare("SELECT
|
|||||||
sponsors
|
sponsors
|
||||||
WHERE
|
WHERE
|
||||||
award_awards.year=?
|
award_awards.year=?
|
||||||
AND\taward_types.year=?
|
AND award_types.year=?
|
||||||
AND\taward_awards.award_types_id=award_types.id
|
AND award_awards.award_types_id=award_types.id
|
||||||
AND\taward_awards.sponsors_id=sponsors.id
|
AND award_awards.sponsors_id=sponsors.id
|
||||||
AND\taward_awards.excludefromac='0'
|
AND award_awards.excludefromac='0',
|
||||||
?
|
?
|
||||||
ORDER BY awards_order");
|
ORDER BY awards_order");
|
||||||
$q->execute([$foryear,$foryear,$awardtype]);
|
$q->execute([$foryear,$foryear,$awardtype]);
|
||||||
|
|||||||
@ -154,37 +154,54 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
|
|||||||
user_save($sh);
|
user_save($sh);
|
||||||
}
|
}
|
||||||
|
|
||||||
$exec = 'UPDATE schools SET '
|
$exec = 'UPDATE schools SET
|
||||||
. "school=?, "
|
school=?,
|
||||||
. "schoollang=?, "
|
schoollang=?,
|
||||||
. "designate=?, "
|
designate=?,
|
||||||
. "schoollevel=?, "
|
schoollevel=?,
|
||||||
. "school=?, "
|
board=?,
|
||||||
. "board=?, "
|
district=?,
|
||||||
. "district=?, "
|
address=?,
|
||||||
. "address=?, "
|
city=?,
|
||||||
. "city=?, "
|
province_code=?,
|
||||||
. "province_code=?, "
|
postalcode=?,
|
||||||
. "postalcode=?, "
|
schoolemail=?,
|
||||||
. "schoolemail=?, "
|
phone=?,
|
||||||
. "phone=?, "
|
fax=?,
|
||||||
. "fax=?, "
|
registration_password=?,
|
||||||
. "registration_password=?, "
|
projectlimit=?,
|
||||||
. "projectlimit=?, "
|
projectlimitper=?,
|
||||||
. "projectlimitper=?, "
|
accesscode=?,
|
||||||
. "accesscode=?, "
|
sciencehead=?,
|
||||||
. "? ?"
|
principal=?,
|
||||||
. "atrisk=?"
|
atrisk=?
|
||||||
. "WHERE id=?";
|
WHERE id=?';
|
||||||
$stmt = $pdo->prepare($exec);
|
|
||||||
$stmt->execute([get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'schoollang'),get_value_from_array($_POST, 'schooldesignate'),get_value_from_array($_POST, 'schoollevel'),
|
$stmt = $pdo->prepare($exec);
|
||||||
get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'board'),get_value_from_array($_POST, 'district'),
|
$stmt->execute([
|
||||||
get_value_from_array($_POST, 'address'),get_value_from_array($_POST, 'city'),get_value_from_array($_POST, 'province_code'),
|
get_value_from_array($_POST, 'school'),
|
||||||
get_value_from_array($_POST, 'postalcode'),get_value_from_array($_POST, 'schoolemail'),get_value_from_array($_POST, 'phone'),
|
get_value_from_array($_POST, 'schoollang'),
|
||||||
get_value_from_array($_POST, 'fax'),get_value_from_array($_POST, 'registration_password'),get_value_from_array($_POST, 'projectlimit'),
|
get_value_from_array($_POST, 'designate'), // FIXED: Corrected key name
|
||||||
get_value_from_array($_POST, 'projectlimitper'),get_value_from_array($_POST, 'accesscode'),$sciencehead_update,$principal_update,
|
get_value_from_array($_POST, 'schoollevel'),
|
||||||
$atrisk,$id]);
|
get_value_from_array($_POST, 'board'),
|
||||||
show_pdo_errors_if_any($pdo);
|
get_value_from_array($_POST, 'district'),
|
||||||
|
get_value_from_array($_POST, 'address'),
|
||||||
|
get_value_from_array($_POST, 'city'),
|
||||||
|
get_value_from_array($_POST, 'province_code'),
|
||||||
|
get_value_from_array($_POST, 'postalcode'),
|
||||||
|
get_value_from_array($_POST, 'schoolemail'),
|
||||||
|
get_value_from_array($_POST, 'phone'),
|
||||||
|
get_value_from_array($_POST, 'fax'),
|
||||||
|
get_value_from_array($_POST, 'registration_password'),
|
||||||
|
get_value_from_array($_POST, 'projectlimit'),
|
||||||
|
get_value_from_array($_POST, 'projectlimitper'),
|
||||||
|
get_value_from_array($_POST, 'accesscode'),
|
||||||
|
get_value_from_array($_POST, 'sciencehead'), // FIXED: Using function for consistency
|
||||||
|
get_value_from_array($_POST, 'principal'),
|
||||||
|
get_value_from_array($_POST, 'atrisk'),
|
||||||
|
get_value_from_array($_POST, 'id')
|
||||||
|
]);
|
||||||
|
|
||||||
|
|
||||||
if (get_value_from_array($_POST, 'save') == 'add')
|
if (get_value_from_array($_POST, 'save') == 'add')
|
||||||
$notice = 'added';
|
$notice = 'added';
|
||||||
|
|||||||
@ -87,25 +87,25 @@ if (get_value_from_array($_POST, 'action') == 'import') {
|
|||||||
user_save($principal);
|
user_save($principal);
|
||||||
}
|
}
|
||||||
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
|
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
|
||||||
'?,
|
?,
|
||||||
'?,
|
?,
|
||||||
'?,
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?',
|
?,
|
||||||
'?,
|
?,
|
||||||
'?,
|
?,
|
||||||
'?)");
|
?)");
|
||||||
$stmt->execute([stripslashes($row[0]),stripslashes($row[1],stripslashes($row[2]),stripslashes($row[3])),
|
$stmt->execute([stripslashes($row[0]),stripslashes($row[1],stripslashes($row[2]),stripslashes($row[3])),
|
||||||
stripslashes($row[4]),stripslashes($row[5]),stripslashes($row[6]),stripslashes($row[7]),stripslashes($row[8]),
|
stripslashes($row[4]),stripslashes($row[5]),stripslashes($row[6]),stripslashes($row[7]),stripslashes($row[8]),
|
||||||
stripslashes($row[9]),stripslashes($row[10]),stripslashes($row[14]),stripslashes($row[18]),stripslashes($row[19]),
|
stripslashes($row[9]),stripslashes($row[10]),stripslashes($row[14]),stripslashes($row[18]),stripslashes($row[19]),
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user