arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

pushing another 100-150 database line changes. 99 more to go

Browse Source
This commit is contained in:
Muad Sakah 2025-02-05 02:25:53 +00:00
parent 1846545b7a
commit 888d350ddc
60 changed files with 717 additions and 712 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/award_awardcreatedivisional.php
View File

@ -113,11 +113,11 @@ if ($r->num) {
?,
'1',
?-?,
'" . i18n('Best %1 projects in the %2 division', array($c_category, $d_division)) . "',
?,
?,
?
)");
$q->execute([$_GET['sponsors_id'],$c_category,$d_division,$ord, $config['FAIRYEAR']]);
$q->execute([$_GET['sponsors_id'],$c_category,$d_division,i18n('Best %1 projects in the %2 division', array($c_category, $d_division)),$ord, $config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$award_awards_id = $pdo->lastInsertId();

3
admin/award_upload.php
View File

@ -69,7 +69,8 @@ function get_winners($awardid, $fairs_id)
if ($awardid == -1) {
/* Get all for this fair */
$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id=? AND year=?");
$q->execute([$fairs_id,$config['FAIRYEAR']]);
if ($q->rowCount() == 0) {
error_("Can't find award id $awardid");
return false;

4
admin/cms.php
View File

@ -207,8 +207,8 @@ if (get_value_from_array($_GET, 'filename', '') || get_value_from_array($_GET, '
echo '<tr><th>' . i18n('Filename') . '</th><th>' . i18n('Last Update') . '</th></tr>';
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
echo '<tr><td><a href="cms.php?filename=' . rawurlencode($r->filename) . "\">/web/$r->filename</a></td>";
$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='" . $r->filename . "' ORDER BY dt DESC LIMIT 1");
$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename=? ORDER BY dt DESC LIMIT 1");
$q->execute($r->filename);
$r2 = $q2->fetch(PDO::FETCH_OBJ);
if ($r2->dt == '0000-00-00 00:00:00')
$dt = 'Never';

4
admin/communication.php
View File

@ -668,8 +668,8 @@ case 'dialog_sender':
case 'loadaddresses':
if ($_GET['query'] && array_key_exists($_GET['query'], $mailqueries)) {
$q = $pdo->prepare($mailqueries[$_GET['query']]['query']);
$q->execute();
$q = $pdo->prepare('?');
$q->execute([$mailqueries[$_GET['query']]['query']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
if ($r->organization)
$s = "($r->organization) ";

16
admin/donors.php
View File

@ -838,10 +838,10 @@ function draw_activityinfo_form()
\t FROM fundraising_donor_logs AS fdl
\t LEFT JOIN users ON fdl.users_id=users.id
\t LEFT JOIN fundraising_campaigns ON fdl.fundraising_campaigns_id=fundraising_campaigns.id
\t WHERE sponsors_id=" . $sponsorid . ' ORDER BY dt DESC';
\t WHERE sponsors_id=? ORDER BY dt DESC";
// echo "<tr><td colspan=\"3\">" . $query . "</td></tr>";
$q = $pdo->prepare($query);
$q->execute();
$q->execute([$sponsorid ]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount()) {
while ($r = $q->fetch()) {
@ -872,14 +872,14 @@ function save_activityinfo($comment, $donorId, $userId, $type, $campaign_id = nu
$cid = 'NULL';
$query = "INSERT INTO fundraising_donor_logs (sponsors_id, dt, users_id, log, `type`, fundraising_campaigns_id)
VALUES ($donorId,
VALUES (?,
NOW(),
$userId,
'" . $comment . "',
'" . $type . "',
$cid)";
?,
?,
?,
?)";
$q = $pdo->prepare($query);
$q->execute();
$q->execute([$donorId,$userId,$comment,$type,$cid]);
show_pdo_errors_if_any($pdo);
}

4
admin/donors_search.php
View File

@ -42,10 +42,10 @@ if (count(get_value_from_array($_POST, 'donortype', []))) {
}
$sql .= ') ';
}
$query = "SELECT * FROM sponsors WHERE 1 $sql ORDER BY organization";
$query = "SELECT * FROM sponsors WHERE 1 ? ORDER BY organization";
// echo "query=$query";
$q = $pdo->prepare($query);
$q->execute();
$q->execute([$sql]);
get_value_from_array($_POST, 'donortype');
$thisyear = $config['FISCALYEAR'];
$lastyear = $config['FISCALYEAR'] - 1;

40
admin/fundraising.php
View File

@ -32,8 +32,8 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
<h3><?= i18n('Fundraising Purposes and Progress Year to Date') ?></h3>
<?
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY deadline");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY deadline");
$q->execute([$config['FISCALYEAR']]);
?>
<table class="tableview">
<thead>
@ -48,8 +48,8 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
<?
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
// lookup all donations made towards this goal
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal=? AND fiscalyear=? AND status='received'");
$recq->execute([$r->goal,$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
$recr = $recq->fetch(PDO::FETCH_OBJ);
$received = $recr->received;
@ -84,15 +84,15 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
</tr>
</thead>
<?
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear=?");
$q->execute([$config['FISCALYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$goalq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
$goalq->execute();
$goalq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal=? AND fiscalyear=?");
$goalq->execute([$r->fundraising_goal,$config['FISCALYEAR']]);
$goalr = $goalq->fetch(PDO::FETCH_OBJ);
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
$recq->execute();
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id=? AND fiscalyear=? AND status='received'");
$recq->execute([$r->id,$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
$recr = $recq->fetch(PDO::FETCH_OBJ);
$received = $recr->received;
@ -133,10 +133,10 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
\tDATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
FROM fundraising_donations
WHERE thanked='no' AND status='received'
AND fiscalyear='{$config['FISCALYEAR']}'
AND fiscalyear=?
ORDER BY datereceived
");
$q->execute();
$q->execute([$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount()) {
@ -149,8 +149,8 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
echo "</tr></thead>\n";
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$dq = $pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
$dq->execute();
$dq = $pdo->prepare("SELECT organization AS name FROM sponsors WHERE id=?");
$dq->execute([$r->sponsors_id]);
$dr = $dq->fetch(PDO::FETCH_OBJ);
if ($r->twomonth)
$s = 'style="background-color: ' . colour_to_percent(0) . ';"';
@ -190,10 +190,10 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
\tDATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
FROM fundraising_donations
WHERE (receiptrequired='yes' AND receiptsent='no') AND status='received'
AND fiscalyear='{$config['FISCALYEAR']}'
AND fiscalyear=?
ORDER BY datereceived
");
$q->execute();
$q->execute([$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount()) {
echo '<table class="tableview">';
@ -204,8 +204,8 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
echo "</tr>\n";
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$dq = $pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
$dq->execute();
$dq = $pdo->prepare("SELECT organization AS name FROM sponsors WHERE id=?");
$dq->execute([$r->sponsors_id]);
$dr = $dq->fetch(PDO::FETCH_OBJ);
if ($r->twomonth)
$s = 'style="background-color: ' . colour_to_percent(0) . ';"';
@ -280,8 +280,8 @@ if (get_value_from_array($_GET, 'action') == 'refresh') {
exit;
} else if (get_value_from_array($_POST, 'thanked')) {
foreach ($_POST['thanked'] AS $t) {
$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id=?");
$stmt->execute([$t]);
}
}

26
admin/fundraising_campaigns.php
View File

@ -465,9 +465,9 @@ case 'managelist':
print_r($_POST);
if (is_array($_POST['prospectremovefromlist'])) {
$uidlist = implode(',', $_POST['prospectremovefromlist']);
$query = "DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid' AND users_uid IN ($uidlist)";
$query = "DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=? AND users_uid IN (?)";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$campaignid,$uidlist]);
show_pdo_errors_if_any($pdo);
}
// if theres nobody left in the list we need to reset the filter params as well
@ -523,10 +523,10 @@ function save_campaign_info()
$startdate = $_POST['startdate'];
if (!$_GET['id']) {
$query = "INSERT INTO fundraising_campaigns (name, fiscalyear) VALUES ('" . stripslashes($_POST['name']) . "','{$config['FISCALYEAR']}')";
$query = "INSERT INTO fundraising_campaigns (name, fiscalyear) VALUES (?,?)";
echo $query;
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([stripslashes($_POST['name']),$config['FISCALYEAR']]);
$id = $pdo->lastInsertId();
happy_('Appeal Created');
} else {
@ -534,15 +534,15 @@ function save_campaign_info()
happy_('Appeal Saved');
}
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET
name='" . stripslashes($_POST['name']) . "',
`type`='" . $_POST['type'] . "',
startdate='" . $startdate . "',
followupdate='" . $_POST['followupdate'] . "',
enddate='" . $_POST['enddate'] . "',
target='" . $_POST['target'] . "',
fundraising_goal='" . $_POST['fundraising_goal'] . "'
WHERE id='$id'");
$stmt->execute();
name=?,
`type`=?,
startdate=?,
followupdate=?,
enddate=?,
target=?,
fundraising_goal=?
WHERE id=?");
$stmt->execute([stripslashes($_POST['name']),$_POST['type'],$startdate,$_POST['followupdate'],$_POST['enddate'],$_POST['target'],$_POST['fundraising_goal'],$id]);
}
send_header('Appeal Management',

4
admin/fundraising_goals_handler.inc.php
View File

@ -55,8 +55,8 @@ if ($_POST['action'] == 'fundedit') {
}
if ($_POST['action'] == 'fundadd') {
if ($goal && $type && $name) {
$stmt = $pdo->prepare("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES (?,?,?,'no',?,?)");
$stmt->execute([$goal,$name,$description,$budget,$config['FISCALYEAR']]);
happy_('Added new fund');
} else
error_('Required fields were missing, please try again');

14
admin/fundraising_main.inc.php
View File

@ -1,8 +1,8 @@
<?
if ($_GET['action'] == 'fundraisingmain') {
// this table is eventually going to be massive, and probably not in a tableview format, it'll show goals as well as all ongoing fund pledges, probabilities, etc as well as over/under, etc, all prettily colour coded.. basically a good overview of the total fundraising status of the fair.
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY system DESC,goal");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY system DESC,goal");
$q->execute([$config['FISCALYEAR']]);
echo '<table class="fundraisingtable">';
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -28,20 +28,20 @@ if ($_GET['action'] == 'fundraisingmain') {
SELECT fundraising_donations.id, sponsors.organization AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
\t FROM fundraising_donations
\t JOIN sponsors ON fundraising_donations.sponsors_id=sponsors.id
\t WHERE (fundraising_donations.fundraising_goal='$r->goal' $orsql)
\t AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}'
\t WHERE (fundraising_donations.fundraising_goal=? ?)
\t AND fundraising_donations.fiscalyear=?
UNION
SELECT fundraising_donations.id, CONCAT(users.firstname,' ',users.lastname) AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
\t FROM fundraising_donations
\t JOIN users ON fundraising_donations.users_uid=users.uid
\t WHERE (fundraising_donations.fundraising_goal='$r->goal' $orsql)
\t AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}'
\t WHERE (fundraising_donations.fundraising_goal=? ?)
\t AND fundraising_donations.fiscalyear=?
\t ORDER BY status DESC, probability DESC, name
");
$sq->execute();
$sq->execute([$r->goal,$orsql,$config['FISCALYEAR'],$r->goal,$orsql,$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
while ($sr = $sq->fetch(PDO::FETCH_OBJ)) {
echo "<tr id=\"sponsorships_$sr->id\" class=\"fundraising{$sr->status}\">";

4
admin/fundraising_reports.php
View File

@ -84,8 +84,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
<select name="goal">
<option value="">All purposes</option>
<?
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY name");
$q->execute([$config['FISCALYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<option value=\"$r->goal\">$r->name</option>\n";
}

28
admin/fundraising_reports_std.php
View File

@ -44,13 +44,13 @@ if ($id && $type) {
$rep->newPage();
$rep->setFontSize(8);
}
$sql = "SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ";
$sql = "SELECT * FROM fundraising_campaigns WHERE fiscalyear=? ";
if ($_GET['fundraising_campaigns_id']) {
$sql .= " AND id='" . intval($_GET['fundraising_campaigns_id']) . "'";
}
$sql .= ' ORDER BY name';
$q = $pdo->prepare($sql);
$q->execute();
$q->execute([$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$rep->heading($r->name);
@ -62,8 +62,8 @@ if ($id && $type) {
$thisyear = $config['FISCALYEAR'];
$lastyear = $config['FISCALYEAR'] - 1;
$pq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$r->id'");
$pq->execute();
$pq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=?");
$pq->execute([$r->id]);
while ($pr = $pq->fetch(PDO::FETCH_OBJ)) {
$u = user_load_by_uid($pr->users_uid);
// hopefully this never returns false, but who knows..
@ -75,16 +75,16 @@ if ($id && $type) {
// gah i dont know what the heck to do here
if ($u['sponsors_id']) {
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND fundraising_campaigns_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
$cq->execute();
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id=? AND fundraising_campaigns_id=? AND status='received' AND fiscalyear=?");
$cq->execute([$u['sponsors_id'],$r->id,$thisyear]);
$cr = $cq->fetch(PDO::FETCH_OBJ);
$thisappeal = $cr->total;
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$thisyear'");
$cq->execute();
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id=? AND status='received' AND fiscalyear=?");
$cq->execute([$u['sponsors_id'],$thisyear]);
$cr = $cq->fetch(PDO::FETCH_OBJ);
$thisyeartotal = $cr->total;
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$lastyear'");
$cq->execute();
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id=? AND status='received' AND fiscalyear=?");
$cq->execute([$u['sponsors_id'],$lastyear]);
$cr = $cq->fetch(PDO::FETCH_OBJ);
$lastyeartotal = $cr->total;
if ($lastyeartotal)
@ -126,13 +126,13 @@ if ($id && $type) {
$rep->newPage();
$rep->setFontSize(8);
}
$sql = "SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ";
$sql = "SELECT * FROM fundraising_goals WHERE fiscalyear=? ";
if ($_GET['goal']) {
$sql .= " AND goal='" . $_GET['goal'] . "'";
}
$sql .= ' ORDER BY name';
$q = $pdo->prepare($sql);
$q->execute();
$q->execute([$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -143,8 +143,8 @@ if ($id && $type) {
$table['widths'] = array(1.5, 0.5, 0.5, 0.75, 0.9, 0.9, 0.9, 0.5);
$table['dataalign'] = array('left', 'right', 'right', 'center', 'center', 'center', 'center', 'right');
$cq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
$cq->execute();
$cq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fundraising_goal=? AND fiscalyear=?");
$cq->execute([$r->goal,$config['FISCALYEAR']]);
while ($cr = $cq->fetch(PDO::FETCH_OBJ)) {
$table['data'][] = array(
$cr->name,

124
admin/fundraising_setup.php
View File

@ -28,45 +28,45 @@ require_once ('../user.inc.php');
user_auth_required('committee', 'admin');
// first, insert any default fundraising donor levels
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='" . $config['FISCALYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear=?");
$q->execute([$config['FISCALYEAR']]);
if (!$q->rowCount()) {
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='-1'");
$q->execute();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
'" . $r->level . "',
'" . $r->min . "',
'" . $r->max . "',
'" . $r->description . "',
'" . $config['FISCALYEAR'] . ")')");
?,
?,
?,
?,
?)')");
$pdo->execute();
$pdo->execute([$r->level,$r->min,$r->max,$r->description,$config['FISCALYEAR']]);
}
}
// first, insert any default fundraising goals
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='" . $config['FISCALYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=?");
$q->execute([$config['FISCALYEAR']]);
if (!$q->rowCount()) {
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
$q->execute();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
'" . stripslashes($r->goal) . "',
'" . stripslashes($r->name) . "',
'" . stripslashes($r->description) . "',
'" . $r->system . "',
'" . $r->budget . "',
'" . $config['FISCALYEAR'] . "')");
$stmt->execute();
?,
?,
?,
?,
?,
?)");
$stmt->execute([stripslashes($r->goal),stripslashes($r->name),stripslashes($r->description),$r->system,$r->budget, $config['FISCALYEAR']]);
}
}
switch (get_value_from_array($_GET, 'gettab')) {
case 'levels':
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY max");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear=? ORDER BY max");
$q->execute([$config['FISCALYEAR']]);
echo "<div id=\"levelaccordion\" style=\"width: 75%;\">\n";
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<h3><a href=\"#\">$r->level (" . format_money($r->min, false) . ' to ' . format_money($r->max, false) . ")</a></h3>\n";
@ -120,8 +120,8 @@ switch (get_value_from_array($_GET, 'gettab')) {
break;
case 'goals':
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY name");
$q->execute([$config['FISCALYEAR']]);
echo "<div id=\"goalaccordion\" style=\"width: 75%;\">\n";
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "<h3><a href=\"#\">$r->name (" . format_money($r->budget, false) . ') Deadline: ' . format_date($r->deadline) . "</a></h3>\n";
@ -225,30 +225,30 @@ switch (get_value_from_array($_GET, 'action')) {
if ($id) {
$stmt = $pdo->prepare("UPDATE fundraising_donor_levels SET
min='" . $_POST['min'] . "',
max='" . $_POST['max'] . "',
level='" . stripslashes($_POST['level']) . "',
description='" . stripslashes($_POST['description']) . "'
WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
min=?,
max=?,
level=?,
description=?
WHERE id=? AND fiscalyear=?
");
$stmt->execute();
$stmt->execute([$_POST['min'],$_POST['max'],stripslashes($_POST['level']),stripslashes($_POST['description']),$id,$config['FISCALYEAR']]);
happy_('Level Saved');
} else {
$stmt = $pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
'" . $_POST['level'] . "',
'" . $_POST['min'] . "',
'" . $_POST['max'] . "',
'" . $_POST['description'] . "',
'{$config['FISCALYEAR']}')");
$stmt->execute();
?,
?,
?,
?,
?)");
$stmt->execute([$_POST['level'],$_POST['min'],$_POST['max'],$_POST['description'],$config['FISCALYEAR']]);
happy_('Level Created');
}
exit;
break;
case 'level_delete':
$id = $_POST['id'];
$stmt = $pdo->prepare("DELETE FROM fundraising_donor_levels WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM fundraising_donor_levels WHERE id=? AND fiscalyear=?");
$stmt->execute([$id,$config['FISCALYEAR']]);
happy_('Level Deleted');
exit;
break;
@ -261,20 +261,20 @@ switch (get_value_from_array($_GET, 'action')) {
}
if ($id) {
$stmt = $pdo->prepare("UPDATE fundraising_goals SET
budget='" . $_POST['budget'] . "',
deadline='" . $_POST['deadline'] . "',
name='" . stripslashes($_POST['name']) . "',
description='" . stripslashes($_POST['description']) . "'
WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
budget=?,
deadline=?,
name=?,
description=?
WHERE id=? AND fiscalyear=?
");
$stmt->execute();
$stmt->execute([$_POST['budget'],$_POST['deadline'],stripslashes($_POST['name']),stripslashes($_POST['description']),$id,$config['FISCALYEAR']]);
happy_('Purpose Saved');
} else {
$goal = strtolower($_POST['name']);
$goal = preg_replace('[^a-z]', '', $goal);
echo "SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'";
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal=? AND fiscalyear=?");
$q->execute([$goal,$config['FISCALYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount()) {
error_('The automatically generated purpose key (%1) generated from (%2) is not unique. Please try a different Purpose Name', array($goal, $_POST['name']));
@ -282,13 +282,13 @@ switch (get_value_from_array($_GET, 'action')) {
}
$stmt = $pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`budget`,`deadline`,`description`,`fiscalyear`) VALUES (
'" . $goal . "',
'" . $_POST['name'] . "',
'" . $_POST['budget'] . "',
'" . $_POST['deadline'] . "',
'" . $_POST['description'] . "',
'{$config['FISCALYEAR']}')");
$stmt->execute();
?,
?,
?,
?,
?,
?)");
$stmt->execute([$goal,$_POST['name'],$_POST['budget'],$_POST['deadline'],$_POST['description'],$config['FISCALYEAR']]);
happy_('Purpose Created');
}
exit;
@ -296,8 +296,8 @@ switch (get_value_from_array($_GET, 'action')) {
case 'goal_delete':
$id = $_POST['id'];
// they cant delete system ones
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id=? AND fiscalyear=?");
$q->execute([$id,$config['FISCALYEAR']]);
if (!$r = $q->fetch(PDO::FETCH_OBJ)) {
error_('Invalid goal to delete');
exit;
@ -306,15 +306,15 @@ switch (get_value_from_array($_GET, 'action')) {
error_('Fundraising goals created automatically and used by the system cannot be deleted');
exit;
}
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_goal=? AND fiscalyear=?");
$q->execute([$r->goal,$config['FISCALYEAR']]);
if ($q->rowCount()) {
error_('This goal already has donations assigned to it, it cannot be deleted');
exit;
}
$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id=? AND fiscalyear=?");
$stmt->execute([$id,$config['FISCALYEAR']]);
happy_('Purpose Deleted');
exit;
break;
@ -322,14 +322,14 @@ switch (get_value_from_array($_GET, 'action')) {
case 'setup_save':
$fye = sprintf('%02d-%02d', intval($_POST['fiscalendmonth']), intval($_POST['fiscalendday']));
$stmt = $pdo->prepare("UPDATE config SET val='$fye' WHERE var='fiscal_yearend' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='fiscal_yearend' AND year=?");
$stmt->execute([$fye,$config['FAIRYEAR']]);
$stmt = $pdo->prepare("UPDATE config SET val='" . $_POST['registeredcharity'] . "' WHERE var='registered_charity' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='registered_charity' AND year=?");
$stmt->execute([$_POST['registeredcharity'],$config['FAIRYEAR']]);
$stmt = $pdo->prepare("UPDATE config SET val='" . $_POST['charitynumber'] . "' WHERE var='charity_number' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='charity_number' AND year=?");
$stmt->execute([$_POST['charitynumber'],$config['FAIRYEAR']]);
happy_('Fundraising module setup saved');
exit;
break;

4
admin/fundraising_sponsorship.php
View File

@ -29,8 +29,8 @@ user_auth_required('committee', 'admin');
if ($_GET['id']) {
$id = intval($_GET['id']);
$q = $pdo->prepare("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id='$id' AND fundraising_donations.sponsors_id=sponsors.id");
$q->execute();
$q = $pdo->prepare("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id=? AND fundraising_donations.sponsors_id=sponsors.id");
$q->execute([$id]);
$sponsorship = $q->fetch(PDO::FETCH_OBJ);
$formaction = 'sponsorshipedit';
} else {

32
admin/fundraising_sponsorship_handler.inc.php
View File

@ -1,7 +1,7 @@
<?
if ($_POST['action'] == 'sponsorshipdelete') {
$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='" . intval($_POST['delete']) . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE id=?");
$stmt->execute([intval($_POST['delete'])]);
if ($pdo->rowCount())
happy_('Successfully removed sponsorship');
exit;
@ -24,8 +24,8 @@ if ($_POST['action'] == 'sponsorshipedit' || $_POST['action'] == 'sponsorshipadd
if ($_POST['action'] == 'sponsorshipedit') {
if ($fundraising_donations_id && $fundraising_type && $value) {
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE id='$fundraising_donations_id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE id=?");
$q->execute([$fundraising_donations_id]);
$current = $q->fetch(PDO::FETCH_OBJ);
unset($log);
@ -43,15 +43,15 @@ if ($_POST['action'] == 'sponsorshipedit') {
$log[] = "Changed sponsorship probability from $current->probability to $probability";
if (count($log)) {
$stmt = $pdo->prepare("UPDATE fundraising_donations SET fundraising_type='$fundraising_type', value='$value', status='$status', probability='$probability' WHERE id='$fundraising_donations_id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE fundraising_donations SET fundraising_type=?, value=?, status=?, probability=? WHERE id=?");
$stmt->execute([$fundraising_type,$value,$status,$probability,$fundraising_donations_id]);
foreach ($log AS $l) {
$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
'$current->sponsors_id',
?,
NOW(),
'" . $_SESSION['users_id'] . "',
'" . $l . "')");
$stmt->execute();
?,
?)");
$stmt->execute([$current->sponsors_id,$_SESSION['users_id'],$l]);
}
if ($pdo->errorInfo())
echo error_($pdo->errorInfo());
@ -66,16 +66,16 @@ if ($_POST['action'] == 'sponsorshipedit') {
}
if ($_POST['action'] == 'sponsorshipadd') {
if ($sponsors_id && $fundraising_type && $value) {
$stmt = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES ('$sponsors_id','$fundraising_type','$value','$status','$probability','{$config['FISCALYEAR']}')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES (?,?,?,?,?,?)");
$stmt->execute([$sponsors_id,$fundraising_type,$value,$status,$probability,$config['FISCALYEAR']]);
$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
$stmt->execute();
'$sponsors_id',
?,
NOW(),
'" . $_SESSION['users_id'] . "',
'" . "Created sponsorship: type=$fundraising_type, value=\$$value, status=$status, probability=$probability%") . "')";
?,
'" . "Created sponsorship: type=?, value=\$?, status=?, probability=?%") . "')";
happy_('Added new sponsorship');
$stmt->execute([$sponsors_id,$_SESSION['users_id'],$fundraising_type,$value,$status,$probability]);
} else
error_('Required fields were missing, please try again');
if ($pdo->errorInfo())

4
admin/fundraising_types.php
View File

@ -29,8 +29,8 @@ user_auth_required('committee', 'admin');
if ($_GET['id']) {
$id = intval($_GET['id']);
$q = $pdo->prepare("SELECT * FROM fundraising WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM fundraising WHERE id=?");
$q->execute([$id]);
// echo "<h2>Edit Fund</h2>";
$fund = $q->fetch(PDO::FETCH_OBJ);
$formaction = 'fundedit';

4
admin/gettranslation.php
View File

@ -30,8 +30,8 @@ $ret = array();
foreach ($config['languages'] AS $l => $ln) {
if ($l == $config['default_language'])
continue;
$q = $pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='" . md5(iconv('ISO-8859-1', 'UTF-8', $_GET['str'])) . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM translations WHERE lang=? AND strmd5=?");
$q->execute([$l,md5(iconv('ISO-8859-1', 'UTF-8', $_GET['str']))]);
if ($r = $q->fetch(PDO::FETCH_OBJ))
$ret[$l] = iconv('ISO-8859-1', 'UTF-8', $r->val);
else

18
admin/judges_info.php
View File

@ -105,8 +105,8 @@ if ($id < 1) {
// get their availability
$availabilityText = '';
if ($config['judges_availability_enable'] == 'yes') {
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"?\" ORDER BY `start`");
$q->execute([$judgeinfo['id']]);
$sel = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$st = substr($r->start, 0, 5);
@ -133,7 +133,7 @@ if ($judgeinfo['special_award_only'] == 'yes') {
. ' JOIN award_awards aa ON aa.id = jss.award_awards_id'
. ' WHERE users.id=' . $id;
$results = $pdo->prepare($query);
$results . execute();
$results->execute();
while ($record = $results . fetch()) {
$awardList[] = $record['awardname'];
}
@ -143,8 +143,8 @@ if ($judgeinfo['special_award_only'] == 'yes') {
}
// get their preference for age category
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
$catPreferenceText = $pdo->errorInfo() . '<ul>';
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
@ -188,8 +188,8 @@ $catPreferenceText .= '</ul>';
<?php
// grab the list of divisions, because the last fields of the table will be the sub-divisions
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
$divs = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divs[] = $r->id;
@ -203,8 +203,8 @@ foreach ($divs as $div) {
echo '<td>';
$subq = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE
projectdivisions_id='$div' AND year='{$config['FAIRYEAR']}' ORDER BY subdivision");
$subq->execute();
projectdivisions_id=? AND year=? ORDER BY subdivision");
$subq->execute([$div,$config['FAIRYEAR']]);
$sd = array();
while ($subr = $subq->fetch(PDO::FETCH_OBJ)) {
if ($u['div_prefs_sub'][$subr->id] == 1) {

48
admin/judges_jdiv.php
View File

@ -56,16 +56,16 @@ function newbuttonclicked(jdivs)
$div = array();
$divshort = array();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divshort[$r->id] = $r->division_shortform;
$div[$r->id] = $r->division;
}
$cat = array();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$cat[$r->id] = $r->category;
}
@ -74,8 +74,8 @@ $dkeys = array_keys($div);
$ckeys = array_keys($cat);
if ($config['filterdivisionbycategory'] == 'yes') {
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY projectdivisions_id,projectcategories_id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year=? ORDER BY projectdivisions_id,projectcategories_id");
$q->execute([$config['FAIRYEAR']]);
$divcat = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divcat[] = array('c' => $r->projectcategories_id, 'd' => $r->projectdivisions_id);
@ -133,13 +133,13 @@ function get_all_divs()
* unassigned anymore
*/
$stmt = $pdo->prepare('INSERT INTO judges_jdiv (id, jdiv_id, projectdivisions_id, projectcategories_id, lang) '
. " VALUES('', 0, '$y', '$x', '$z')");
$stmt->execute();
. " VALUES('', 0,?,?,?)");
$stmt->execute([$y,$x,$z]);
$q = $pdo->prepare('SELECT id FROM judges_jdiv WHERE '
. " projectdivisions_id='$y' "
. " AND projectcategories_id='$x' "
. " AND lang='$z' ");
$q->execute();
. " projectdivisions_id=?"
. " AND projectcategories_id=?"
. " AND lang=?");
$q->execute([$y,$x,$z]);
$r = $q->fetch(PDO::FETCH_OBJ);
$cdl[$r->id]['id'] = $r->id;
@ -159,13 +159,13 @@ function get_all_divs()
$y = $divshort[$cdl[$id]['div']];
$z = $div[$cdl[$id]['div']];
$q = $pdo->prepare('SELECT count(projects.id) AS cnt FROM projects,registrations WHERE '
. " projectdivisions_id='{$cdl[$id]['div']}' "
. " AND projectcategories_id='{$cdl[$id]['cat']}' "
. " AND language='{$cdl[$id]['lang']}' "
. " AND registrations.year='{$config['FAIRYEAR']}'"
. " projectdivisions_id=?"
. " AND projectcategories_id=?"
. " AND language=?"
. " AND registrations.year=?"
. ' AND projects.registrations_id=registrations.id'
. " AND (registrations.status='complete' OR registrations.status='paymentpending')");
$q->execute();
$q->execute([$cdl[$id]['div'],$cdl[$id]['cat'],$cdl[$id]['lang'],$config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
show_pdo_errors_if_any($pdo);
@ -180,21 +180,21 @@ function get_all_divs()
if (get_value_from_array($_POST, 'action') == 'add' && get_value_from_array($_POST, 'jdiv_id') && count(get_value_from_array($_POST, 'cdllist', [])) > 0) {
foreach ($_POST['cdllist'] AS $selectedcdl) {
$q = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id='{$_POST['jdiv_id']}' WHERE "
. " id='$selectedcdl' ");
$q->execute();
$q = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=? WHERE "
. " id=?");
$q->execute([$_POST['jdiv_id'],$selectedcdl]);
}
echo happy(i18n('Judging Division(s) successfully added'));
}
if (get_value_from_array($_GET, 'action') == 'del' && get_value_from_array($_GET, 'cdl_id')) {
$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE id='{$_GET['cdl_id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE id=?");
$stmt->execute([$_GET['cdl_id']]);
}
if (get_value_from_array($_GET, 'action') == 'empty' && get_value_from_array($_GET, 'jdiv_id')) {
$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id='{$_GET['jdiv_id']}' ");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id=?");
$stmt->execute([$_GET['jdiv_id']]);
echo happy(i18n('Emptied all divisions from Judging Division Group %1', array($_GET['jdiv_id'])));
}

148
admin/judges_sa.php
View File

@ -63,9 +63,9 @@ function set_status($txt)
{
global $pdo;
TRACE("Status: $txt\n");
$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE
var='judge_scheduler_activity' AND year=0");
$stmt->execute();
$stmt->execute([$txt]);
}
$set_percent_last_percent = -1;
@ -78,9 +78,9 @@ function set_percent($n)
if ($p == $set_percent_last_percent)
return;
TRACE("Progress: $p\%\n");
$stmt = $pdo->prepare("UPDATE config SET val='$p' WHERE
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE
var='judge_scheduler_percent' AND year=0");
$stmt->execute();
$stmt->execute([$p]);
$set_percent_last_percent = $p;
}
@ -413,8 +413,8 @@ set_status('Loading Data From Database...');
TRACE("\n\n");
$div = array();
TRACE("Loading Project Divisions...\n");
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divshort[$r->id] = $r->division_shortform;
$div[$r->id] = $r->division;
@ -423,8 +423,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
TRACE("Loading Project Age Categories...\n");
$cat = array();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$cat[$r->id] = $r->category;
TRACE(" {$r->id} - {$r->category}\n");
@ -442,14 +442,14 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
TRACE("Loading Judging Round time data...\n");
$round_special_awards = array();
$round = array();
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`=?");
$q->execute([$config['FAIRYEAR']]);
/* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
TRACE(" id:{$r['id']} type:{$r['type']} name:{$r['name']}\n");
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
$qq->execute();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=?");
$qq->execute([$r['id']]);
if ($qq->rowCount() == 0) {
echo "ERROR: Round type:{$r['type']} name:{$r['name']} has no judging timeslots! Abort.\n";
exit;
@ -497,13 +497,13 @@ foreach ($keys as $jdiv_id) {
TRACE("\t- ");
TRACE($cat[$d['cat']] . ' ' . $div[$d['div']] . ' - ' . $langr[$d['lang']]);
$qp = $pdo->prepare('SELECT projects.* FROM projects, registrations WHERE '
. " projects.year='" . $config['FAIRYEAR'] . "' AND "
. " projectdivisions_id='{$d['div']}' AND "
. " projectcategories_id='{$d['cat']}' AND "
. " language='{$d['lang']}' AND "
. " projects.year=? AND "
. " projectdivisions_id=? AND "
. " projectcategories_id=? AND "
. " language=? AND "
. ' registrations.id = projects.registrations_id '
. getJudgingEligibilityCode());
$qp->execute();
$qp->execute([$config['FAIRYEAR'],$d['div'],$d['cat'],$d['lang']]);
$count = 0;
while ($rp = $qp->fetch(PDO::FETCH_OBJ)) {
$jdiv[$jdiv_id]['projects'][$rp->id] = array(
@ -524,37 +524,37 @@ foreach ($keys as $jdiv_id) {
/* Clean out the judging teams that were autocreated in a previous run */
TRACE('Deleting autocreated divisional and special award judging teams:');
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year=?");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$id = $r->id;
print (" $id");
/* Clean out the judges_teams_link */
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
$stmt->execute([$id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
/* Awards */
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
$stmt->execute([$id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
/* Timeslots */
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
$stmt->execute([$id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
/* Timeslots projects */
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
$stmt->execute([$id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
}
echo "\n";
/* Finally, delete all the autocreated judges teams */
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year=?");
$stmt->execute([$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
/*
@ -564,14 +564,14 @@ show_pdo_errors_if_any($pdo);
$q = $pdo->prepare("SELECT judges_teams_link.id, judges_teams.id AS judges_teams_id
FROM judges_teams_link
LEFT JOIN judges_teams ON judges_teams_link.judges_teams_id=judges_teams.id
WHERE judges_teams_link.year={$config['FAIRYEAR']}");
WHERE judges_teams_link.year=?");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
$n = 0;
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
if (!$r->judges_teams_id) {
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE id='$r->id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE id=?");
$stmt->execute([$r->id]);
$n++;
}
}
@ -595,9 +595,9 @@ foreach ($judges as &$j) {
}
$q = $pdo->prepare("SELECT users_id FROM judges_teams_link WHERE
users_id='{$j['id']}'
AND year='{$config['FAIRYEAR']}'");
$q->execute();
users_id=?
AND year=?");
$q->execute([$j['id'],$config['FAIRYEAR']]);
if ($q->rowCount() != 0) {
TRACE(" {$j['name']} is already on a judging team, skipping.\n");
unset($judges[$j['id']]);
@ -605,8 +605,8 @@ foreach ($judges as &$j) {
}
if ($config['judges_availability_enable'] == 'yes') {
/* Load the judge time availability */
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='{$j['id']}' ORDER BY `start`");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=? ORDER BY `start`");
$q->execute([$j['id']]);
if ($q->rowCount() == 0) {
TRACE(" {$j['name']} hasn't selected any time availability, POTENTIAL BUG (they shouldn't be marked as complete).\n");
TRACE(" Ignoring this judge.\n");
@ -624,9 +624,9 @@ foreach ($judges as &$j) {
judges_specialaward_sel,award_awards
WHERE
award_awards.id=judges_specialaward_sel.award_awards_id
AND judges_specialaward_sel.users_id='{$j['id']}'
AND award_awards.year='{$config['FAIRYEAR']}'");
$q->execute();
AND judges_specialaward_sel.users_id=?
AND award_awards.year=?");
$q->execute([$j['id'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($j['special_award_only'] == 'yes') {
@ -676,8 +676,8 @@ if (count($judges) == 0) {
* Load the numbers for any user-defined judge teams that already exist,
* these numbers will be off-limits for auto-assigning numbers
*/
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year={$config['FAIRYEAR']}");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
$used_judges_teams_numbers = array();
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {
$used_judges_teams_numbers[] = $i['num'];
@ -727,9 +727,9 @@ function judge_team_add_judge($team_id, $users_id)
global $config, $judges;
$stmt = $pdo->prepare("INSERT INTO judges_teams_link
\t (users_id,judges_teams_id,captain,year)
\t VALUES ('$users_id','$team_id','{$judges[$users_id]['willing_chair']}',
'{$config['FAIRYEAR']}')");
$stmt->execute();
\t VALUES (?,?,?,
?)");
$stmt->execute([$users_id,$team_id,$judges[$users_id]['willing_chair'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
}
@ -919,20 +919,20 @@ for ($x = 1; $x < count($jteam); $x++) {
award_awards_projectcategories,
award_awards_projectdivisions
WHERE
award_awards.year='{$config['FAIRYEAR']}'
award_awards.year=?
AND award_awards.id=award_awards_projectcategories.award_awards_id
AND award_awards.id=award_awards_projectdivisions.award_awards_id
AND award_awards_projectcategories.projectcategories_id='{$cfg['cat']}'
AND award_awards_projectdivisions.projectdivisions_id='{$cfg['div']}'
AND award_awards_projectcategories.projectcategories_id=?
AND award_awards_projectdivisions.projectdivisions_id=?
AND award_awards.award_types_id='1'
");
$q->execute();
$q->execute([$config['FAIRYEAR'],$cfg['cat'],$cfg['div']]);
if ($q->rowCount() != 1) {
echo error(i18n('Cannot find award for %1 - %2', array($cat[$cfg['cat']], $div[$cfg['div']])));
} else {
$r = $q->fetch(PDO::FETCH_OBJ);
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','{$config['FAIRYEAR']}')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
$stmt->execute([$r->id,$team_id,$config['FAIRYEAR']]);
/* Add the award ID to the jdiv, if it's not already there */
if (!in_array($r->id, $jdiv[$t['jdiv_id']]['award_ids'])) {
$jdiv[$t['jdiv_id']]['award_ids'][] = $r->id;
@ -1008,8 +1008,8 @@ if ($round_divisional2 == NULL) {
/* Assign all the awards in this jdiv */
foreach ($jd['award_ids'] as $aid) {
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$aid','$team_id','{$config['FAIRYEAR']}')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
$stmt->execute([$aid,$team_id,$config['FAIRYEAR']]);
}
}
}
@ -1134,14 +1134,14 @@ if ($config['scheduler_enable_sa_scheduling'] == 'yes') {
/* Load special awards */
$q = "SELECT award_awards.name,award_awards.id FROM award_awards,award_types
WHERE
award_awards.year='{$config['FAIRYEAR']}'
award_awards.year=?
AND award_types.id=award_awards.award_types_id
AND award_awards.schedule_judges='yes'
AND award_types.year='{$config['FAIRYEAR']}'
AND award_types.year=?
AND award_types.type='Special'
";
$r = $pdo->prepare($q);
$r->execute();
$r->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
print ($pdo->errorInfo());
/* sa_jteam for leftover judges, if any */
$sa_jteam = array();
@ -1179,8 +1179,8 @@ if ($config['scheduler_enable_sa_scheduling'] == 'yes') {
/* Link the award to this team */
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year)
VALUES ('{$i->id}','{$sa_jteam[$x]['id']}','{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,?)");
$stmt->execute([$i->id,$sa_jteam[$x]['id'],$config['FAIRYEAR']]);
TRACE("Created Team: {$i->name}, " . count($projects) . " projects => $min judges needed (db id:{$sa_jteam[$x]['id']}) \n");
$x++;
@ -1397,16 +1397,16 @@ if ($config['scheduler_enable_sa_scheduling'] == 'yes') {
/* Do timeslot and project timeslot assignment */
$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link
(judges_teams_id,judges_timeslots_id,year)
VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,?)");
$stmt->execute([$t['id'],$r['timeslots'][0]['id'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
foreach ($t['projects'] as $proj) {
$pid = $proj['id'];
$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link
(judges_teams_id,judges_timeslots_id,projects_id,year)
VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '$pid', '{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,?,?)");
$stmt->execute([$t['id'],$r['timeslots'][0]['id'],$pid,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
}
$ids = $a->bucket[$x];
@ -1437,11 +1437,11 @@ TRACE("Loading Divisional1 Timeslot Data\n");
$available_timeslots = array();
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE
round_id='{$round_divisional1['id']}'
AND year='{$config['FAIRYEAR']}'
round_id=?
AND year=?
AND type='timeslot'
ORDER BY date,starttime");
$q->execute();
$q->execute([$round_divisional1['id'],$config['FAIRYEAR']]);
$x = 0;
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$available_timeslots[] = array('id' => $r->id,
@ -1622,17 +1622,17 @@ for ($k = 0; $k < $keys_count; $k++) {
/* if jteam_id isn't 0, instert it into the db */
$stmt = $pdo->prepare('INSERT INTO judges_teams_timeslots_link '
. ' (judges_teams_id,judges_timeslots_id,year)'
. " VALUES ('{$jteam[$jteam_id]['team_id']}', "
. " '{$available_timeslots[$y]['id']}', "
. " '{$config['FAIRYEAR']}')");
$stmt->execute();
. " VALUES (?, "
. " ?, "
. " ?)");
$stmt->execute([$jteam[$jteam_id]['team_id'],$available_timeslots[$y]['id'],$config['FAIRYEAR']]);
$stmt = $pdo->prepare('INSERT INTO judges_teams_timeslots_projects_link '
. ' (judges_teams_id,judges_timeslots_id,projects_id,year) '
. " VALUES ('{$jteam[$jteam_id]['team_id']}', "
. " '{$available_timeslots[$y]['id']}', "
. " '$pid', '{$config['FAIRYEAR']}')");
$stmt->execute();
. " VALUES (?, "
. " ?, "
. " ?,?)");
$stmt->execute([$jteam[$jteam_id]['team_id'],$available_timeslots[$y]['id'],$pid,$config['FAIRYEAR']]);
}
printf("\n");
}

50
admin/judges_schedulerconfig_check.inc.php
View File

@ -5,13 +5,13 @@ function judges_scheduler_check_timeslots()
global $config, $pdo;
$q = $pdo->prepare('SELECT * FROM judges_timeslots WHERE '
. " year='" . $config['FAIRYEAR'] . "'"
. " year=?"
. " AND `type`='divisional1'");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount()) {
$round = $q->fetch(PDO::FETCH_OBJ);
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=? AND type='timeslot'");
$q->execute([$round->id]);
return $q->rowCount();
} else
return 0;
@ -23,13 +23,13 @@ function judges_scheduler_check_timeslots_sa()
$rows = 0;
$q = $pdo->prepare('SELECT * FROM judges_timeslots WHERE '
. " year='" . $config['FAIRYEAR'] . "'"
. " year=?"
. " AND `type`='special'");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount()) {
while (($round = $q->fetch(PDO::FETCH_OBJ))) {
$rq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
$rq->execute();
$rq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=? AND type='timeslot'");
$rq->execute([$round->id]);
$rows += $rq->rowCount();
}
}
@ -40,13 +40,13 @@ function judges_scheduler_check_awards()
{
global $config, $pdo;
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$div[$r->id] = $r->division;
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$cat[$r->id] = $r->category;
@ -54,8 +54,8 @@ function judges_scheduler_check_awards()
$ckeys = array_keys($cat);
if ($config['filterdivisionbycategory'] == 'yes') {
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY projectdivisions_id,projectcategories_id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year=? ORDER BY projectdivisions_id,projectcategories_id");
$q->execute([$config['FAIRYEAR']]);
$divcat = array();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$divcat[] = array('c' => $r->projectcategories_id, 'd' => $r->projectdivisions_id);
@ -78,16 +78,16 @@ function judges_scheduler_check_awards()
award_awards_projectcategories,
award_awards_projectdivisions
WHERE
award_awards.year='{$config['FAIRYEAR']}'
AND award_awards_projectcategories.year='{$config['FAIRYEAR']}'
AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}'
award_awards.year=?
AND award_awards_projectcategories.year=?
AND award_awards_projectdivisions.year=?
AND award_awards.id=award_awards_projectcategories.award_awards_id
AND award_awards.id=award_awards_projectdivisions.award_awards_id
AND award_awards_projectcategories.projectcategories_id='$c'
AND award_awards_projectdivisions.projectdivisions_id='$d'
AND award_awards_projectcategories.projectcategories_id=?
AND award_awards_projectdivisions.projectdivisions_id=?
AND award_awards.award_types_id='1'
");
$q->execute();
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR'],$c,$d]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() != 1) {
$missing_awards[] = "{$cat[$c]} - {$div[$d]} (" . i18n('%1 found', array($q->rowCount())) . ')';
@ -128,13 +128,13 @@ function judges_scheduler_check_judges()
$l = $r->lang;
$qp = $pdo->prepare('SELECT COUNT(projects.id) as cnt FROM projects, registrations WHERE '
. " projects.year='" . $config['FAIRYEAR'] . "' AND "
. " projectdivisions_id='$d' AND "
. " projectcategories_id='$c' AND "
. " language='$l' AND "
. " projects.year=? AND "
. " projectdivisions_id=? AND "
. " projectcategories_id=? AND "
. " language=? AND "
. ' registrations.id = projects.registrations_id '
. getJudgingEligibilityCode());
$qp->execute();
$qp->execute([$config['FAIRYEAR'],$d,$c,$l]);
$qr = $qp->fetch(PDO::FETCH_OBJ);
// if (get_value_from_3d_array($jdiv, $r->jdiv_id, 'num_projects', 'total') !== null){

68
admin/judges_teams_members.php
View File

@ -108,8 +108,8 @@ jQuery(document).ready(function(){
if (get_value_from_array($_POST, 'action') == 'add' && get_value_from_array($_POST, 'team_num') && count(get_value_from_array($_POST, 'judgelist', [])) > 0) {
// first check if this team exists.
$q = $pdo->prepare("SELECT id,name FROM judges_teams WHERE num='" . $_POST['team_num'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT id,name FROM judges_teams WHERE num=? AND year=?");
$q->execute([$_POST['team_num'],$config['FAIRYEAR']]);
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
$team_id = $r->id;
@ -127,14 +127,14 @@ if (get_value_from_array($_POST, 'action') == 'add' && get_value_from_array($_PO
foreach ($_POST['judgelist'] AS $selectedjudge) {
// before we insert them, we need to make sure they dont already belong to this team. We can not have the same judge assigned to the same team multiple times.
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE users_id=? AND judges_teams_id=?");
$q->execute([$selectedjudge,$team_id]);
if ($q->rowCount()) {
echo notice(i18n('Judge (%1) already belongs to judging team: %2', array($selectedjudge, $team_name)));
} else {
// lets make the first one we add a captain, the rest, non-captains :)
$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES (?,?,?,?)");
$stmt->execute([$selectedjudge,$team_id,$captain,$config['FAIRYEAR']]);
$added++;
}
// if this is alreayd no, then who cares, but if its the first one that is going into the new team, then
@ -151,13 +151,13 @@ if (get_value_from_array($_POST, 'action') == 'add' && get_value_from_array($_PO
}
if (get_value_from_array($_GET, 'action') == 'del' && get_value_from_array($_GET, 'team_num') && get_value_from_array($_GET, 'team_id') && get_value_from_array($_GET, 'users_id')) {
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='" . $_GET['users_id'] . "' AND judges_teams_id='" . $_GET['team_id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id=? AND judges_teams_id=? AND year=?");
$stmt->execute([$_GET['users_id'],$_GET['team_id'],$config['FAIRYEAR']]);
echo happy(i18n('Removed judge from team #%1 (%2)', array($_GET['team_num'], $_GET['team_name'])));
// if there is still members left in the team, make sure we have a captain still
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_teams_id='" . $_GET['team_id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
$q->execute([$_GET['team_id'],$config['FAIRYEAR']]);
if ($q->rowCount()) {
// make sure the team still has a captain!
// FIXME: this might best come from the "i am willing to be a team captain" question under the judges profile
@ -176,24 +176,24 @@ if (get_value_from_array($_GET, 'action') == 'del' && get_value_from_array($_GET
}
if (!$gotcaptain) {
// make the first judge the captain
$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='" . $_GET['team_id'] . "' AND users_id='$firstjudge' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id=? AND users_id=? AND year=?");
$stmt->execute([$_GET['team_id'],$firstjudge,$config['FAIRYEAR']]);
echo notice(i18n('Team captain was removed. A new team captain has been automatically assigned'));
}
}
}
if (get_value_from_array($_GET, 'action') == 'empty' && get_value_from_array($_GET, 'team_num') && get_value_from_array($_GET, 'team_id')) {
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='" . $_GET['team_id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
$stmt->execute([$_GET['team_id'],$config['FAIRYEAR']]);
echo happy(i18n('Emptied all judges from team #%1 (%2)', array($_GET['team_num'], $_GET['team_name'])));
}
if (get_value_from_array($_POST, 'action') == 'saveteamnames') {
if (count($_POST['team_names'])) {
foreach ($_POST['team_names'] AS $team_id => $team_name) {
$stmt = $pdo->prepare("UPDATE judges_teams SET name='" . stripslashes($team_name) . "' WHERE id='$team_id'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE judges_teams SET name=? WHERE id=?");
$stmt->execute([stripslashes($team_name),$team_id]);
}
echo happy(i18n('Team names successfully saved'));
}
@ -201,20 +201,20 @@ if (get_value_from_array($_POST, 'action') == 'saveteamnames') {
if (get_value_from_array($_GET, 'action') == 'addcaptain') {
// teams can have as many captains as they want, so just add it.
$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='" . $_GET['team_id'] . "' AND users_id='" . $_GET['judge_id'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id=? AND users_id=?");
$stmt->execute([ $_GET['team_id'],$_GET['judge_id']]);
echo happy(i18n('Team captain assigned'));
}
if (get_value_from_array($_GET, 'action') == 'removecaptain') {
// teams must always have at least one captain, so if we only have one, and we are trying to remove it, dont let them!
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id='" . $_GET['team_id'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id=?");
$q->execute([$_GET['team_id']]);
if ($q->rowCount() < 2) {
echo error(i18n('A judge team must always have at least one captain'));
} else {
$pdo->prepare("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id='" . $_GET['team_id'] . "' AND users_id='" . $_GET['judge_id'] . "'");
$pdo->execute();
$pdo->prepare("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id=? AND users_id=?");
$pdo->execute([$_GET['team_id'],$_GET['judge_id']]);
echo happy(i18n('Team captain removed'));
}
}
@ -225,16 +225,16 @@ if (get_value_from_array($_GET, 'action') == 'autoassignspecial') {
/* Load all the teams */
$teams = array();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {
$teams[$i['id']] = $i;
}
/* And the links */
$links = array();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {
$judgelist[$i['users_id']]['teams_links'][] = $i;
}
@ -254,12 +254,12 @@ if (get_value_from_array($_GET, 'action') == 'autoassignspecial') {
foreach ($j['special_award_selected'] AS $awardid) {
echo "Looking for a team for award $awardid <br />";
// find the award id linked to a team
$q = $pdo->prepare("SELECT * FROM judges_teams_awards_link WHERE award_awards_id='{$awardid}' AND year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_awards_link WHERE award_awards_id=? AND year=?");
$q->execute([$awardid,$config['FAIRYEAR']]);
if ($q->rowCount()) {
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$jid','$r->judges_teams_id','yes','{$config['FAIRYEAR']}')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES (?,?,'yes',?)");
$stmt->execute([$jid,$r->judges_teams_id,$config['FAIRYEAR']]);
echo happy(i18n('%1 %2 to their special award(s) team(s)', array($j['firstname'], $j['lastname'])));
}
} else {
@ -308,16 +308,16 @@ $judgelist = judges_load_all();
/* Load all the teams */
$teams = array();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {
$teams[$i['id']] = $i;
}
/* And the links */
$links = array();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
while ($i = $q->fetch(PDO::FETCH_ASSOC)) {
$judgelist[$i['users_id']]['teams_links'][] = $i;
}

18
config_editor.inc.php
View File

@ -124,16 +124,16 @@ function config_update_variables($fairyear = NULL, $lastfairyear = NULL)
$v = $r2->fetch(PDO::FETCH_ASSOC);
$r3 = $pdo->prepare('INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
' . $pdo->quote($v['var']) . ',
' . $pdo->quote($v['val']) . ',
' . $pdo->quote($v['category']) . ',
' . $pdo->quote($v['type']) . ',
' . $pdo->quote($v['type_values']) . ',
' . $pdo->quote($v['ord']) . ',
' . $pdo->quote($v['description']) . ",
'$fairyear')");
?,
?,
?,
?,
?,
?,
?,
?)');
$r3->execute();
$r3->execute([$pdo->quote($v['var']),$pdo->quote($v['val']),$pdo->quote($v['category']),$pdo->quote($v['type']),$pdo->quote($v['type_values']),$pdo->quote($v['ord']),$pdo->quote($v['description']),$fairyear]);
show_pdo_errors_if_any($pdo);
}
}

16
db/db.update.118.php
View File

@ -77,14 +77,14 @@ function db_update_118_post()
echo " Linking $user_id to users_sponsor record\n";
$stmt = $pdo->prepare("INSERT INTO users_sponsor (`users_id`,`sponsors_id`,`sponsor_complete`,`sponsor_active`,`primary`,`position`,`notes`) VALUES (
'" . $user_id . "',
'" . $r->award_sponsors_id . "',
'$complete',
'$active',
'" . $r->primary . "',
'" . $r->position . "',
'" . $r->notes . "')");
$stmt->execute();
?,
?,
?,
?,
?,
?,
?)");
$stmt->execute([$user_id,$r->award_sponsors_id,$complete,$active,$r->primary,$r->position,$r->notes]);
show_pdo_errors_if_any($pdo);
}
}

96
db/db.update.129.user.inc.php
View File

@ -296,9 +296,9 @@ function db129_user_save_type_list($u, $db, $fields)
$set .= "`$f`='$data'";
}
if ($set != '') {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
$query = "UPDATE ? SET ? WHERE users_id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$db,$set,$u['id']]);
if ($pdo->errorInfo()) {
show_pdo_errors_if_any($pdo);
echo error("Full query: $query");
@ -372,9 +372,9 @@ function db129_user_save($u)
// print_r($u);
// echo "</pre>";
if ($set != '') {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
$query = "UPDATE users SET ? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$set,$u['id']]);
// echo "query=[$query]";
show_pdo_errors_if_any($pdo);
}
@ -395,8 +395,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u)
{
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid=?");
$stmt->execute([$u['uid']]);
}
function db129_user_delete_volunteer($u) {}
@ -405,10 +405,10 @@ function db129_user_delete_judge($u)
{
global $config;
$id = $u['id'];
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id=?");
$stmt->execute([$id]);
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id=?");
$stmt->execute([$id]);
}
function db129_user_delete_fair($u) {}
@ -442,8 +442,8 @@ function db129_user_delete($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_delete = true;
}
@ -455,8 +455,8 @@ function db129_user_delete($u, $type = false)
$finish_delete = true;
}
if ($finish_delete == true) {
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -491,8 +491,8 @@ function db129_user_purge($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_purge = true;
}
@ -503,21 +503,21 @@ function db129_user_purge($u, $type = false)
*/
call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$type,$u['id']]);
} else {
/* Delete the whole user */
foreach ($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$t,$u['id']]);
}
$finish_purge = true;
}
if ($finish_purge == true) {
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -526,8 +526,8 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM ? WHERE ?=?");
$q->execute([$db,$key,$val]);
if ($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
@ -547,10 +547,10 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$keys = '`' . join('`,`', array_keys($i)) . '`';
$vals = join(',', array_values($i));
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
$q = "INSERT INTO ? (?) VALUES (?)";
// echo "Dupe Query: [$q]";
$r = $pdo->prepare($q);
$r->execute();
$r->execute([$db,$keys,$vals]);
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();
@ -570,9 +570,9 @@ function db129_user_dupe($u, $new_year)
*/
/* Find the last entry */
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid=?
ORDER BY year DESC LIMIT 1");
$q->execute();
$q->execute([$u['uid']]);
$r = $q->fetch(PDO::FETCH_OBJ);
if ($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
@ -584,8 +584,8 @@ function db129_user_dupe($u, $new_year)
}
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("UPDATE users SET year=? WHERE id=?");
$q->execute([$new_year,$id]);
/* Load the new user */
$u2 = db129_user_load($id);
@ -630,12 +630,12 @@ function db129_user_create($type, $username, $u = NULL)
global $config;
if (!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,'0000-00-00', NOW(),?)");
$stmt->execute([$type,$username,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$uid = $pdo->lastInsertId();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET uid=? WHERE id=?");
$stmt->execute([$uid,$uid]);
db129_user_set_password($uid, NULL);
} else {
/*
@ -649,34 +649,34 @@ function db129_user_create($type, $username, $u = NULL)
exit;
}
$new_types = implode(',', $u['types']) . ',' . $type;
$stmt = $pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$new_types,$uid]);
}
switch ($type) {
case 'volunteer':
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES (?, 'yes')");
$stmt->execute([$uid]);
break;
case 'student':
// $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES (?, 'yes')");
$stmt->execute([$uid]);
break;
case 'judge':
$stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES (?, 'yes')");
$stmt->execute([$uid]);
break;
case 'fair':
$stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES (?, 'yes')");
$stmt->execute([$uid]);
break;
case 'committee':
$stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES (?, 'yes')");
$stmt->execute([$uid]);
break;
case 'sponsor':
$stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES (?)");
$stmt->execute([$uid]);
break;
}
return db129_user_load($uid);

20
db/db.update.131.php
View File

@ -12,11 +12,11 @@ function db_update_131_pre()
$q->execute();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$total = 0;
$awardq = $pdo->prepare("SELECT * FROM award_awards WHERE sponsors_id='$r->id' AND year='$year'");
$awardq->execute();
$awardq = $pdo->prepare("SELECT * FROM award_awards WHERE sponsors_id=? AND year=?");
$awardq->execute([$r->id,$year]);
while ($awardr = $awardq->fetch(PDO::FETCH_OBJ)) {
$prizeq = $pdo->prepare("SELECT cash,scholarship,value,number FROM award_prizes WHERE award_awards_id='$awardr->id'");
$prizeq->execute();
$prizeq = $pdo->prepare("SELECT cash,scholarship,value,number FROM award_prizes WHERE award_awards_id=?");
$prizeq->execute([$awardr->id]);
while ($prizer = $prizeq->fetch(PDO::FETCH_OBJ)) {
// some people never set the value for some reason, i dunno why..
$realvalue = max($prizer->cash + $prizer->scholarship, $prizer->value);
@ -26,15 +26,15 @@ function db_update_131_pre()
}
echo "Creating sponsorship for ID: $r->id value: $total\n";
$pdo->prepare("INSERT INTO sponsorships (sponsors_id,fundraising_type,value,status,probability,year) VALUES (
'$r->id',
?,
'sfawards',
'$total',
?,
'pending',
'25',
'$year')");
$pdo->execute();
$stmt = $pdo->prepare("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES ('$r->id',NOW(),0,'Automatically created sponsorship from existing sponsor. type=award, value=\$$total, status=pending, probability=25%')");
$stmt->execute();
?)");
$pdo->execute([$r->id,$total,$year]);
$stmt = $pdo->prepare("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES (?,NOW(),0,'Automatically created sponsorship from existing sponsor. type=award, value=\$?, status=pending, probability=25%')");
$stmt->execute([$r->id,$total]);
}
}

6
db/db.update.136.php
View File

@ -9,12 +9,12 @@ function db_update_136_pre()
`enable_stats` = 'yes',
`enable_awards` = 'yes',
`enable_winners` = 'yes',
`username` = '{$config['ysf_region_id']}',
`password` = '{$config['ysf_region_password']}'
`username` =?,
`password` =?
WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
$stmt->execute();
$stmt->execute([$config['ysf_region_id'],$config['ysf_region_password']]);
$stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php',

4
db/db.update.142.php
View File

@ -15,8 +15,8 @@ function db_update_142_post()
$fiscalyearsuggest = date('Y') + 1;
else
$fiscalyearsuggest = date('Y');
$stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR',?, 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute([$fiscalyearsuggest]);
}
}

12
db/db.update.146.php
View File

@ -38,8 +38,8 @@ function db_update_146_handle($name, $email, $phone, $type)
function db_update_146_post()
{
global $config, $pdo;
$q = $pdo->prepare("SELECT * FROM schools WHERE year='{$config['FAIRYEAR']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM schools WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
while ($s = $q->fetch(PDO::FETCH_ASSOC)) {
/* Science head */
if (trim($s['sciencehead']) != '') {
@ -48,8 +48,8 @@ function db_update_146_post()
$s['scienceheadphone'],
'teacher');
if ($u != false) {
$stmt = $pdo->prepare("UPDATE schools SET sciencehead_uid='{$u['uid']}' WHERE id='{$s['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE schools SET sciencehead_uid=? WHERE id=?");
$stmt->execute([$u['uid'],$s['id']]);
}
}
@ -60,8 +60,8 @@ function db_update_146_post()
$s['phone'],
'principal');
if ($u != false) {
$stmt = $pdo->prepare("UPDATE schools SET principal_uid='{$u['uid']}' WHERE id='{$s['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE schools SET principal_uid=? WHERE id=?");
$stmt->execute([$u['uid'],$s['id']]);
}
}
}

100
db/db.update.146.user.inc.php
View File

@ -141,8 +141,8 @@ function db146_user_load_sponsor(&$u)
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
if ($u['sponsors_id']) {
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
$q->execute(0);
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id=?");
$q->execute([0,$u['sponsors_id']]);
$u['sponsor'] = $q->fetch(PDO::FETCH_ASSOC);
}
return true;
@ -279,8 +279,8 @@ function db146_user_load_by_email($email)
{
/* Find the most recent uid for the email, regardless of deleted status */
$e = $email;
$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
$q->execute();
$q = $pdo->prepare("SELECT uid FROM users WHERE email=? OR username=? ORDER BY year DESC LIMIT 1");
$q->execute([$e,$e]);
if ($q->rowCount() == 1) {
$i = $q->fetch(PDO::FETCH_ASSOC);
@ -291,8 +291,8 @@ function db146_user_load_by_email($email)
function db146_user_load_by_uid_year($uid, $year)
{
$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM users WHERE uid=? AND year <=?");
$q->execute([$uid,$year]);
if (!$q->rowCount())
return false;
$i = $q->fetch(PDO::FETCH_ASSOC);
@ -304,8 +304,8 @@ function db146_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if ($password == NULL) {
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id=?");
$q->execute([$id]);
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = db146_user_generate_password(12);
@ -324,9 +324,9 @@ function db146_user_set_password($id, $password = NULL)
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
$query = "UPDATE users SET ? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$set,$id]);
show_pdo_errors_if_any($pdo);
return $password;
@ -360,9 +360,9 @@ function db146_user_save_type_list($u, $db, $fields)
$set .= "`$f`='$data'";
}
if ($set != '') {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
$query = "UPDATE ? SET ? WHERE users_id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$db,$set,$u['id']]);
if ($pdo->errorInfo()) {
show_pdo_errors_if_any($pdo);
echo error("Full query: $query");
@ -430,8 +430,8 @@ function db146_user_save(&$u)
exit;
}
// give em a record, the primary key on the table takes care of uniqueness
$q = $pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
$q->execute();
$q = $pdo->prepare("INSERT INTO users_? (users_id) VALUES (?)");
$q->execute([$t,$u['id']]);
}
$fields = array('salutation', 'firstname', 'lastname', 'username',
@ -459,9 +459,9 @@ function db146_user_save(&$u)
// print_r($u);
// echo "</pre>";
if ($set != '') {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
$query = "UPDATE users SET ? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$set,$u['id']]);
// echo "query=[$query]";
show_pdo_errors_if_any($pdo);
}
@ -491,8 +491,8 @@ function db146_user_save(&$u)
function db146_user_delete_committee($u)
{
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid=?");
$stmt->execute([$u['uid']]);
}
function db146_user_delete_volunteer($u) {}
@ -501,10 +501,10 @@ function db146_user_delete_judge($u)
{
global $config;
$id = $u['id'];
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id=?");
$stmt->execute([$id]);
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id=?");
$stmt->execute([$id]);
}
function db146_user_delete_fair($u) {}
@ -548,8 +548,8 @@ function db146_user_delete($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_delete = true;
}
@ -563,8 +563,8 @@ function db146_user_delete($u, $type = false)
$finish_delete = true;
}
if ($finish_delete == true) {
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -599,8 +599,8 @@ function db146_user_purge($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_purge = true;
}
@ -611,21 +611,21 @@ function db146_user_purge($u, $type = false)
*/
call_user_func("db146_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$type,$u['id']]);
} else {
/* Delete the whole user */
foreach ($u['types'] as $t) {
call_user_func("db146_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$t,$u['id']]);
}
$finish_purge = true;
}
if ($finish_purge == true) {
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -634,8 +634,8 @@ function db146_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM ? WHERE ?=?");
$q->execute([$db,$key,$val]);
if ($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
@ -655,10 +655,10 @@ function db146_user_dupe_row($db, $key, $val, $newval)
$keys = '`' . join('`,`', array_keys($i)) . '`';
$vals = join(',', array_values($i));
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
$q = "INSERT INTO ? (?) VALUES (?)";
// echo "Dupe Query: [$q]";
$r = $pdo->prepare($q);
$r->execute();
$r->execute([$db,$keys,$vals]);
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();
@ -678,9 +678,9 @@ function db146_user_dupe($u, $new_year)
*/
/* Find the last entry */
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid=?
ORDER BY year DESC LIMIT 1");
$q->execute();
$q->execute([$u['uid']]);
$r = $q->fetch(PDO::FETCH_OBJ);
if ($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
@ -692,9 +692,9 @@ function db146_user_dupe($u, $new_year)
}
$id = db146_user_dupe_row('users', 'id', $u['id'], NULL);
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q = $pdo->prepare("UPDATE users SET year=? WHERE id=?");
$q->execute();
$q->execute([$new_year,$id]);
/* Load the new user */
$u2 = db146_user_load($id);
@ -743,17 +743,17 @@ function db146_user_create($type, $username, $u = NULL)
global $config;
if (!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,'0000-00-00', NOW(),?)");
$stmt->execute([$type,$username,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$uid = $pdo->lastInsertId();
if (db146_user_valid_email($username)) {
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET email=? WHERE id=?");
$stmt->execute([$username,$uid]);
}
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET uid=? WHERE id=?");
$stmt->execute([$uid,$uid]);
show_pdo_errors_if_any($pdo);
db146_user_set_password($uid, NULL);
@ -761,8 +761,8 @@ function db146_user_create($type, $username, $u = NULL)
* Since the user already has a type, user_save won't create this
* entry for us, so do it here
*/
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_? (users_id) VALUES(?)");
$stmt->execute([$type,$uid]);
show_pdo_errors_if_any($pdo);
/* Load the complete user */
$u = db146_user_load($uid);

104
db/db.update.149.user.inc.php
View File

@ -141,8 +141,8 @@ function db149_user_load_sponsor(&$u)
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
if ($u['sponsors_id']) {
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id=?");
$q->execute([$u['sponsors_id']]);
$u['sponsor'] = $q->fetch(PDO::FETCH_ASSOC);
}
return true;
@ -194,13 +194,13 @@ function db149_user_load($user, $uid = false)
WHERE ';
if ($uid != false) {
$uid = intval($uid);
$query .= "`users`.`uid`='$uid' ORDER BY `users`.`year` DESC LIMIT 1";
$query .= "`users`.`uid`=? ORDER BY `users`.`year` DESC LIMIT 1";
} else {
$id = intval($user);
$query .= " `users`.`id`='$id'";
$query .= " `users`.`id`=?";
}
$q = $pdo->prepare($query);
$q->execute();
$q->execute([$uid,$id]);
if ($q->rowCount() != 1) {
// echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>";
@ -278,8 +278,8 @@ function db149_user_load_by_email($email)
{
/* Find the most recent uid for the email, regardless of deleted status */
$e = $email;
$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
$q->execute();
$q = $pdo->prepare("SELECT uid FROM users WHERE email=? OR username=? ORDER BY year DESC LIMIT 1");
$q->execute([$e,$e]);
if ($q->rowCount() == 1) {
$i = $q->fetch(PDO::FETCH_ASSOC);
@ -290,8 +290,8 @@ function db149_user_load_by_email($email)
function db149_user_load_by_uid_year($uid, $year)
{
$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM users WHERE uid=? AND year <=?");
$q->execute([$uid,$year]);
if (!$q->rowCount())
return false;
$i = $q->fetch(PDO::FETCH_ASSOC);
@ -303,8 +303,8 @@ function db149_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if ($password == NULL) {
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id=?");
$q->execute([$id]);
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = db149_user_generate_password(12);
@ -323,9 +323,9 @@ function db149_user_set_password($id, $password = NULL)
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
$query = "UPDATE users SET ? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$set,$id]);
show_pdo_errors_if_any($pdo);
return $password;
@ -359,9 +359,9 @@ function db149_user_save_type_list($u, $db, $fields)
$set .= "`$f`='$data'";
}
if ($set != '') {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
$query = "UPDATE ? SET ? WHERE users_id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$db,$set,$u['id']]);
if ($pdo->errorInfo()) {
show_pdo_errors_if_any($pdo);
echo error("Full query: $query");
@ -429,8 +429,8 @@ function db149_user_save(&$u)
exit;
}
// give em a record, the primary key on the table takes care of uniqueness
$q = $pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
$q->execute();
$q = $pdo->prepare("INSERT INTO users_? (users_id) VALUES (?)");
$q->execute([$t,$u['id']]);
}
$fields = array('salutation', 'firstname', 'lastname', 'username',
@ -458,9 +458,9 @@ function db149_user_save(&$u)
// print_r($u);
// echo "</pre>";
if ($set != '') {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
$query = "UPDATE users SET ? WHERE id=?";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$set,$u['id']]);
// echo "query=[$query]";
show_pdo_errors_if_any($pdo);
}
@ -490,8 +490,8 @@ function db149_user_save(&$u)
function db149_user_delete_committee($u)
{
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid=?");
$stmt->execute([$u['uid']]);
}
function db149_user_delete_volunteer($u) {}
@ -500,10 +500,10 @@ function db149_user_delete_judge($u)
{
global $config;
$id = $u['id'];
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id=?");
$stmt->execute([$id]);
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id=?");
$stmt->execute([$id]);
}
function db149_user_delete_fair($u) {}
@ -547,8 +547,8 @@ function db149_user_delete($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_delete = true;
}
@ -562,8 +562,8 @@ function db149_user_delete($u, $type = false)
$finish_delete = true;
}
if ($finish_delete == true) {
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -598,8 +598,8 @@ function db149_user_purge($u, $type = false)
$types .= ',';
$types .= $t;
}
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET types=? WHERE id=?");
$stmt->execute([$types,$u['id']]);
} else {
$finish_purge = true;
}
@ -610,21 +610,21 @@ function db149_user_purge($u, $type = false)
*/
call_user_func("db149_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$type,$u['id']]);
} else {
/* Delete the whole user */
foreach ($u['types'] as $t) {
call_user_func("db149_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users_? WHERE users_id=?");
$stmt->execute([$t,$u['id']]);
}
$finish_purge = true;
}
if ($finish_purge == true) {
$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM users WHERE id=?");
$stmt->execute([$u['id']]);
}
}
@ -633,8 +633,8 @@ function db149_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
$q->exectue();
$q = $pdo->prepare("SELECT * FROM ? WHERE ?=?");
$q->exectue([$db,$key,$val]);
if ($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
@ -654,10 +654,10 @@ function db149_user_dupe_row($db, $key, $val, $newval)
$keys = '`' . join('`,`', array_keys($i)) . '`';
$vals = join(',', array_values($i));
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
$q = "INSERT INTO ? (?) VALUES (?)";
// echo "Dupe Query: [$q]";
$r = $pdo->prepare($q);
$r->execute(0);
$r->execute([0,$db,$keys,$vals]);
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();
@ -677,9 +677,9 @@ function db149_user_dupe($u, $new_year)
*/
/* Find the last entry */
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid=?
ORDER BY year DESC LIMIT 1");
$q->execute();
$q->execute([$u['uid']]);
$r = $q->fetch(PDO::FETCH_OBJ);
if ($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
@ -691,8 +691,8 @@ function db149_user_dupe($u, $new_year)
}
$id = db149_user_dupe_row('users', 'id', $u['id'], NULL);
$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
$q = $pdo->prepare("UPDATE users SET year=? WHERE id=?");
$q->execute([$new_year,$id]);
/* Load the new user */
$u2 = db149_user_load($id);
@ -743,16 +743,16 @@ function db149_user_create($type, $username, $u = NULL)
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,'0000-00-00', NOW(),?)");
$stmt->execute([$type,$username,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$uid = $pdo->lastInsertId();
if (db149_user_valid_email($username)) {
$stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt = $pdo->prepare("UPDATE users SET email=? WHERE id=?");
}
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE users SET uid=? WHERE id=?");
$stmt->execute([$username,$uid,$uid,$uid]);
show_pdo_errors_if_any($pdo);
@ -762,8 +762,8 @@ function db149_user_create($type, $username, $u = NULL)
* Since the user already has a type, user_save won't create this
* entry for us, so do it here
*/
$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO users_? (users_id) VALUES(?)");
$stmt->execute([$type,$uid]);
show_pdo_errors_if_any($pdo);

8
db/db.update.155.php
View File

@ -9,11 +9,11 @@ function db_update_155_post()
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo "Updating email id $r->id\n";
$stmt = $pdo->prepare("UPDATE emails SET
body='" . iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->body) . "' ,
bodyhtml='" . iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->bodyhtml) . "' ,
subject='" . iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->subject) . "'
body=?,
bodyhtml=?,
subject=?
WHERE id='$r->id'");
$stmt->execute();
$stmt->execute([iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->body),iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->bodyhtml),iconv('ISO-8859-1', 'UTF-8//TRANSLIT', $r->subject)]);
}
}

6
db/db.update.174.php
View File

@ -5,9 +5,9 @@ function db_update_174_post()
$q = $pdo->prepare("SELECT * FROM users WHERE deleted = 'yes'");
while ($row = $q->fetch(PDO::FETCH_ASSOC)) {
echo 'Flagging user records prior to ' . $row['year'] . ' for user ' . $row['uid'] . ' as deleted - ';
$stmt = $pdo->prepare("UPDATE users SET deleted = 'yes' WHERE uid = " . $row['uid'] . ' AND year < ' . $row['year']);
$stmt->execute();
echo 'Flagging user records prior to ? for user ? as deleted - ';
$stmt = $pdo->prepare("UPDATE users SET deleted = 'yes' WHERE uid = ? AND year < ?");
$stmt->execute([$row['year'],$row['uid'],$row['uid'],$row['year']]);
echo $pdo->rowCount() . " rows affected.\n";
}
}

45
db/db.update.75.php
View File

@ -18,8 +18,8 @@ function db_update_75_post()
foreach ($sid as $s) {
if ($s > 0) {
$qq = $pdo->prepare("SELECT id FROM reports WHERE
system_report_id='$s'");
$qq->execute();
system_report_id=?");
$qq->execute([$s]);
$ii = $qq->fetch(PDO::FETCH_OBJ);
$rid[$x] = $ii->id;
} else {
@ -30,31 +30,32 @@ function db_update_75_post()
/* Find all committee members */
$qq = "INSERT INTO `reports_committee` (`id`, `users_id`, `reports_id`, `category`, `comment`, `format`, `stock`) VALUES
(NULL, $uid, {$rid[0]}, '1. Fair Day', 'Checkin Lists for the Front Desk', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[1]}, '2. Old Custom Reports', 'School Access Codes and Passwords', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[2]}, '2. Old Custom Reports', 'Mailing Label Generator', '', ''),
(NULL, $uid, {$rid[3]}, '2. Old Custom Reports', 'Project Summary Details', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[4]}, '2. Old Custom Reports', 'Student emergency contact names and numbers', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[5]}, '2. Old Custom Reports', 'Students/Projects From Each School', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[6]}, '2. Old Custom Reports', 'Project Logistical Requirements (tables, electricity)', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[7]}, '2. Old Custom Reports', 'Project Table Labels', 'label', 'fullpage_landscape'),
(NULL, $uid, {$rid[8]}, '2. Old Custom Reports', 'Student Nametags', 'label', 'nametag'),
(NULL, $uid, {$rid[9]}, '2. Old Custom Reports', 'Judge Nametags', 'label', 'nametag'),
(NULL, $uid, {$rid[10]}, '2. Old Custom Reports', 'Committee Member Nametags', 'label', 'nametag'),
(NULL, $uid, {$rid[11]}, '2. Old Custom Reports', 'Judges List', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[12]}, '2. Old Custom Reports', 'Judging Teams', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[13]}, '2. Old Custom Reports', 'Awards each Judging Team will judge for', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[14]}, '2. Old Custom Reports', 'Judging Teams Project Assignments', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[15]}, '2. Old Custom Reports', 'Projects Judging Team Assignments', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[16]}, '2. Old Custom Reports', 'Project Identification Labels (for judging sheets)', 'label', '5961'),
(NULL, $uid, {$rid[17]}, '2. Old Custom Reports', 'Award List for Award Ceremony Program', 'pdf', 'fullpage'),
(NULL, $uid, {$rid[18]}, '2. Old Custom Reports', 'Winners for each award', 'pdf', 'fullpage');";
(NULL, ?, ?, '1. Fair Day', 'Checkin Lists for the Front Desk', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'School Access Codes and Passwords', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Mailing Label Generator', '', ''),
(NULL, ?, ?, '2. Old Custom Reports', 'Project Summary Details', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Student emergency contact names and numbers', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Students/Projects From Each School', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Project Logistical Requirements (tables, electricity)', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Project Table Labels', 'label', 'fullpage_landscape'),
(NULL, ?, ?, '2. Old Custom Reports', 'Student Nametags', 'label', 'nametag'),
(NULL, ?, ?, '2. Old Custom Reports', 'Judge Nametags', 'label', 'nametag'),
(NULL, ?, ?, '2. Old Custom Reports', 'Committee Member Nametags', 'label', 'nametag'),
(NULL, ?, ?, '2. Old Custom Reports', 'Judges List', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Judging Teams', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Awards each Judging Team will judge for', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Judging Teams Project Assignments', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Projects Judging Team Assignments', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Project Identification Labels (for judging sheets)', 'label', '5961'),
(NULL, ?, ?, '2. Old Custom Reports', 'Award List for Award Ceremony Program', 'pdf', 'fullpage'),
(NULL, ?, ?, '2. Old Custom Reports', 'Winners for each award', 'pdf', 'fullpage');";
echo $qq;
echo "\n\n";
$stmt = $pdo->prepare($qq);
$stmt->execute();
$stmt->execute([$uid,$rid[0],$uid,$rid[1],$uid,$rid[2],$uid,$rid[3],$uid,$rid[4],$uid,$rid[5],$uid,$rid[6],$uid,$rid[7],$uid,$rid[8],$uid,$rid[9],$uid,$rid[10],$uid,$rid[11],$uid,$rid[12],$uid,$rid[13],$uid,$rid[14],$uid,$rid[15],$uid,$rid[16],$uid,$rid[17],$uid,$rid[18]]);
}
}

16
db/db.update.76.php
View File

@ -15,8 +15,8 @@ function db_update_76_pre()
if ($user == '')
continue;
$qq = $pdo->prepare("SELECT * FROM users WHERE username='$user'");
$qq->execute();
$qq = $pdo->prepare("SELECT * FROM users WHERE username=?");
$qq->execute([$user]);
if ($qq->rowCount() <= 1)
continue;
@ -60,16 +60,16 @@ function db_update_76_pre()
}
}
$query = "UPDATE users SET $query WHERE id='$cid'";
$query = "UPDATE users SET ? WHERE id=?";
echo "$query\n";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$query,$cid]);
/* Now fix the volunteers links */
$query = "UPDATE volunteer_positions_signup SET users_id='$cid' WHERE users_id='$vid'";
$query = "UPDATE volunteer_positions_signup SET users_id=? WHERE users_id=?";
echo "$query\n";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$cid,$vid]);
/*
* The user_volunteer table is empty, we should just delete it,
@ -77,10 +77,10 @@ function db_update_76_pre()
*/
/* Delete the old user */
$query = "DELETE FROM users WHERE id='$vid'";
$query = "DELETE FROM users WHERE id=?";
echo "$query\n";
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$vid]);
}
}

4
fair_stats.php
View File

@ -61,8 +61,8 @@ switch (get_value_from_array($_GET, 'action')) {
':fairs_id' => $u['fairs_id'],
':year' => $year
]);
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,?) VALUES ('',?)");
$stmt->execute([$keys,$vals]);
happy_('Fair Information Saved.');
exit;

5
judge.inc.php
View File

@ -85,7 +85,7 @@ function judge_status_questions($u)
*/
global $config, $pdo;
// get the questions we're looking for
$q = $pdo->prepare('SELECT id FROM questions WHERE year=?'"AND required='yes'");
$q = $pdo->prepare('SELECT id FROM questions WHERE year=? AND required=yes');
$q->execute([$config['FAIRYEAR']]);
$idList = array();
while ($row = $q->fetch(PDO::FETCH_ASSOC))
@ -149,7 +149,8 @@ function judge_status_availability(&$u)
return 'complete';
$q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\"");
WHERE users_id=\"?\"");
$q->execute([$u['id']]);
if ($q->rowCount() > 0)
return 'complete';

8
judge_availability.php
View File

@ -81,10 +81,10 @@ switch (get_value_from_array($_GET, 'action')) {
continue;
$stmt = $pdo->prepare("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
VALUES ('{$u['id']}',
'{$times[$x]['date']}',
'{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
$stmt->execute();
VALUES (?,
?,
?,?)");
$stmt->execute([$u['id'],$times[$x]['date'],$times[$x]['starttime'],$times[$x]['endtime']]);
}
}
happy_('Time Availability preferences successfully saved');

36
questions.inc.php
View File

@ -185,8 +185,8 @@ function questions_update_question($qs)
`db_heading`=?,
`required`=?,
`ord`=?
WHERE id=?"));
$stmt->execute([$qs['question'], $qs['type'], $qs['db_heading'], $qs['required'], intval($qs['ord'], $qs['id']]);
WHERE id=?");
$stmt->execute([$qs['question'], $qs['type'], $qs['db_heading'], $qs['required'], intval($qs['ord']), $qs['id']]);
show_pdo_errors_if_any($pdo);
}
@ -195,14 +195,14 @@ function questions_save_new_question($qs, $year)
global $pdo;
$stmt = $pdo->prepare('INSERT INTO questions '
. '(question,type,section,db_heading,required,ord,year) VALUES ('
. "'" . $qs['question'] . "',"
. "'" . $qs['type'] . "',"
. "'" . $qs['section'] . "',"
. "'" . $qs['db_heading'] . "',"
. "'" . $qs['required'] . "',"
. "'" . $qs['ord'] . "',"
. "'$year' )");
$stmt->execute();
?,"
?,"
?,"
?,"
?,"
?,"
?")");
$stmt->execute([$qs['question'],$qs['type'],$qs['section'],$qs['db_heading'],$qs['required'],$year]);
show_pdo_errors_if_any($pdo);
}
@ -274,14 +274,14 @@ function questions_editor($section, $year, $array_name, $self)
$x++;
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
VALUES (
'', '$year',
'" . $r->section . "',
'" . $r->db_heading . "',
'" . $r->question . "',
'" . $r->type . "',
'" . $r->required . "',
'" . $r->ord) . "')";
$stmt->execute();
'',?,
'" ?,
'" ?,
'" ?,
'" ?,
'" ?,
'" ?))";
$stmt->execute([$year,$r->section,$r->question,$r->type,$r->required,$r->ord]);
}
echo happy(i18n('%1 question(s) successfully imported',

8
register_participants.php
View File

@ -33,14 +33,14 @@ $q = $pdo->query("SELECT (NOW()>'" . $config['dates']['regopen'] . "' AND NOW()<
$datecheck = $q->fetch(PDO::FETCH_OBJ);
if (get_value_from_array($_POST, 'action') == 'new') {
$q = $pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='" . $_SESSION['email'] . "' AND num='" . $_POST['regnum'] . "' AND year=" . $config['FAIRYEAR']);
$q->execute();
$q = $pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email=? AND num=? AND year=?");
$q->execute([$_SESSION['email'],$_POST['regnum'],$config['FAIRYEAR']]);
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number'] = $r->num;
$_SESSION['registration_id'] = $r->id;
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','" . $_SESSION['email'] . "','" . $r->schools_id . "','" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES (?,?,?,?)");
$stmt->execute([$r->id,$_SESSION['email'],$r->schools_id,$config['FAIRYEAR']]);
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id=?");
$stmt->execute([$r->id]);

31
register_participants_emergencycontact.php
View File

@ -40,12 +40,13 @@ if (!$_SESSION['registration_number']) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
@ -100,16 +101,16 @@ if ($_POST['action'] == 'save') {
}
$stmt = $pdo->prepare('UPDATE emergencycontact SET '
. "firstname='" . stripslashes($_POST['firstname'][$id]) . "', "
. "lastname='" . stripslashes($_POST['lastname'][$id]) . "', "
. "relation='" . stripslashes($_POST['relation'][$id]) . "', "
. "phone1='" . stripslashes($_POST['phone1'][$id]) . "', "
. "phone2='" . stripslashes($_POST['phone2'][$id]) . "', "
. "phone3='" . stripslashes($_POST['phone3'][$id]) . "', "
. "phone4='" . stripslashes($_POST['phone4'][$id]) . "', "
. "email='" . stripslashes($_POST['email'][$id]) . "' "
. "WHERE id='$id'");
$stmt->execute();
. "firstname=?, "
. "lastname=?, "
. "relation=?, "
. "phone1=?, "
. "phone2=?, "
. "phone3=?, "
. "phone4=?, "
. "email=? "
. "WHERE id=?");
$stmt->execute([stripslashes($_POST['firstname'][$id]),stripslashes($_POST['lastname'][$id]),stripslashes($_POST['relation'][$id]),stripslashes($_POST['phone1'][$id]),stripslashes($_POST['phone2'][$id]),stripslashes($_POST['phone3'][$id]),stripslashes($_POST['phone4'][$id]),stripslashes($_POST['email'][$id]),$id]);
show_pdo_errors_if_any($pdo);
echo notice(i18n('Emergency contact information successfully updated'));
} else {

20
register_participants_isefforms.php
View File

@ -39,13 +39,13 @@
}
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ".
"WHERE students.email=?"
"AND registrations.num=?"
"AND registrations.id=?"
"AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']);
$q->execute([]);
"AND registrations.year=?"
"AND students.year=?");
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if($q->rowCount()==0)
@ -80,13 +80,13 @@ show_pdo_errors_if_any($pdo);
{
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
'$k',
'$r->id',
?,
?,
'0',
NOW(),
'$CURRENT_FAIRYEAR'
?
)");
$stmt->execute();
$stmt->execute([$k,$r->id,$CURRENT_FAIRYEAR]);
}

3
register_participants_namecheck.php
View File

@ -39,7 +39,8 @@ if (!$_SESSION['registration_number']) {
global $pdo;
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=?");
$q->execute([$_SESSION['registration_id']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {

4
register_participants_project.php
View File

@ -150,8 +150,8 @@ $q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=? AND year=?")
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
// check if it exists, if we didnt find any record, lets insert one
if ($q->rowCount() == 0) {
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('" . $_SESSION['registration_id'] . "','$projectcategories_id','" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES (?,?,?)");
$stmt->execute([$_SESSION['registration_id'],$projectcategories_id,$config['FAIRYEAR']]);
// now query the one we just inserted
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=? AND year=?");

4
register_participants_safety.php
View File

@ -73,8 +73,8 @@ if (get_value_from_array($_POST, 'action') == 'save') {
if (is_array($_POST['safety'])) {
$safetyids = array_keys($_POST['safety']);
foreach ($safetyids AS $key => $val) {
$stmt = $pdo->prepare('INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (' . $pdo->quote($_SESSION['registration_id']) . ', ' . $pdo->quote($val) . ', ' . $pdo->quote($config['FAIRYEAR']) . ', ' . $pdo->quote(stripslashes($_POST['safety'][$val]))) . ')';
$stmt->execute([]);
$stmt = $pdo->prepare('INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (?,?,?,?) ');
$stmt->execute([$pdo->quote($_SESSION['registration_id']),$pdo->quote($val),$pdo->quote($config['FAIRYEAR']),$pdo->quote(stripslashes($_POST['safety'][$val]))]);
show_pdo_errors_if_any($pdo);
}
}

10
register_participants_signature.php
View File

@ -106,12 +106,12 @@ if ($_GET['sample']) {
FROM projects
JOIN projectdivisions ON projects.projectdivisions_id=projectdivisions.id
JOIN projectcategories ON projects.projectcategories_id=projectcategories.id
WHERE registrations_id='" . $_SESSION['registration_id'] . "'
AND projects.year='" . $config['FAIRYEAR'] . "'
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
WHERE registrations_id=?
AND projects.year=?
AND projectdivisions.year=?
AND projectcategories.year=?
");
$q->execute();
$q->execute([$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?");

10
register_participants_signature_tcpdf.php
View File

@ -91,12 +91,12 @@ if ($_GET['sample']) {
FROM projects
JOIN projectdivisions ON projects.projectdivisions_id=projectdivisions.id
JOIN projectcategories ON projects.projectcategories_id=projectcategories.id
WHERE registrations_id='" . $_SESSION['registration_id'] . "'
AND projects.year='" . $config['FAIRYEAR'] . "'
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
WHERE registrations_id=?
AND projects.year=?
AND projectdivisions.year=?
AND projectcategories.year=?
");
$q->execute();
$q->execute([$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?");

12
register_participants_spawards.php
View File

@ -40,13 +40,13 @@ if (!$_SESSION['registration_number']) {
}
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {

4
register_participants_students.php
View File

@ -437,8 +437,8 @@ for ($x = 1; $x <= $numtoshow; $x++) {
echo "<tr>\n";
echo ' <td>' . i18n('School') . '</td><td colspan="3">';
if ($config['participant_registration_type'] == 'open' || $config['participant_registration_type'] == 'singlepassword' || $config['participant_registration_type'] == 'openorinvite' || ($studentinfo && !$studentinfo->schools_id)) {
$schoolq = $pdo->prepare("SELECT id,school,city FROM schools WHERE year='" . $config['FAIRYEAR'] . "' ORDER by city,school");
$schoolq->execute([]);
$schoolq = $pdo->prepare("SELECT id,school,city FROM schools WHERE year=? ORDER by city,school");
$schoolq->execute([$config['FAIRYEAR']]);
echo "<select name=\"schools_id[$x]\">\n";
echo '<option value="">' . i18n('Choose School') . "</option>\n";
while ($r = $schoolq->fetch(PDO::FETCH_OBJ)) {

22
remote.php
View File

@ -275,17 +275,17 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
// actually insert it
$stmt = $pdo->prepare('INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES ('
. "'$regnum','$regnum',NOW(),'open',NULL,'$year')");
$stmt->execute();
?,?,NOW(),'open',NULL,?')');
$stmt->execute([$regnum,$regnum,$year]);
$registrations_id = $pdo->lastInsertId();
/* We'll fill in the email address later */
/* Add the project */
$stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
VALUES('$registrations_id',
'" . $project['projectnumber'] . "',
'$year', '{$fair['id']}');");
$stmt->execute();
VALUES(?,
?,
?,?);");
$stmt->execute([$registrations_id,$project['projectnumber'],$year,$fair['id']]);
$pid = $pdo->lastInsertId();
$reg_email_needs_update = true;
$new_reg = true;
@ -304,8 +304,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
/* Record the winner */
$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
$stmt->execute();
VALUES(?,?,?,?)");
$stmt->execute([$prize['id'],$pid,$year,$fair['id']]);
/* Delete the students attached to this project */
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id=?");
$stmt->execute([$registrations_id]);
@ -321,9 +321,9 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
foreach ($student_fields as $k => $v)
$values .= ",'" . $student[$k] . "'";
/* Note lack of comma before $keys, we added it above for both keys and values */
$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` ?)
VALUES(?,?,?,? ? )");
$stmt->execute([$keys,$registrations_id,$fair['id'],$schools_id,$year,$values]);
/* Update the registration email */
if ($reg_email_needs_update) {

20
schoolaccess.php
View File

@ -68,16 +68,16 @@ if (get_value_from_array($_SESSION, 'schoolid') && $_SESSION['schoolaccesscode']
}
$stmt = $pdo->prepare("UPDATE schools SET
school='" . stripslashes($_POST['school']) . "',
address='" . stripslashes($_POST['address']) . "',
city='" . stripslashes($_POST['city']) . "',
province_code='" . stripslashes($_POST['province_code']) . "',
postalcode='" . stripslashes($_POST['postalcode']) . "',
phone='" . stripslashes($_POST['phone']) . "',
$sciencehead_update
fax='" . stripslashes($_POST['fax']) . "'
WHERE id='$school->id'");
$stmt->execute();
school=?,
address=?,
city=?,
province_code=?,
postalcode=?,
phone=?,
?
fax=?
WHERE id=?");
$stmt->execute([stripslashes($_POST['school']),stripslashes($_POST['address']),stripslashes($_POST['city']), stripslashes($_POST['province_code']),stripslashes($_POST['postalcode']),stripslashes($_POST['phone']),stripslashes($_POST['fax']),$sciencehead_update,$school->id]);
show_pdo_errors_if_any($pdo);
if (check_for_pdo_errors($pdo))

16
schoolinvite.php
View File

@ -103,14 +103,14 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
students,
registrations
WHERE
students.schools_id='" . $school->id . "'
AND students.year='" . $config['FAIRYEAR'] . "'
students.schools_id=?
AND students.year=?
AND students.registrations_id=registrations.id
GROUP BY registrations.num
ORDER BY
lastname,
firstname");
$q->execute();
$q->execute([$school->id,$config['FAIRYEAR']]);
$currentinvited = $q->rowCount();
if ($datecheck != 0) {
@ -143,14 +143,14 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
students,
registrations
WHERE
students.schools_id='" . $school->id . "'
AND students.grade>='$catr->mingrade'
AND students.grade<='$catr->maxgrade'
AND students.year='" . $config['FAIRYEAR'] . "'
students.schools_id=?
AND students.grade>=?
AND students.grade<=?
AND students.year=?
AND students.registrations_id=registrations.id
GROUP BY registrations.num
");
$q2->execute();
$q2->execute([$school->id,$catr->mingrade,$catr->maxgrade,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$r2 = $q2->fetch(PDO::FETCH_OBJ);
$currentinvited = $r2->num;

12
scripts/assignprojectnumbers.php
View File

@ -36,8 +36,8 @@ $projq = $pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR
$projq->execute();
while ($projr = $projq->fetch(PDO::FETCH_OBJ)) {
$reg_id = $projr->id;
$q = $pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$q->execute();
$q = $pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id=?");
$q->execute([$reg_id]);
$r = $q->fetch(PDO::FETCH_OBJ);
$projectnumber = $config['project_num_format'];
@ -47,8 +47,8 @@ while ($projr = $projq->fetch(PDO::FETCH_OBJ)) {
// now change the N to a % so we can use it as a wildcard
$querynum = str_replace('N', '%', $projectnumber);
$searchq = $pdo->prepare("SELECT projectnumber FROM projects WHERE year='" . $config['FAIRYEAR'] . "' AND projectnumber LIKE '$querynum'");
$searchq->execute();
$searchq = $pdo->prepare("SELECT projectnumber FROM projects WHERE year=? AND projectnumber LIKE ?");
$searchq->execute([$config['FAIRYEAR'],$querynum]);
print ("SELECT projectnumber FROM projects WHERE year='" . $config['FAIRYEAR'] . "' AND projectnumber LIKE '$querynum'\n");
$searchnum = $searchq->rowCount();
echo "searchnum=$searchnum \n";
@ -77,8 +77,8 @@ while ($projr = $projq->fetch(PDO::FETCH_OBJ)) {
}
$projectnumber = str_replace('N', $Nnum, $projectnumber);
$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=? WHERE registrations_id=? AND year=?");
$stmt->execute([$projectnumber,$reg_id,$config['FAIRYEAR']]);
if ($projectnumber) {
echo "Assigned new project number $projectnumber\n";
} else {

4
scripts/assigntourrankings.php
View File

@ -50,9 +50,9 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$rank = 1;
while ($tr = $tq->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
?,?,?,'2008',?
)");
$stmt->execute();
$stmt->execute([$r->students_id,$r->registrations_id,$tr->id,$rank]);
$rank++;
}
echo "Assigned student $r->students_id\n";

32
scripts/judges_fake.php
View File

@ -127,8 +127,8 @@ for ($x = 0; $x < $numjudges; $x++) {
else
$complete = 'yes';
$q = $pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$q->execute();
$q = $pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES (?,?,?,?,?,?,?,?)");
$q->execute([$firstname,$lastname,$email,$years_school,$years_regional,$years_national,$willing_chair,$complete]);
$id = $pdo->lastInsertId();
// for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
@ -137,36 +137,36 @@ for ($x = 0; $x < $numjudges; $x++) {
// preference is ranked -2 to 2
for ($a = 1; $a <= 3; $a++) {
$catrank = rand(-2, 2);
$stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES (?,?,?,'2007')");
$stmt->execute([$id,$a,$catrank]);
}
// expertise is ranked 1-5
for ($a = 1; $a <= 6; $a++) {
$divrank = rand(1, 5);
$stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES (?,?,?,'2007')");
$stmt->execute([$id,$a,$divrank]);
}
// and add the record to the judges_years table so they will be 'active' for this year
$stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES (?,'2007')");
$stmt->execute([$id]);
// 60% chance they only speak english
// 20% chance they only speak french
// 20% chance they are bilingual
$num = rand(0, 100);
if ($num < 60) {
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES (?,'en')");
$stmt->execute([$id]);
} else if ($num < 80) {
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES (?,'fr')");
$stmt->execute([$id]);
} else {
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES (?,'en')");
$stmt->execute([$id]);
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES (?,'fr')");
$stmt->execute([$id]);
}
}

12
scripts/populate_fake.php
View File

@ -72,8 +72,8 @@ for ($x = 0; $x < $numprojects; $x++) {
else
$status = 'complete';
$q = $pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
$q->execute();
$q = $pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES (?,?,NOW(),?,2011)");
$q->execute([$regnum,$email,$status]);
if ($id = $pdo->lastInsertId()) {
$peeps = rand(1, $prob_dual);
if ($peeps == 1)
@ -104,8 +104,8 @@ for ($x = 0; $x < $numprojects; $x++) {
$firstname = getrand($firstnames);
$email = strtolower($firstname) . '@' . getrand($domains);
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','" . getrand($lastnames) . "','$email','$sex','$grade','2011','$schools_id')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES (?,?,?,?,?,?,'2011',?)");
$stmt->execute([$id,$firstname,getrand($lastnames),$email,$sex,$grade,$schools_id]);
}
$div = rand(1, 6);
@ -129,8 +129,8 @@ for ($x = 0; $x < $numprojects; $x++) {
else
$lang = 'en';
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES (?,?,?,? ?,2011,?,?,?)");
$stmt->execute([$id,$cat,$div,$title,$lang,$req_e,$req_t,$lang]);
}
}

12
scripts/rolloverschools.php
View File

@ -34,8 +34,8 @@ require_once ('../config_editor.inc.php');
function roll($currentfairyear, $newfairyear, $table, $fields)
{
global $pdo;
$q = $pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM ? WHERE year=?");
$q->execute([$table,$currentfairyear]);
show_pdo_errors_if_any($pdo);
$names = '`' . join('`,`', $fields) . '`';
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
@ -44,8 +44,8 @@ function roll($currentfairyear, $newfairyear, $table, $fields)
$vals .= ",'" . $r[$f] . "'";
}
$stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO ?(`year`,?) VALUES (??)");
$stmt->execute([$table,$names,$newfairyear,$vals]);
show_pdo_errors_if_any($pdo);
}
}
@ -55,8 +55,8 @@ $newfairyear = 2010;
echo i18n('Rolling schools') . '<br />';
// award types
$q = $pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM schools WHERE year=?");
$q->execute([$currentfairyear]);
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'" . intval($r->principal_uid) . "'");

28
tableeditor.class.php
View File

@ -368,8 +368,8 @@ class TableEditor
$inputsize = 0;
// figure out what kind of input this should be
$q = $pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$q->execute([]);
$q = $pdo->prepare("SHOW COLUMNS FROM ? LIKE ?");
$q->execute([$this->table,$f]);
$r = $q->fetch(PDO::FETCH_OBJ);
if (preg_match('([a-z]*)\(([0-9,]*)\)', $r->Type, $regs)) {
@ -461,15 +461,15 @@ class TableEditor
function defaultLoad()
{
global $pdo;
$query = "SELECT {$this->primaryKey}";
$query = "SELECT ?";
foreach ($this->editfields AS $f => $n)
$query .= ", `$f`";
$query .= " FROM `{$this->table}`";
$query .= " WHERE {$this->primaryKey}='{$_GET['edit']}'";
$query .= ", ?";
$query .= " FROM ?";
$query .= " WHERE ?=?";
if ($this->DEBUG)
echo $query;
$editquery = $pdo->prepare($query);
$editquery->execute();
$editquery->execute([$this->primaryKey,$f,$this->table,$this->primaryKey,$_GET['edit']]);
$editdata = $editquery->fetch(PDO::FETCH_ASSOC);
return $editdata;
}
@ -504,20 +504,20 @@ class TableEditor
if ($insert_mode) {
$query .= ')';
} else {
$query .= " WHERE {$this->primaryKey}='{$keyval}'";
$query .= " WHERE ?=?";
}
if ($this->DEBUG)
echo $query;
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$this->primaryKey,$keyval]);
}
function defaultDelete($keyval)
{
global $pdo;
$stmt = $pdo->prepare("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM ? WHERE ?=?");
$stmt->execute([$this->table,$this->primaryKey,$keyval]);
echo happy(i18n('Successfully deleted %1', array($this->recordType)));
}
@ -991,7 +991,7 @@ class TableEditor
// just to make sure nothing funky is goin on.
if ($offset < 0)
$offset = 0;
$query .= " LIMIT $offset,$this->rowsPerPage";
$query .= " LIMIT ?,?";
}
if ($this->allowAdding) {
@ -1003,7 +1003,7 @@ class TableEditor
echo $query;
$q = $pdo->prepare($query);
$q->execute();
$q->execute([$offset,$this->rowsPerPage]);
if ($q == false) {
echo "Sorry, DB query failed: <pre>$query</pre><br />";
@ -1104,7 +1104,7 @@ class TableEditor
foreach ($this->listfields AS $f => $n) {
// figure out what kind of input this should be
$typeq = $pdo->prepare("SHOW COLUMNS FROM ? LIKE ?");
$typeq->execute([$this->table,$f]);
$typeq->execute([$this->table,$config['FAIRYEAR']]);
$typer = $typeq->fetCh(PDO::FETCH_OBJ);
if ($typer->Type == 'time')
echo '<td valign="top">' . $this->format_time($r->$f) . '</td>';

6
tours.class.php
View File

@ -114,7 +114,7 @@ class tours
if ($this->id == false) {
$query = "INSERT INTO tours (id) VALUES ('')";
$stmt = $pdo->prepare($query);
$stmt->execute([]);
$stmt->execute();
$this->id = $pdo->lastInsertId();
}
@ -130,11 +130,11 @@ class tours
// rip off the last comma
$query = substr($query, 0, -1);
$query .= " WHERE id='{$this->id}'";
$query .= " WHERE id=?";
// echo $query;
$stmt = $pdo->prepare($query);
$stmt->execute();
$stmt->execute([$this->id]);
}
function tableEditorDelete()

4
user.inc.php
View File

@ -716,9 +716,9 @@ function user_dupe_row($table, $key, $val, $newval)
$keys = '`' . join('`,`', array_keys($i)) . '`';
$vals = join(',', array_values($i));
$q = "INSERT INTO $table ($keys) VALUES ($vals)";
$q = "INSERT INTO $table (?) VALUES (?)";
$r = $pdo->prepare($q);
$r->execute();
$r->execute([$keys,$vals]);
show_pdo_errors_if_any($pdo);
$id = $pdo->lastInsertId();