arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

150-200 database lines have been changed

Browse Source
This commit is contained in:
Muad Sakah 2025-02-04 05:01:02 +00:00
parent a077e3fdc9
commit 5ccfe2dd6f
30 changed files with 410 additions and 405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
admin/registration_receivedforms.php
View File

@ -77,7 +77,7 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
FROM
projects,projectcategories,projectdivisions
WHERE
projects.registrations_id='$reg_id'
projects.registrations_id=?
AND
projects.projectcategories_id=projectcategories.id
AND
@ -87,7 +87,7 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
AND
projectdivisions.year=projects.year
");
$q->execute();
$q->execute([$reg_id]);
show_pdo_errors_if_any($pdo);
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
@ -116,11 +116,11 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
FROM
students,schools
WHERE
students.registrations_id='$reg_id'
students.registrations_id=?
AND
students.schools_id=schools.id
");
$q->execute();
$q->execute([$reg_id]);
$studnum = 1;
while ($studentinfo = $q->fetch(PDO::FETCH_OBJ)) {
@ -193,14 +193,14 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
$checkNumQuery = $pdo->prepare("SELECT projectnumber
FROM projects, registrations
WHERE projects.registrations_id = registrations.id
AND num='$regnum'
AND registrations.year='{$config['FAIRYEAR']}'");
$checkNumQuery->execute();
AND num=?
AND registrations.year=?");
$checkNumQuery->execute([$regnum,$config['FAIRYEAR']]);
$checkNumResults = $checkNumQuery->fetch(PDO::FETCH_OBJ);
$projectnum = $checkNumResults->projectnumber;
$q = $pdo->prepare("SELECT id FROM registrations WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM registrations WHERE num=? AND year=?");
$q->execute([$regnum, $config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
$reg_id = $r->id;
@ -218,8 +218,8 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
if ($_POST['action'] == 'receivedyes') {
// actually set it to 'complete'
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num=? AND year=?");
$stmt->execute([$regnum,$config['FAIRYEAR']]);
foreach ($recipients AS $recip) {
$to = $recip['to'];
$subsub = array();
@ -238,8 +238,8 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
echo happy(i18n('Registration of form %1 successfully completed', array($regnum)));
} else if ($_POST['action'] == 'receivedyesnocash') {
// actually set it to 'paymentpending'
$stmt = $pdo->prepare("UPDATE registrations SET status='paymentpending' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE registrations SET status='paymentpending' WHERE num=? AND year=?");
$stmt->execute([$regnum,$config['FAIRYEAR']]);
foreach ($recipients AS $recip) {
$to = $recip['to'];
$subsub = array();
@ -261,13 +261,13 @@ if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array
echo notice(i18n('Registration of form %1 cancelled', array($_POST['registration_number'])));
} else if (get_value_from_array($_GET, 'action') == 'unregister' && get_value_from_array($_GET, 'registration_number')) {
$reg_num = intval(trim($_GET['registration_number']));
$q = $pdo - prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
$q->execute();
$q = $pdo->prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year=? AND registrations.num=?");
$q->execute([$config['FAIRYEAR'],$reg_num]);
$r = $q->fetch(PDO::FETCH_OBJ);
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id='$r->proj_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->reg_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id=? AND year=?");
$stmt->execute([$r->proj_id,$config['FAIRYEAR']]);
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id=? AND year=?");
$stmt->execute([$r->reg_id,$config['FAIRYEAR']]);
echo happy(i18n('Successfully unregistered project'));
}
@ -305,9 +305,9 @@ if ($showformatbottom) {
if (get_value_from_array($_POST, 'action') == 'receive_all') {
// Grab all projects that don't have project numbers. Status should therefor be open or new but not complete
$query_noprojectnumber = $pdo->prepare('SELECT * FROM projects WHERE projectnumber IS NULL AND year =' . $config['FAIRYEAR'] . '');
$query_noprojectnumber = $pdo->prepare('SELECT * FROM projects WHERE projectnumber IS NULL AND year =?');
// Define arrays to append to later
$query_noprojectnumber->execute();
$query_noprojectnumber->execute([$config['FAIRYEAR']]);
$completed_students = array();
$incomplete_students = array();
$newstatus_students = array();
@ -315,8 +315,8 @@ if (get_value_from_array($_POST, 'action') == 'receive_all') {
// loop through each project that doesn't have a project number
while ($studentproject = $query_noprojectnumber->fetch(PDO::FETCH_ASSOC)) {
// Grab registration information about the current project
$q = $pdo->prepare("SELECT * FROM registrations WHERE id='" . $studentproject['registrations_id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM registrations WHERE id=? AND year=?");
$q->execute([$studentproject['registrations_id'],$config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
$reg_id = $r->id;
$reg_num = $r->num;
@ -347,18 +347,18 @@ if (get_value_from_array($_POST, 'action') == 'receive_all') {
) {
// Generate project number and update it in data base
list($projectnumber, $ps, $pns, $pss) = generateProjectNumber($reg_id);
$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber',
projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=?,
projectsort=?,projectnumber_seq=?,projectsort_seq=?
WHERE registrations_id=? AND year=?");
$stmt->execute([$projectnumber,$ps,$pns,$pss,$reg_id,$config['FAIRYEAR']]);
// email stuff
// get all students with this registration number
// $recipients=getEmailRecipientsForRegistration($reg_id);
// Set status to 'complete'
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$reg_num' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num=? AND year=?");
$stmt->execute([$reg_num,$config['FAIRYEAR']]);
/*foreach($recipients AS $recip) {
$to=$recip['to'];
$subsub=array();

19
admin/registration_stats.php
View File

@ -63,13 +63,13 @@ foreach ($status_str as $s => $str) {
echo '</select>';
echo '</form>';
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$year]);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$cats[$r->id] = $r->category;
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$year]);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$divs[$r->id] = $r->division;
@ -133,12 +133,12 @@ $q = $pdo->prepare("SELECT registrations.id AS reg_id,
left outer join projects on projects.registrations_id=registrations.id
WHERE
1
AND registrations.year='$year'
$wherestatus
AND registrations.year=?
?
ORDER BY
$ORDERBY
?
");
$q->execute();
$q->execute([$year,$wherestatus,$ORDERBY]);
show_pdo_errors_if_any($pdo);
$stats_totalprojects = 0;
@ -188,10 +188,11 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
FROM
students,schools
WHERE
students.registrations_id='$r->reg_id'
students.registrations_id=?
AND
students.schools_id=schools.id
");
$sq->execute([$r->reg_id]);
show_pdo_errors_if_any($pdo);
$studnum = 1;

18
admin/registration_webconsent.php
View File

@ -44,12 +44,12 @@ if (get_value_from_array($_POST, 'changed')) {
$webphoto = get_value_from_2d_array($_POST, 'webphoto', $id) == 'yes' ? 'yes' : 'no';
$stmt = $pdo->prepare("UPDATE students SET
webfirst='$webfirst',
weblast='$weblast',
webphoto='$webphoto'
webfirst=?,
weblast=?,
webphoto=?
WHERE
id='$id'");
$stmt->execute();
id=?");
$stmt->execute([$webfirst,$weblast,$webphoto,$id]);
}
}
@ -87,12 +87,12 @@ $sq = $pdo->prepare("SELECT students.firstname,
students.registrations_id=registrations.id
AND\t( registrations.status = 'complete' OR registrations.status='paymentpending' )
AND\tprojects.registrations_id=registrations.id
AND \tregistrations.year='" . $config['FAIRYEAR'] . "'
AND \tprojects.year='" . $config['FAIRYEAR'] . "'
AND \tstudents.year='" . $config['FAIRYEAR'] . "'
AND \tregistrations.year=?
AND \tprojects.year=?
AND \tstudents.year=?
ORDER BY projectnumber
");
$sq->execute();
$sq->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
echo '<form method="post" action="registration_webconsent.php">';

48
admin/reports.inc.php
View File

@ -351,9 +351,9 @@ foreach($report_stock as $n=>$v) {
/* First delete all existing fields */
$stmt = $pdo->prepare("DELETE FROM reports_items
WHERE `reports_id`='{$report['id']}'
AND `type`='$type'");
$stmt->execute();
WHERE `reports_id`=?
AND `type`=?");
$stmt->execute([$report['id'],$type]);
/* Now add new ones */
if(count($report[$type]) == 0) return;
@ -385,9 +385,9 @@ foreach($report_stock as $n=>$v) {
`field`,`value`,`x`, `y`, `w`, `h`,
`lines`, `face`, `align`,`valign`,
`fontname`,`fontstyle`,`fontsize`,`on_overflow`)
VALUES $q");
VALUES ?");
$stmt->execute();
$stmt->execute([$q]);
show_pdo_errors_if_any($pdo);
}
@ -404,8 +404,8 @@ foreach($report_stock as $n=>$v) {
$report = array();
$q = $pdo->prepare("SELECT * FROM reports WHERE id='$report_id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM reports WHERE id=?");
$q->execute([$report_id]);
$r = $q->fetch(PDO::FETCH_ASSOC);
$report['name'] = get_value_from_array($r, 'name');
$report['id'] = get_value_from_array($r, 'id');
@ -430,9 +430,9 @@ foreach($report_stock as $n=>$v) {
$allow_fields=array();
$q = $pdo->prepare("SELECT * FROM reports_items
WHERE reports_id='{$report['id']}'
WHERE reports_id=?
ORDER BY `ord`");
$q->execute();
$q->execute([$report['id']]);
show_pdo_errors_if_any($pdo);
if($q->rowCount() == 0) return $report;
@ -491,8 +491,8 @@ foreach($report_stock as $n=>$v) {
} else {
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
$q->execute();
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id=?");
$q->execute([$report['id']]);
$i = $q->fetch(PDO::FETCH_ASSOC);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
@ -513,12 +513,12 @@ foreach($report_stock as $n=>$v) {
*/
$stmt = $pdo->prepare("UPDATE reports SET
`name`='".$report['name']."',
`desc`='".$report['desc']."',
`creator`='".$report['creator']."',
`type`='".$report['type']."'
WHERE `id`={$report['id']}");
$stmt->execute();
`name`=?,
`desc`=?,
`creator`=?,
`type`=?
WHERE `id`=?");
$stmt->execute([$report['name'],$report['desc'],$report['creator'],$report['type'],$report['id']]);
report_save_field($report, 'col', get_value_from_array($report, 'loc'));
report_save_field($report, 'group', array());
@ -533,7 +533,7 @@ foreach($report_stock as $n=>$v) {
{ global $pdo;
$ret = array();
$q = $pdo->prepare("SELECT * FROM reports ORDER BY `name`");
$q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$report = array();
$report['name'] = $r['name'];
@ -551,8 +551,8 @@ foreach($report_stock as $n=>$v) {
$r = intval($report_id);
/* if the report['id'] is not zero, see if this is a
* systeim report before doing anything. */
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='$r'");
$q->execute();
$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id=?");
$q->execute([$r]);
$i = $q->fetch(PDO::FETCH_ASSOC);
if(intval($i['system_report_id']) != 0) {
/* This is a system report, the editor (should)
@ -563,10 +563,10 @@ foreach($report_stock as $n=>$v) {
echo "ERROR: attempt to delete a system report (reports.id=$r)";
exit;
}
$stmt = $pdo->prepare("DELETE FROM reports WHERE `id`=$r");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM reports_items WHERE `reports_id`=$r");
$stmt->execute();}
$stmt = $pdo->prepare("DELETE FROM reports WHERE `id`=?");
$stmt->execute([$r]);
$stmt = $pdo->prepare("DELETE FROM reports_items WHERE `reports_id`=?");
$stmt->execute([$r]);
function report_gen($report)

31
admin/reports.php
View File

@ -39,8 +39,8 @@ switch (get_value_from_array($_GET, 'action')) {
case 'remove_report':
$id = intval($_GET['id']);
$stmt = $pdo->prepare("DELETE FROM reports_committee WHERE
users_id='{$_SESSION['users_uid']}' AND id='$id'");
$stmt->execute();
users_id=? AND id=?");
$stmt->execute([$_SESSION['users_uid'],$id]);
happy_('Report successfully removed');
exit;
case 'reload':
@ -64,16 +64,17 @@ switch (get_value_from_array($_GET, 'action')) {
$ret['name'] = $report['name'];
$ret['category'] = '';
} else {
$q = $pdo->prepare("SELECT * FROM reports_committee WHERE id='$id'");
$q = $pdo->prepare("SELECT * FROM reports_committee WHERE id=?");
$q->execute([$id]);
$ret = $q->fetch(PDO::FETCH_ASSOC);
$ret['type'] = $ret['format'];
}
/* Load available categories */
$q = $pdo->prepare("SELECT DISTINCT category FROM reports_committee
\t\t\tWHERE users_id='{$_SESSION['users_uid']}'
\t\t\tWHERE users_id=?
ORDER BY category");
$q->execute();
$q->execute([$_SESSION['users_uid']]);
while ($i = $q->fetch(PDO::FETCH_OBJ))
$ret['cat'][] = $i->category;
echo json_encode($ret);
@ -87,8 +88,8 @@ switch (get_value_from_array($_GET, 'action')) {
if ($id == -1) {
/* New entry */
$stmt = $pdo->prepare("INSERT INTO `reports_committee` (`users_id`,`reports_id`)
VALUES('{$_SESSION['users_uid']}','$reports_id');");
$stmt->execute();
VALUES(?,?);");
$stmt->execute([$_SESSION['users_uid'],$reports_id]);
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();
}
@ -124,12 +125,12 @@ switch (get_value_from_array($_GET, 'action')) {
}
$stmt = $pdo->prepare("UPDATE `reports_committee` SET
`category`='$category',
`comment`='$comment',
`format`='$type',
`stock`='$stock'
WHERE id='$id'");
$stmt->execute();
`category`=?,
`comment`=?,
`format`=?,
`stock`=?
WHERE id=?");
$stmt->execute([$category,$comment,$type,$stock,$id]);
happy_('Saved');
exit;
}
@ -248,9 +249,9 @@ global $edit_mode;
$q = $pdo->prepare("SELECT reports_committee.*,reports.name
\t\t\tFROM reports_committee
LEFT JOIN reports ON reports.id=reports_committee.reports_id
\t\t\tWHERE users_id='{$_SESSION['users_uid']}'
\t\t\tWHERE users_id=?
ORDER BY category,id");
$q->execute();
$q->execute([$_SESSION['users_uid']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
echo i18n('You have no reports saved');

20
admin/reports_acscript.php
View File

@ -80,14 +80,14 @@ $q = $pdo->prepare("SELECT
award_types,
sponsors
WHERE
award_awards.year='$foryear'
AND\taward_types.year='$foryear'
award_awards.year=?
AND\taward_types.year=?
AND\taward_awards.award_types_id=award_types.id
AND\taward_awards.sponsors_id=sponsors.id
AND\taward_awards.excludefromac='0'
$awardtype
?
ORDER BY awards_order");
$q->execute();
$q->execute([$foryear,$foryear,$awardtype]);
show_pdo_errors_if_any($pdo);
// echo "<pre>";
@ -114,14 +114,14 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
LEFT JOIN projects ON projects.id=winners.projects_id
WHERE
award_awards_id='{$r->id}'
AND award_prizes.year='$foryear'
award_awards_id=?
AND award_prizes.year=?
AND award_prizes.excludefromac='0'
AND ($and_categories)
AND (?)
ORDER BY
`order`,
projects.projectnumber");
$pq->execute();
$pq->execute([$r->id,$foryear,$and_categories]);
show_pdo_errors_if_any($pdo);
$r->winners = array();
@ -246,10 +246,10 @@ foreach ($awards as $r) {
students,
schools
WHERE
students.registrations_id='$pr->reg_id'
students.registrations_id=?
AND students.schools_id=schools.id
");
$sq->execute();
$sq->execute([$pr->reg_id]);
$students = ' Students: ';
$studnum = 0;

7
admin/reports_appeal_letters.php
View File

@ -70,15 +70,16 @@ $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
/* Load the users */
$users = array();
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=?");
$q->execute([$fcid]);
while ($l = $q->fetch(PDO::FETCH_ASSOC)) {
$uid = $l['users_uid'];
$users[$uid] = user_load_by_uid($uid);
}
/* Grab all the emails */
$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id=? AND val=?");
$q->execute([$fcid,$key]);
while ($e = $q->fetch(PDO::FETCH_ASSOC)) {
foreach ($users as $uid => &$u) {

8
admin/reports_ceremony.php
View File

@ -61,8 +61,8 @@ echo "</td></tr>\n";
echo '<tr>';
// list award subsets to output
echo '<td><b>' . i18n('Award Type') . ':</b></td> <td> <select name="awardtype" size=1>';
$results = $pdo->prepare('SELECT type FROM award_types WHERE year=' . $config['FAIRYEAR'] . ' ORDER BY type');
$results->execute();
$results = $pdo->prepare('SELECT type FROM award_types WHERE year=? ORDER BY type');
$results->execute([$config['FAIRYEAR']]);
echo '<option value="All">' . i18n('All') . '</option>';
while ($r = $results->fetch(PDO::FETCH_OBJ)) {
echo "<option value=\"$r->type\">" . i18n("$r->type") . '</option>';
@ -94,8 +94,8 @@ echo '<td><input name="group_by_prize" type="checkbox" /></td></tr>';
echo '<tr><td><b>' . i18n('Include the following age categories') . ':</b></td>';
echo '<td>';
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<input name=\"show_category[{$r->id}]\" type=\"checkbox\" checked=\"checked\" />";
echo '' . i18n($r->category) . '<br />';

16
admin/reports_gen.php
View File

@ -40,8 +40,8 @@ if ($year < 1000)
/* If it's a system report, turn that into the actual report id */
if (array_key_exists('sid', $_GET)) {
$sid = intval($_GET['sid']);
$q = $pdo->prepare("SELECT id FROM reports WHERE system_report_id='$sid'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM reports WHERE system_report_id=?");
$q->execute([$sid]);
$r = $q->fetch(PDO::FETCH_OBJ);
$id = $r['id'];
}
@ -91,9 +91,9 @@ switch ($_GET['action']) {
<?
/* See if the report is in this committee member's list */
$q = $pd->prepare("SELECT * FROM reports_committee
\t\t\t\tWHERE users_id='{$_SESSION['users_uid']}'
AND reports_id='{$report['id']}'");
$q->execute();
\t\t\t\tWHERE users_id=?
AND reports_id=?");
$q->execute([$_SESSION['users_uid'],$report['id']]);
if ($q->rowCount() > 0) {
$i = $q->fetch(PDO::FETCH_ASSOC);
?>
@ -223,9 +223,9 @@ echo "<td>{$report['creator']}</td></tr>";
echo '<tr><td colspan="2"><hr /></td></tr>';
/* See if the report is in this committee member's list */
$q = $pdo->prepare("SELECT * FROM reports_committee
\t\t\tWHERE users_id='{$_SESSION['users_uid']}'
AND reports_id='{$report['id']}'");
$q->execute();
\t\t\tWHERE users_id=?
AND reports_id=?");
$q->execute([$_SESSION['users_uid'],$report['id']]);
echo '<tr><td colspan="2"><h3>' . i18n('My Reports Info') . '</h3></td></tr>';
if ($q->rowCount() > 0) {
/* Yes, it is */

34
admin/reports_judges.inc.php
View File

@ -48,8 +48,8 @@ function report_judges_load_divs($year)
/* Load divisions for this year, only once */
if (!array_key_exists($year, $report_judges_divs)) {
$report_judges_divs[$year] = array();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=?");
$q->execute([$year]);
while (($d = $q->fetch(PDO::FETCH_ASSOC))) {
$report_judges_divs[$year][$d['id']] = $d;
}
@ -61,8 +61,8 @@ function report_judges_load_cats($year)
global $report_judges_cats;
global $pdo;
if (!array_key_exists($year, $report_judges_cats)) {
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=?");
$q->execute([$year]);
while (($c = $q->fetch(PDO::FETCH_ASSOC))) {
$report_judges_cats[$year][$c['id']] = $c;
}
@ -142,14 +142,14 @@ function report_judges_custom_question($report, $field, $text)
$users_id = $text;
/* Find the actual question ID */
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM questions WHERE year=? AND ord=?");
$q->execute([$year,$q_ord]);
if ($q->rowCount() != 1)
return 'Question not specified';
$question = $q->fetch(PDO::FETCH_ASSOC);
$q = $pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM question_answers WHERE users_id=? AND questions_id=?");
$q->execute([$users_id,$question['id']]);
if ($q->rowCount() != 1)
return '';
$answer = $q->fetch(PDO::FETCH_ASSOC);
@ -194,9 +194,9 @@ function report_judges_team_members($report, $field, $text)
$judges_teams_id = $text;
$q = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN users ON judges_teams_link.users_id=users.id
WHERE judges_teams_link.year='$year'
AND judges_teams_link.judges_teams_id='$judges_teams_id'");
$q->execute();
WHERE judges_teams_link.year=?
AND judges_teams_link.judges_teams_id=?");
$q->execute([$year,$judges_teams_id]);
$ret = '';
while (($m = $q->fetch(PDO::FETCH_ASSOC))) {
$add = false;
@ -239,8 +239,8 @@ function report_judges_load_rounds($year)
if (count($report_judges_rounds))
return;
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`=?");
$q->execute([$year]);
/* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
$report_judges_rounds[] = $r;
@ -258,8 +258,8 @@ function report_judges_specialaward($report, $field, $text)
global $config, $report_judges_rounds, $pdo;
$year = $report['year'];
$award_id = $text;
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='" . intval($award_id) . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id=?");
$q->execute([intval($award_id)]);
$r = $q->fetch(PDO::FETCH_OBJ);
return $r->name;
}
@ -284,8 +284,8 @@ function report_judges_time_availability($report, $field, $text)
exit;
}
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='$users_id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=?");
$q->execute([$users_id]);
// echo mysql_error();
while (($r = $q->fetch(PDO::FETCH_ASSOC))) {
if ($r['start'] <= $round['starttime'] &&

20
admin/reports_judges.php
View File

@ -77,8 +77,8 @@ foreach ($keys as $qid) {
}
// grab the list of divisions, because the last fields of the table will be the sub-divisions
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
$numcats = $q->rowCount();
$catheadings = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -86,8 +86,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$catheadings[] = "$r->category (out of 5)";
}
// grab the list of divisions, because the last fields of the table will be the sub-divisions
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
$divheadings = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divs[] = $r->id;
@ -102,8 +102,8 @@ $times = array();
$datetimeheadings = array();
/* Load the judging rounds */
$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q->execute();
$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year=? ORDER BY starttime,type");
$q->execute([$config['FAIRYEAR']]);
$x = 0;
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$found = false;
@ -138,13 +138,13 @@ $q = $pdo->prepare("SELECT
JOIN users_judge ON users.id=users_judge.users_id
WHERE
users.deleted='no' AND
users.year='" . $config['FAIRYEAR'] . "'
users.year=?
AND users.types LIKE '%judge%'
ORDER BY
lastname,
firstname");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$u = user_load($r->id);
@ -182,8 +182,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$qarray[] = $qans[$qid];
}
$tq = $pdo->prepare('SELECT * FROM judges_availability WHERE users_id="' . $r->id . '" ORDER BY `start`');
$tq->execute();
$tq = $pdo->prepare('SELECT * FROM judges_availability WHERE users_id=? ORDER BY `start`');
$tq->execute([$r->id]);
$sel = array();
$timedata = array();

8
admin/reports_judges_allyears.php
View File

@ -78,8 +78,8 @@ foreach ($keys as $qid) {
}
// grab the list of divisions, because the last fields of the table will be the sub-divisions
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
$numcats = $q->rowCount();
$catheadings = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -87,8 +87,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$catheadings[] = "$r->category (out of 5)";
}
// grab the list of divisions, because the last fields of the table will be the sub-divisions
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
$divheadings = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divs[] = $r->id;

24
admin/reports_judges_teams_projects.php
View File

@ -45,8 +45,8 @@ if ($type == 'pdf') {
$teams = getJudgingTeams();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount() > 1)
$show_date = true;
else
@ -83,8 +83,8 @@ foreach ($teams AS $team) {
$rep->addText(i18n('Criteria') . ': ' . $award['criteria']);
// get category eligibility
$q = $pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
$q->execute();
$q = $pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id=? AND award_awards_projectcategories.year=? AND projectcategories.year=? ORDER BY category");
$q->execute([$award['id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$cats = '';
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -96,8 +96,8 @@ foreach ($teams AS $team) {
$rep->addText(i18n('Categories') . ": $cats");
// get division eligibility
$q = $pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
$q->execute();
$q = $pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id=? AND award_awards_projectdivisions.year=? AND projectdivisions.year=? ORDER BY division_shortform");
$q->execute([$award['id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$divs = '';
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -123,13 +123,13 @@ foreach ($teams AS $team) {
judges_teams,
judges_teams_timeslots_link
WHERE
judges_teams.id='" . $team['id'] . "' AND
judges_teams.id=? AND
judges_teams.id=judges_teams_timeslots_link.judges_teams_id AND
judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
ORDER BY
date,starttime
");
$q->execute();
$q->execute([$team['id']]);
$numslots = $q->rowCount();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -147,14 +147,14 @@ foreach ($teams AS $team) {
projects,
judges_teams_timeslots_projects_link
WHERE
judges_teams_timeslots_projects_link.judges_timeslots_id='$r->id' AND
judges_teams_timeslots_projects_link.judges_teams_id='" . $team['id'] . "' AND
judges_teams_timeslots_projects_link.judges_timeslots_id=? AND
judges_teams_timeslots_projects_link.judges_teams_id=? AND
judges_teams_timeslots_projects_link.projects_id=projects.id AND
judges_teams_timeslots_projects_link.year='" . $config['FAIRYEAR'] . "'
judges_teams_timeslots_projects_link.year=?
ORDER BY
projectnumber
");
$projq->execute();
$projq->execute([$r->id,$team['id'],$config['FAIRYEAR']]);
while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
$table['data'][] = array($timeslot, $proj->projectnumber, $proj->title);

8
admin/reports_mailinglabels_generator.php
View File

@ -83,11 +83,11 @@ if ($report) {
FROM
schools
WHERE
year='{$config['FAIRYEAR']}'
year=?
ORDER BY
school
");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
break;
case 'sponsors':
@ -129,11 +129,11 @@ if ($report) {
judges_years
WHERE
judges_years.judges_id=judges.id
AND judges_years.year='{$config['FAIRYEAR']}'
AND judges_years.year=?
ORDER BY
lastname,firstname
");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
break;
}

16
admin/reports_program_awards.php
View File

@ -30,13 +30,13 @@ $q = $pdo->prepare("SELECT
award_awards,
award_types
WHERE
award_awards.year='" . $config['FAIRYEAR'] . "'
AND\taward_types.year='" . $config['FAIRYEAR'] . "'
award_awards.year=?
AND\taward_types.year=?
AND\taward_awards.award_types_id=award_types.id
AND\taward_awards.excludefromac='0'
AND\t(award_types.type='special' OR award_types.type='grand')
ORDER BY awards_order");
$q->execute();
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
@ -45,8 +45,8 @@ if ($q->rowCount()) {
$rep->heading(i18n($r->name));
// get teh age categories
$acq = $pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE projectcategories.year='" . $config['FAIRYEAR'] . "' AND award_awards_projectcategories.year='" . $config['FAIRYEAR'] . "' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
$acq->execute();
$acq = $pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE projectcategories.year=? AND award_awards_projectcategories.year=? AND award_awards_projectcategories.award_awards_id=? AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
$acq->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$r->id]);
show_pdo_errors_if_any($pdo);
$cats = '';
while ($acr = $acq->fetch(PDO::FETCH_OBJ)) {
@ -64,12 +64,12 @@ if ($q->rowCount()) {
FROM
award_prizes
WHERE
award_awards_id='$r->id'
AND award_prizes.year='" . $config['FAIRYEAR'] . "'
award_awards_id=?
AND award_prizes.year=?
AND award_prizes.excludefromac='0'
ORDER BY
`order`");
$pq->execute();
$pq->execute([$r->id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$prevprizeid = -1;
while ($pr = $pq->fetch(PDO::FETCH_OBJ)) {

15
admin/reports_projects_details.php
View File

@ -65,14 +65,15 @@ $projq = $pdo->prepare("SELECT
LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
WHERE
projects.year='" . $config['FAIRYEAR'] . "'
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
projects.year=?
AND projectdivisions.year=?
AND projectcategories.year=?
AND ( registrations.status='complete'
\t OR registrations.status='paymentpending' )
ORDER BY
projects.projectnumber
");
$projq->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$totalprojects = $projq->rowCount();
@ -85,9 +86,9 @@ while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
FROM
students
WHERE
students.registrations_id='$proj->reg_id'
students.registrations_id=?
");
$sq->execute();
$sq->execute([$proj->reg_id]);
$students = '';
$studnum = 0;
while ($studentinfo = $sq->fetch(PDO::FETCH_OBJ)) {
@ -115,8 +116,8 @@ while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
$rep->addTable($table);
unset($table);
$q = $pdo->prepare("SELECT * FROM mentors WHERE registrations_id='" . $proj->reg_id . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM mentors WHERE registrations_id=?");
$q->execute([$proj->reg_id]);
$rep->nextline();
$rep->heading(i18n('Mentor Information'));
$rep->nextline();

22
admin/reports_projects_judges_teams.php
View File

@ -49,8 +49,8 @@ if ($type == 'pdf') {
$teams = getJudgingTeams();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount() > 1)
$show_date = true;
else
@ -73,15 +73,15 @@ $projq = $pdo->prepare("SELECT
LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
WHERE
projects.year='" . $config['FAIRYEAR'] . "'
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
projects.year=?
AND projectdivisions.year=?
AND projectcategories.year=?
AND ( registrations.status='complete'
\t OR registrations.status='paymentpending' )
ORDER BY
projects.projectnumber
");
$projq->execute();
$projq->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
@ -92,9 +92,9 @@ while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
FROM
students
WHERE
students.registrations_id='$proj->reg_id'
students.registrations_id=?
");
$sq->execute();
$sq->execute([$proj->reg_id]);
$students = '';
$studnum = 0;
@ -127,12 +127,12 @@ while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
LEFT JOIN judges_timeslots ON judges_teams_timeslots_projects_link.judges_timeslots_id=judges_timeslots.id
LEFT JOIN judges_teams ON judges_teams_timeslots_projects_link.judges_teams_id=judges_teams.id
WHERE
judges_teams_timeslots_projects_link.projects_id='$proj->id'
AND judges_teams_timeslots_projects_link.year='" . $config['FAIRYEAR'] . "'
judges_teams_timeslots_projects_link.projects_id=?
AND judges_teams_timeslots_projects_link.year=?
ORDER BY
date,starttime
");
$q->execute();
$q->execute([$proj->id,$config['FAIRYEAR']]);
$numslots = $q->rowCount();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {

30
admin/reports_students.inc.php
View File

@ -81,9 +81,9 @@ function report_student_safety_question($report, $field, $text)
safety.answer
FROM safetyquestions
JOIN safety ON safetyquestions.id=safety.safetyquestions_id
WHERE safety.registrations_id='" . $regid . "'
ORDER BY safetyquestions.ord LIMIT $q_ord,1");
$q->execute();
WHERE safety.registrations_id=?
ORDER BY safetyquestions.ord LIMIT ?,1");
$q->execute([$regid,$q_ord]);
$r = $q->fetch(PDO::FETCH_OBJ);
return $r->answer;
@ -94,9 +94,9 @@ function reports_students_numstudents($report, $field, $text)
global $pdo;
$year = $report['year'];
$q = $pdo->prepare("SELECT students.id FROM students
WHERE students.registrations_id='$text'
AND students.year='$year'");
$q->execute();
WHERE students.registrations_id=?
AND students.year=?");
$q->execute([$text,$year]);
return $q->rowCount();
}
@ -108,11 +108,11 @@ function reports_students_award_selfnom_num($report, $field, $text, $n)
projects
LEFT JOIN project_specialawards_link ON project_specialawards_link.projects_id=projects.id
LEFT JOIN award_awards ON award_awards.id=project_specialawards_link.award_awards_id
WHERE projects.id='$text'
AND projects.year='$year'
AND project_specialawards_link.year='$year'
LIMIT $n,1");
$q->execute();
WHERE projects.id=?
AND projects.year=?
AND project_specialawards_link.year=?
LIMIT ?,1");
$q->execute([$text,$year,$year,$n]);
show_pdo_errors_if_any($pdo);
$i = $q->fetch(PDO::FETCH_OBJ);
return $i['name'];
@ -157,8 +157,8 @@ function report_student_regfee_item($report, $field, $text)
{
$year = $report['year'];
$id = intval(substr($field, 12));
$q = $pdo->prepare("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
$q->execute();
$q = $pdo->prepare("SELECT regfee_items_id FROM regfee_items_link WHERE students_id=? AND regfee_items_id=?");
$q->execute([$text,$id]);
show_pdo_errors_if_any($pdo);
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
return i18n('Yes');
@ -167,8 +167,8 @@ function report_student_regfee_item($report, $field, $text)
}
}
$q = $pdo->prepare("SELECT * FROM regfee_items WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM regfee_items WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
$regfeeitems = array();
$first = true;
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {

109
admin/rerollprizes.php
View File

@ -40,75 +40,76 @@ $newfairyear = 2008;
// first make sure they have indeed done the rollover...
if ($config['FAIRYEAR'] == 2008) {
// make sure the number of awards are identical (aka they havent added any new ones)
$nq1 = $pdo->prepare("SELECT * FROM award_awards WHERE year='$newfairyear'");
$nq1->execute();
$nq2 = $pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$nq2->execute();
$nq1 = $pdo->prepare("SELECT * FROM award_awards WHERE year=?");
$nq1->execute([$newfairyear]);
$nq2 = $pdo->prepare("SELECT * FROM award_awards WHERE year=?");
$nq2->execute([$currentfairyear]);
if ($nq1->rowCount() == $nq2->rowcount()) {
$npq1 = $pdo->prepare("SELECT * FROM award_prizes WHERE year='$newfairyear'");
$npq1->execute();
$npq2 = $pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
$npq2->execute();
$npq1 = $pdo->prepare("SELECT * FROM award_prizes WHERE year?");
$npq1->execute([$newfairyear]);
$npq2 = $pdo->prepare("SELECT * FROM award_prizes WHERE year=?");
$npq2->execute([$currentfairyear]);
if ($npq2->rowCount() > 0 && $npq1->rowCount() == 0) {
echo '<br />';
echo notice(i18n('A BUG WAS IDENTIFIED IN YOUR PREVIOUS YEAR ROLLOVER WHICH CAUSED AWARD PRIZES TO NOT BE ROLLED OVER PROPERLY. THEY ARE NOW BEING RE-ROLLED OVER WITH THE PROPER PRIZE INFORMATION. THIS WILL ONLY HAPPEN ONCE.')) . '<br />';
$stmt = $pdo->prepare("DELETE FROM award_awards WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_prizes WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_contacts WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_types WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM award_awards WHERE year=?");
$stmt->execute([$newfairyear]);
$stmt = $pdo->prepare("DELETE FROM award_prizes WHERE year=?");
$stmt->execute([$newfairyear]);
$stmt = $pdo->prepare("DELETE FROM award_contacts WHERE year=?");
$stmt->execute([$newfairyear]);
$stmt = $pdo->prepare("DELETE FROM award_types WHERE year=?");
$stmt->execute([$newfairyear]);
$stmt = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE year=?");
$stmt->execute([$newfairyear]);
$stmt = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE year=?");
$stmt->execute([$newfairyear]);
echo i18n('Rolling awards') . '<br />';
// awards
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year=?");
$q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
'" . $r->award_sponsors_id . "',
'" . $r->award_types_i . "',
'" . $r->name . "',
'" . $r->criteria . "',
'" . $r->presenter . "',
'" . $r->order . "',
'" . $newfairyear . "',
'" . $r->excludefromac . "',
'" . $r->cwsfaward . "')");
?,
?,
?,
?,
?,
?,
?,
?,
?)");
$stmt->execute([$r->award_sponsors_id,$r->award_types_i ,$r->name,$r->criteria,$r->presenter,$r->order,$newfairyear,$r->excludefromac,$r->cwsfaward ]);
$award_awards_id = $pdo->lastInsertId();
$q2 = $pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
$q2 = $pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE year=? AND award_awards_id=?");
$q2->execute([$currentfairyear,$r->id]);
show_pdo_errors_if_any($pdo);
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
'" . $award_awards_id . "',
'" . $r2->projectcategories_id . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?)");
$stmt->execute([$award_awards_id,$r2->projectcategories_id,$newfairyear]);
}
$q2 = $pdo->prepare("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
$q2 = $pdo->prepare("SELECT * FROM award_awards_projectdivisions WHERE year=? AND award_awards_id=?");
$q2->execute([$currentfairyear,$r->id]);
show_pdo_errors_if_any($pdo);
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
'" . $award_awards_id . "',
'" . $r2->projectdivisions_id . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?");
$stmt->execute([$award_awards_id,$r2->projectdivisions_id,$newfairyear]);
}
echo i18n('&nbsp; Rolling award prizes') . '<br />';
$q2 = $pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
$q2->execute();
$q2 = $pdo->prepare("SELECT * FROM award_prizes WHERE year=? AND award_awards_id=?");
$q2->execute([$currentfairyear,$r->id]);
show_pdo_errors_if_any($pdo);
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
@ -126,8 +127,8 @@ if ($config['FAIRYEAR'] == 2008) {
echo i18n('Rolling award contacts') . '<br />';
// award contacts
$q = $pdo->prepare("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM award_contacts WHERE year=?");
$q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
@ -146,16 +147,16 @@ if ($config['FAIRYEAR'] == 2008) {
echo i18n('Rolling award types') . '<br />';
// award types
$q = $pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM award_types WHERE year=?");
$q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'" . $r->id . "',
'" . $r->type . "',
'" . $r->order . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?)");
$stmt->execute([$r->id,$r->type,$r->order,$newfairyear]);
}
}
}

32
admin/schools.php
View File

@ -33,8 +33,8 @@ user_auth_required('committee', 'admin');
if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POST, 'save') == 'add') {
if (get_value_from_array($_POST, 'save') == 'add') {
$q = $pdo->prepare("INSERT INTO schools (year) VALUES ('" . $config['FAIRYEAR'] . "')");
$q->execute();
$q = $pdo->prepare("INSERT INTO schools (year) VALUES (?)");
$q->execute([$config['FAIRYEAR']]);
$id = $pdo->lastInsertId();
} else
$id = intval(get_value_from_array($_POST, 'id'));
@ -49,8 +49,8 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
*/
/* Get the uids for principal/science head */
$q = $pdo->prepare("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("SELECT principal_uid,sciencehead_uid FROM schools WHERE id=?");
$q->execute([$id]);
$i = $q->fetch(PDO::FETCH_ASSOC);
$principal_update = '';
@ -187,24 +187,24 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
}
if (get_value_from_array($_GET, 'action') == 'delete' && get_value_from_array($_GET, 'delete', '')) {
$stmt = $pdo->prepare("DELETE FROM schools WHERE id='" . $_GET['delete'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM schools WHERE id=?");
$stmt->execute([$_GET['delete']]);
$notice = 'deleted';
}
if (get_value_from_array($_GET, 'action') == 'clearaccesscodes') {
$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year=?");
$stmt->execute([$config['FAIRYEAR']]);
$notice = 'clearaccess';
}
if (get_value_from_array($_GET, 'action') == 'makeaccesscodes') {
$q = $pdo->prepare("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
$q->execute();
$q = $pdo->prepare("SELECT id FROM schools WHERE year=? AND (accesscode IS NULL OR accesscode='')");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$ac = generatePassword(5);
$stmt = $pdo->prepare("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE schools SET accesscode=? WHERE id=? AND year=?");
$stmt->execute([$ac,$r->id,$config['FAIRYEAR']]);
}
$notice = 'makeaccess';
}
@ -217,8 +217,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
'schools_management');
if (get_value_from_array($_GET, 'action') == 'edit') {
$buttontext = 'Save School';
$q = $pdo->prepare("SELECT * FROM schools WHERE id='" . get_value_from_array($_GET, 'edit', '') . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM schools WHERE id=?");
$q->execute([get_value_from_array($_GET, 'edit', '')]);
$r = $q->fetch(PDO::FETCH_OBJ);
} else if (get_value_from_array($_GET, 'action') == 'add') {
$buttontext = 'Add School';
@ -371,8 +371,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
echo ' <th>' . i18n('Action') . '</th>';
echo "</tr></thead>\n";
$q = $pdo->prepare("SELECT * FROM schools WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY school");
$q->execute();
$q = $pdo->prepare("SELECT * FROM schools WHERE year=? ORDER BY school");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<tr>\n";
echo " <td>$r->school</td>\n";

4
admin/schoolsimport.php
View File

@ -49,8 +49,8 @@ if (get_value_from_array($_POST, 'action') == 'import') {
// okay it looks like we have something.. lets dump the current stuff
if ($_POST['emptycurrent'] == 1) {
echo happy(i18n('Old school data erased'));
$stmt = $pdo->prepare("DELETE FROM schools WHERE year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM schools WHERE year=?");
$stmt->execute([$config['FAIRYEAR']]);
}
$loaded = 0;

28
admin/send_emailqueue.php
View File

@ -44,8 +44,8 @@ if (!$config['emailqueue_lock']) {
$q->execute();
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
$eq = $pdo->prepare("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
$eq->execute();
$eq = $pdo->prepare("SELECT * FROM emailqueue WHERE id=?");
$eq->execute([$r->emailqueue_id]);
$email = $eq->fetch(PDO::FETCH_OBJ);
$blank = array();
@ -73,31 +73,31 @@ if (!$config['emailqueue_lock']) {
$result = email_send_new($to, $email->from, $email->subject, $body, $bodyhtml);
if ($result) {
$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id=?");
$stmt->execute([$r->id]);
show_pdo_errors_if_any($pdo);
$newnumsent = $email->numsent + 1;
$stmt = $pdo->prepare("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE emailqueue SET numsent=? WHERE id=?");
$stmt->execute([$newnumsent,$email->id]);
show_pdo_errors_if_any($pdo);
echo "ok\n";
} else {
$stmt = Spdo->prepare("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id=?");
$stmt->execute([$r->id]);
show_pdo_errors_if_any($pdo);
$newnumfailed = $email->numfailed + 1;
$stmt = $pdo->prepare("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE emailqueue SET numfailed=? WHERE id=?");
$stmt->execute([$newnumfailed,$email->id]);
show_pdo_errors_if_any($pdo);
echo "failed\n";
}
// now check if we're done yet
$rq = $pdo->prepare("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
$rq->execute();
$rq = $pdo->prepare("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id=?");
$rq->execute([$email->id]);
$rr = $rq->fetch(PDO::FETCH_OBJ);
if ($rr->num == 0) {
$stmt = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id=?");
$stmt->execute([$email->id]);
}
usleep(rand($sleepmin, $sleepmax));
} else

16
admin/settranslation.php
View File

@ -38,19 +38,19 @@ foreach ($config['languages'] AS $l => $ln) {
$m = md5($_POST['translate_str_hidden']);
if ($_POST['translate_' . $l]) {
$q = $pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM translations WHERE lang=? AND strmd5=?");
$q->execute([$l,$m]);
if ($q->rowCount()) {
$stmt = $pdo->prepare("UPDATE translations SET val='" . iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_' . $l])) . "' WHERE lang='$l' AND strmd5='$m'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE translations SET val=? WHERE lang=? AND strmd5=?");
$stmt->execute([iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_' . $l])),$l,$m]);
} else {
$stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','" . iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_str_hidden'])) . "','" . iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_' . $l])) . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,val) VALUES (?,?,?,?)");
$stmt->execute([$l,$m,iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_str_hidden'])),iconv('UTF-8', 'ISO-8859-1', stripslashes($_POST['translate_' . $l]))]);
}
} else {
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang=? AND strmd5=?");
$stmt->execute([$l,$m]);
}
}
echo 'ok';

18
admin/sponsor_contacts.php
View File

@ -73,11 +73,11 @@ if ($sponsors_id) {
FROM users_sponsor, users
WHERE
users_sponsor.users_id=users.id
AND sponsors_id='$sponsors_id'
AND sponsors_id=?
AND `primary`='yes'
AND year='" . $config['FAIRYEAR'] . "'
AND users_id!='$id'");
$q->execute();
AND year=?
AND users_id!=?");
$q->execute([$sponsors_id,$config['FAIRYEAR'],$id]);
if ($q->rowCount() == 0) {
/* This must be the primary */
$p = 'yes';
@ -85,8 +85,8 @@ if ($sponsors_id) {
} else {
/* Unset all other primaries */
$stmt = $pdo->prepare("UPDATE users_sponsor SET `primary`='no'
WHERE sponsors_id='$sponsors_id'");
$stmt->execute();
WHERE sponsors_id=?");
$stmt->execute([$sponsors_id]);
}
$u['primary'] = $p;
@ -162,11 +162,11 @@ if ($sponsors_id) {
echo '<br />';
$q = $pdo->prepare("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
\t WHERE year='" . $config['FAIRYEAR'] . "'
\t AND sponsors_id='$sponsors_id'
\t WHERE year=?
\t AND sponsors_id=?
\t AND deleted='no'
\t ORDER BY lastname,firstname");
$q->execute();
$q->execute([$config['FAIRYEAR'],$sponsors_id]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount()) {

106
admin/student_editor.php
View File

@ -44,10 +44,10 @@ if ($auth_type == 'fair') {
/* Make sure they have permission to laod this student, check
the master copy of the fairs_id in the project */
$q = $pdo->prepare("SELECT * FROM projects WHERE
registrations_id='$registrations_id'
AND year='{$config['FAIRYEAR']}'
AND fairs_id=$fairs_id");
$q->execute();
registrations_id=?
AND year=?
AND fairs_id=?");
$q->execute([$registrations_id,$config['FAIRYEAR'],$fairs_id]);
if ($q->rowCount() != 1) {
echo 'permission denied.';
exit;
@ -75,8 +75,8 @@ switch ($action) {
case 'student_remove':
$remove_id = intval($_GET['students_id']);
$q = $pdo->prepare("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM students WHERE id=? AND registrations_id=?");
$q->execute([$remove_id,$registrations_id]);
if ($q->rowCount() != 1) {
error_('Invalid student to remove');
exit;
@ -86,42 +86,42 @@ switch ($action) {
exit;
}
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM students WHERE id=? AND registrations_id=?");
$stmt->execute([$remove_id,$registrations_id]);
// now see if they have an emergency contact that also needs to be removed
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$q->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
// no need to error message if this doesnt exist
if ($q->rowCount() == 1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$stmt->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
if ($q->rowCount() != 1) {
error_('Invalid student to remove');
exit;
}
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM students WHERE id=? AND registrations_id=?");
$stmt->execute([$remove_id,$registrations_id]);
// now see if they have an emergency contact that also needs to be removed
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$q->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
// no need to error message if this doesnt exist
if ($q->rowCount() == 1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$stmt->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM students WHERE id=? AND registrations_id=?");
$stmt->execute([$remove_id,$registrations_id]);
// now see if they have an emergency contact that also needs to be removed
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$q->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
// no need to error message if this doesnt exist
if ($q->rowCount() == 1)
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$stmt->execute([$remove_id,$registrations_id,$config['FAIRYEAR']]);
happy_('Student successfully removed');
exit;
@ -141,8 +141,8 @@ function students_save()
if ($_POST['id'][$x] == 0) {
// if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can choose the school on their own.
if ($config['participant_registration_type'] == 'schoolpassword' || $config['participant_registration_type'] == 'invite') {
$q = $pdo->prepare("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT schools_id FROM registrations WHERE id=? AND YEAR=?");
$q->execute([$registrations_id,$config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
$schools_id = $r->schools_id;
$schoolvalue = "'$schools_id', ";
@ -216,9 +216,9 @@ function students_load()
// now query and display
$q = $pdo->prepare("SELECT * FROM students WHERE
registrations_id='$registrations_id'
AND year='{$config['FAIRYEAR']}'");
$q->execute();
registrations_id=?
AND year=?");
$q->execute([$registrations_id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$numfound = $q->rowCount();
@ -405,8 +405,8 @@ function students_load()
echo "<tr>\n";
echo ' <td>' . i18n('School') . '</td><td colspan="3">';
if ($config['participant_registration_type'] == 'open' || $config['participant_registration_type'] == 'singlepassword' || $config['participant_registration_type'] == 'openorinvite' || ($studentinfo && !$studentinfo->schools_id)) {
$schoolq = $pdo->prepare("SELECT id,school,city FROM schools WHERE year='" . $config['FAIRYEAR'] . "' ORDER by city,school");
$schoolq->execute();
$schoolq = $pdo->prepare("SELECT id,school,city FROM schools WHERE year=? ORDER by city,school");
$schoolq->execute([$config['FAIRYEAR']]);
echo "<select name=\"schools_id[$x]\">\n";
echo '<option value="">' . i18n('Choose School') . "</option>\n";
while ($r = $schoolq->fetch(PDO::FETCH_OBJ)) {
@ -418,8 +418,8 @@ function students_load()
}
echo '</select>' . REQUIREDFIELD;
} else {
$schoolq = $pdo->prepare("SELECT id,school FROM schools WHERE year='" . $config['FAIRYEAR'] . "' AND id='$studentinfo->schools_id'");
$schoolq->execute();
$schoolq = $pdo->prepare("SELECT id,school FROM schools WHERE year=? AND id=?");
$schoolq->execute([$config['FAIRYEAR'],$studentinfo->schools_id]);
$r = $schoolq->fetch(PDO::FETCH_OBJ);
echo $r->school;
}
@ -471,23 +471,23 @@ function registration_load()
/* Find a reg num */
do {
$regnum = rand(100000, 999999);
$q = $pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
$q->execute();
$q = $pdo->prepare("SELECT * FROM registrations WHERE num=? AND year=?");
$q->execute([$regnum,$config['FAIRYEAR']]);
} while ($q->rowCount() > 0);
$r['num'] = $regnum;
echo notice(i18n('New registration number generated.'));
echo notice(i18n('This new registration will added when the "Save Registration Information" button is pressed below. At that time the other tabs will become available.'));
} else {
$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM registrations WHERE id=?");
$q->execute([$registrations_id]);
if ($q->rowCount() != 1)
$r = array();
else {
$r = $q->fetch(PDO::FETCH_ASSOC);
/* Get the fair from the project */
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
$q->execute();
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE registrations_id=?");
$q->execute([$registrations_id]);
if ($q->rowCount() == 1) {
$p = $q->fetch(PDO::FETCH_ASSOC);
$r['fairs_id'] = $p['fairs_id'];
@ -569,30 +569,30 @@ function registration_save()
if ($registrations_id == -1) {
$stmt = $pdo->prepare("INSERT INTO registrations (start,schools_id,year) VALUES (
NOW(), NULL, '{$config['FAIRYEAR']}')");
$stmt->execute();
NOW(), NULL,?)");
$stmt->execute([$config['FAIRYEAR']]);
$registrations_id = $pdo->lastInsertId();
/* Create one student and a project */
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES (
$registrations_id, '$registration_email', '{$config['FAIRYEAR']}')");
$stmt->execute();
?,?,?)");
$stmt->execute([$registrations_id,$registration_email,$config['FAIRYEAR']]);
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,year) VALUES (
$registrations_id, '{$config['FAIRYEAR']}')");
$stmt->execute();
?,?)");
$stmt->execute([$registrations_id,$config['FAIRYEAR']]);
happy_('Created student and project record');
}
/* Update registration */
$stmt = $pdo->prepare("UPDATE registrations SET
num='$registration_num',
status='$registration_status',
email='$registration_email'
num=?,
status=?,
email=?
WHERE
id='$registrations_id'");
$stmt->execute();
id=?");
$stmt->execute([$registration_num,$registration_status,$registration_email,$registrations_id]);
show_pdo_errors_if_any($pdo);
/*
@ -602,10 +602,10 @@ function registration_save()
if ($auth_type == 'fair')
$fairs_id = $_SESSION['fairs_id'];
$stmt = $pdo->prepare("UPDATE projects SET
fairs_id='$fairs_id'
fairs_id=?
WHERE
registrations_id='$registrations_id'");
$stmt->execute();
registrations_id=?");
$stmt->execute([$fairs_id,$registrations_id]);
show_pdo_errors_if_any($pdo);
happy_('Information Saved');
echo '<script language="javascript" type="text/javascript">';

50
admin/tours_assignments.php
View File

@ -33,9 +33,9 @@ user_auth_required('committee', 'admin');
/* Load Tours */
$query = "SELECT * FROM tours WHERE
year='{$config['FAIRYEAR']}'";
year=?";
$r = $pdo->prepare($query);
$r->execute();
$r->execute([$config['FAIRYEAR']]);
$tours = array();
while ($i = $r->fetch(PDO::FETCH_OBJ)) {
$tours[$i->id]['name'] = $i->name;
@ -45,20 +45,20 @@ while ($i = $r->fetch(PDO::FETCH_OBJ)) {
if (get_value_from_array($_GET, 'action') == 'info') {
$sid = intval($_GET['id']);
$query = "SELECT * FROM students WHERE id='$sid'
AND year='{$config['FAIRYEAR']}'";
$query = "SELECT * FROM students WHERE id=?
AND year=?";
$r = $pdo->prepare($query);
$r->execute();
$r->execute([$sid,$config['FAIRYEAR']]);
$i = $r->fetch(PDO::FETCH_OBJ);
send_popup_header(i18n('Student Tour Rank Information - %1 %2',
array($i->firstname, $i->lastname)));
$query = "SELECT * FROM tours_choice
WHERE students_id='$sid'
AND year='{$config['FAIRYEAR']}'
WHERE students_id=?
AND year=?
ORDER BY rank";
$r = $pdo->prepare($query);
$r->execute();
$r->execute([$sid,$config['FAIRYEAR']]);
echo '<table>';
$count = $r->rowwCount();
while ($i = $r->fetch(PDO::FETCH_OBJ)) {
@ -157,25 +157,25 @@ if (get_value_from_array($_POST, 'action') == 'add' && $tours_id != 0 && count($
$sid = intval($sid);
$q = $pdo->prepare("SELECT registrations_id FROM students
WHERE id='$sid'");
$q->execute();
WHERE id=?");
$q->execute([$sid]);
$i = $q->fetch(PDO::FETCH_OBJ);
$rid = $i->registrations_id;
/* Delete any old linking */
$stmt = $pdo->prepare("DELETE FROM tours_choice WHERE
students_id='$sid' AND
year='{$config['FAIRYEAR']}' AND
students_id=? AND
year=? AND
rank='0'");
$stmt->execute();
$stmt->execute([$sid,$config['FAIRYEAR']]);
/* Connect this student to this tour */
$stmt = $pdo->prepare("INSERT INTO tours_choice
(`students_id`,`registrations_id`,
`tour_id`,`year`,`rank`)
VALUES (
'$sid', '$rid', '$tours_id',
'{$config['FAIRYEAR']}','0')");
$stmt->execute();
?,?,?,
?,'0')");
$stmt->execute([$sid,$rid,$tours_id,$config['FAIRYEAR']]);
$added++;
}
if ($added == 1)
@ -193,20 +193,20 @@ $students_id = intval(get_value_from_array($_GET, 'students_id'));
if (get_value_from_array($_GET, 'action') == 'del' && $tours_id > 0 && $students_id > 0) {
$stmt = $pdo->prepare("DELETE FROM tours_choice
WHERE students_id='$students_id'
AND year='{$config['FAIRYEAR']}'
WHERE students_id=?
AND year=?
AND rank='0'");
$stmt->execute();
$stmt->execute([$students_id,$config['FAIRYEAR']]);
echo happy(i18n('Removed student from tour #%1 (%2)', array($tours[$tours_id]['num'], $tours[$tours_id]['name'])));
}
if (get_value_from_array($_GET, 'action') == 'empty' && $tours_id > 0) {
$stmt = $po->prepare("DELETE FROM tours_choice WHERE
tour_id='$tours_id'
AND year='{$config['FAIRYEAR']}'
tour_id=?
AND year=?
AND rank='0'");
$stmt->execute();
$stmt->execute([$tours_id,$config['FAIRYEAR']]);
echo happy(i18n('Emptied all students from tour #%1 (%2)', array($tours[$tours_id]['num'], $tours[$tours_id]['name'])));
}
@ -243,8 +243,8 @@ $querystr = "SELECT \tstudents.firstname, students.lastname,
LEFT JOIN tours_choice ON (tours_choice.students_id=students.id AND tours_choice.rank=0)
LEFT JOIN registrations ON registrations.id=students.registrations_id
WHERE
students.year='{$config['FAIRYEAR']}' AND
(tours_choice.year='{$config['FAIRYEAR']}' OR
students.year=? AND
(tours_choice.year=? OR
\t tours_choice.year IS NULL) AND
registrations.status='complete'
ORDER BY
@ -253,7 +253,7 @@ $querystr = "SELECT \tstudents.firstname, students.lastname,
tours_choice.rank";
$q = $pdo->prepare($querystr);
$q->execute();
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);

8
admin/tours_manager.php
View File

@ -39,12 +39,12 @@ send_header('Tour Management',
'Tours' => 'admin/tours.php'));
if ($_GET['action'] == 'renumber') {
$q = $pdo->prepare("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM tours WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
$x = 1;
while ($i = $q->fetch(PDP::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE tours SET num=? WHERE id=?");
$stmt->execute([$x,$i->id]);
$x++;
}
echo happy(i18n('Tours successfully renumbered'));

24
admin/tours_sa.php
View File

@ -53,9 +53,9 @@ TRACE('<pre>');
function set_status($txt)
{
TRACE("Status: $txt\n");
$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE
var='tours_assigner_activity' AND year=0");
$stmt->execute();
$stmt->execute([$txt]);
}
$set_percent_last_percent = -1;
@ -68,9 +68,9 @@ function set_percent($n)
return;
TRACE("Progress: $p\%\n");
$set_percent_last_percent = $p;
$stmt = $pdo->prepare("UPDATE config SET val='$p' WHERE
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE
var='tours_assigner_percent' AND year=0");
$stmt->execute();
$stmt->execute([$p]);
}
set_status('Initializing...');
@ -205,16 +205,16 @@ function tour_cost_function($annealer, $bucket_id, $ids)
set_status('Cleaning existing tour assignments...');
TRACE("\n\n");
$q = $pdo->prepare("DELETE FROM tours_choice
WHERE year='{$config['FAIRYEAR']}'
WHERE year=?
AND rank='0'");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
set_status('Loading Data From Database...');
TRACE("\n\n");
TRACE("Tours...\n");
$tours = array();
$q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q-- > execute();
$q = $pdo->prepare("SELECT * FROM tours WHERE year=?");
$q-> execute([$config['FAIRYEAR']]);
$x = 0;
/*
@ -240,13 +240,13 @@ $q = $pdo->prepare("SELECT students.id,students.grade,
FROM students
LEFT JOIN registrations ON registrations.id=students.registrations_id
WHERE
students.year='{$config['FAIRYEAR']}'
students.year=?
AND ( registrations.status='complete'
OR registrations.status='paymentpending' )
ORDER BY
students.id
");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
$last_sid = -1;
TRACE($pdo->errorInfo());
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -262,9 +262,9 @@ TRACE(' ' . (count($student_ids)) . " students loaded\n");
TRACE("Loading Tour Selection Preferences...\n");
$q = $pdo->prepare("SELECT * FROM tours_choice WHERE
tours_choice.year='{$config['FAIRYEAR']}'
tours_choice.year=?
ORDER BY rank ");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
TRACE($pdo->errorInfo());
$x = 0;
while ($r = $q->fetch(PDO::FETCH_OBJ)) {

10
admin/tours_sa_config.php
View File

@ -58,8 +58,8 @@ function tours_check_tours()
{
global $config;
global $pdo;
$q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM tours WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
return $q->rowCount();
}
@ -72,13 +72,13 @@ function tours_check_students()
LEFT JOIN tours_choice ON (tours_choice.students_id=students.id)
LEFT JOIN registrations ON (registrations.id=students.registrations_id)
WHERE
students.year='{$config['FAIRYEAR']}'
AND tours_choice.year='{$config['FAIRYEAR']}'
students.year=?
AND tours_choice.year=?
AND registrations.status='complete'
ORDER BY
students.id, tours_choice.rank
");
$q->execute();
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
return $q->rowCount();
}

8
admin/translations.php
View File

@ -57,8 +57,8 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// first, delete anything thats supposed to eb deleted
if (count(get_value_from_array($_POST, 'delete', []))) {
foreach ($_POST['delete'] AS $del) {
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang='" . $_SESSION['translang'] . "' AND strmd5='" . $del . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM translations WHERE lang=? AND strmd5=?");
$stmt->execute([$_SESSION['translang'],$del]);
}
echo happy(i18n('Translation(s) deleted'));
}
@ -113,8 +113,8 @@ if ($show == 'missing')
else
$showquery = '';
$q = $pdo->prepare("SELECT * FROM translations WHERE lang='" . get_value_from_array($_SESSION, 'translang') . "' $showquery ORDER BY str");
$q->execute();
$q = $pdo->prepare("SELECT * FROM translations WHERE lang=? ? ORDER BY str");
$q->execute([get_value_from_array($_SESSION, 'translang'),$showquery]);
$num = $q->rowCount();
echo i18n('Showing %1 translation strings', array($num), array('number of strings'));