From 974eb738f38e9393bdeca60f1ffe9ca7ad431b4a Mon Sep 17 00:00:00 2001
From: Armanveer Gill <contact@science-ation.ca>
Date: Tue, 17 Dec 2024 01:34:35 -0500
Subject: [PATCH] errors

---
 admin/award_awards.php               |   2 +-
 admin/committees.php                 |  31 +++---
 admin/donors.php                     |   6 +-
 admin/donors_search.php              |   4 +-
 admin/fundraising.php                |  17 ++--
 admin/fundraising_common.inc.php     |   2 +-
 admin/fundraising_setup.php          |   2 +-
 admin/index.php                      |   4 +-
 admin/judges.inc.php                 |  16 +--
 admin/judges_timeslots.php           |   6 +-
 admin/registration_list.php          |   7 +-
 admin/registration_receivedforms.php |   8 +-
 admin/registration_stats.php         |  12 +--
 admin/rerollprizes.php               |   2 +-
 admin/user_list.php                  |   8 +-
 admin/winners.php                    |   3 +-
 committees.php                       |  16 +--
 common.inc.php                       |  51 +++++-----
 config/backuprestore.php             |   4 +-
 config/categories.php                |  29 +++---
 config/dates.php                     |   7 +-
 config/divisions.php                 |  30 +++---
 config/divisions_cwsf.php            |   3 +-
 config/images.php                    |   4 +-
 config/languagepacks.php             |   6 +-
 config/rollover.php                  | 140 +++++++++++++++------------
 config/safetyquestions.php           |  16 +--
 config/signaturepage.php             |  20 ++--
 config/subdivisions.php              |  28 +++---
 config/variables.php                 |   8 +-
 config/versionchecker.php            |   4 +-
 config_editor.inc.php                |  37 ++++---
 confirmed_participants.php           |  33 +++++--
 helper.inc.php                       |  12 +++
 register_participants.php            |  16 +--
 user.inc.php                         |  28 +++---
 user_activate.php                    |  10 +-
 user_invite.php                      |   6 +-
 user_password.php                    |   6 +-
 user_personal.php                    |  11 ++-
 winners.php                          |   9 +-
 41 files changed, 368 insertions(+), 296 deletions(-)

diff --git a/admin/award_awards.php b/admin/award_awards.php
index 0aafc3b..1833788 100644
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@@ -27,7 +27,7 @@
  user_auth_required('committee', 'admin');
  require_once('awards.inc.php');
 
- switch($_GET['action']) {
+ switch(get_value_from_array($_GET, 'action')) {
  case 'awardinfo_load':
  	$id = intval($_GET['id']);
 	
diff --git a/admin/committees.php b/admin/committees.php
index db8abbb..317c5c3 100644
--- a/admin/committees.php
+++ b/admin/committees.php
@@ -28,7 +28,7 @@
 
  user_auth_required('committee', 'admin');
 
-if($_POST['users_uid'])
+if(get_value_from_array($_POST,'users_uid'))
 	$uid = intval($_POST['users_uid']);
 
 
@@ -95,7 +95,7 @@ function actionChanged()
 }
 
 function actionSubmit()
-{
+{	
 	if(document.forms.memberaction.action.selectedIndex==0)
 	{
 		alert('You must choose an action');
@@ -124,8 +124,8 @@ function actionSubmit()
 //-->
 </script>
 <?
-
-if($_POST['addcommittee'])
+global $uid;
+if(get_value_from_array($_POST,'addcommittee'))
 {
 	//add a new committee
 	//re-order the committees
@@ -134,7 +134,7 @@ if($_POST['addcommittee'])
 	echo happy(i18n("Committee successfully added"));
 }
 
-if($_POST['committees_id'] && $_POST['committees_ord']) {
+if(get_value_from_array($_POST,'committees_id') && get_value_from_array($_POST,'committees_ord')) {
 	//re-order the committees
 	$x=0;
 	$ids=$_POST['committees_id'];
@@ -172,9 +172,9 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
 
 }
 
-if($_POST['action']=="assign")
+if(get_value_from_array($_POST, 'action', "assign"))
 {
-	if($_POST['committees_id'] && $_POST['users_uid']) {
+	if(get_value_from_array($_POST, 'committees_id') && get_vaue_from_array($_POST,'users_uid')) {
 		$cid = intval($_POST['committees_id']);
 		$q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
 		$q->execute();
@@ -191,7 +191,7 @@ if($_POST['action']=="assign")
 		echo error(("You must choose both a member and a committee"));
 }
 
-if($_GET['deletecommittee']) {
+if(get_value_from_array($_GET, 'deletecommittee')) {
 	$del = intval($_GET['deletecommittee']);
 
 	$q = $pdo->prepare("DELETE FROM committees WHERE id='$del'");
@@ -199,13 +199,13 @@ if($_GET['deletecommittee']) {
 	echo happy(i18n("Committee removed"));
 }
 
-if($_POST['action']=="remove") {
+if(get_value_from_array($_POST, 'action',"remove")) {
 	/* user_delete takes care of unlinking the user in other tables */
 	user_delete($uid, 'committee');
 	echo happy(i18n("Committee member deleted"));
 }
 
-if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
+if(get_value_from_array($_GET, 'unlinkmember') && get_value_from_array($_GET,'unlinkcommittee')) {
 	$mem = intval($_GET['unlinkmember']);
 	$com = intval($_GET['unlinkcommittee']);
 	//unlink the member from the committee
@@ -304,7 +304,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 
 	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
 	$q->execute();
-	if($q->rowCout())
+	if($q->rowCount())
 	{
 		echo "<h4>".i18n("Committees")."</h4>";
 		echo "<form method=\"post\" action=\"committees.php\">\n";
@@ -359,14 +359,15 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 
 				echo "</td><td>";
 
-				if($u['email']) {
-					list($b,$a)=split("@",$u['email']);
+				if(get_value_from_array($u, 'email')) {
+					print_r($u["email"]);
+					list($b,$a)=explode("@",$u['email']);
 					echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
 				}
 
-				if($u['emailprivate']) {
+				if(get_value_from_array($u, 'emailprivate')) {
 					if($u['email']) echo " <b>/</b> ";
-					list($b,$a)=split("@",$u['emailprivate']);
+					list($b,$a)=explode("@",$u['emailprivate']);
 					echo "<script language=\"javascript\" type=\"text/javascript\">em('$b','$a')</script>";
 				}
 
diff --git a/admin/donors.php b/admin/donors.php
index 6f93e9f..d49620f 100644
--- a/admin/donors.php
+++ b/admin/donors.php
@@ -28,7 +28,7 @@ user_auth_required('committee', 'admin');
 require_once("fundraising_common.inc.php");
 
 
-switch($_GET['action']) {
+switch(get_value_from_array($_GET, 'action')) {
 	case 'organizationinfo_load':
 		$id=intval($_GET['id']);
 		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
@@ -1189,7 +1189,7 @@ function removedonation(donationid,sponsorid) {
 <?
 
  
-if($_GET['action']=="delete" && $_GET['delete'])
+if(get_value_from_array($_GET, 'action') == "delete" && get_value_from_array($_GET, 'delete'))
 {
 	//dont allow any deleting until we figure out what we need to do, infact, i think we never should hard delete
 	//this should only soft-delete so things like awards from previous years are still all linked correctly.
@@ -1293,7 +1293,7 @@ echo "<hr />";
 </div>
 <?
 
-if($_GET['action']=="add") {
+if(get_value_from_array($_GET,'action',"add")) {
 ?>
 <script type="text/javascript">
 $(document).ready(function() {
diff --git a/admin/donors_search.php b/admin/donors_search.php
index adc790d..59fbe03 100644
--- a/admin/donors_search.php
+++ b/admin/donors_search.php
@@ -30,8 +30,8 @@
 		//$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization");
 		//we want to show all years, infact that year field probably shouldnt even be there.
 		$sql="";
-		if($_POST['search']) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
-		if(count($_POST['donortype'])) {
+		if(get_value_from_array($_POST, 'search')) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
+		if(count(get_value_from_array($_POST, 'donortype'))) {
 			$sql.=" AND (0 ";
 			foreach($_POST['donortype'] AS $d) {
 				$sql.=" OR donortype='$d'";
diff --git a/admin/fundraising.php b/admin/fundraising.php
index 04284a2..9bbdbac 100644
--- a/admin/fundraising.php
+++ b/admin/fundraising.php
@@ -26,7 +26,7 @@
 
  user_auth_required('committee', 'admin');
 
-if($_GET['action']=="refresh") {
+if(get_value_from_array($_GET,'action',"refresh")) {
 ?>
 
 <h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3>
@@ -49,7 +49,7 @@ $q->execute();
      //lookup all donations made towards this goal
      $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
      $recq->execute();
-     echo $pdo->errorInfo();
+     show_pdo_errors_if_any($pdo);
      $recr=$recq->fetch(PDO::FETCH_OBJ);
      $received=$recr->received;
      if($r->budget)
@@ -93,7 +93,7 @@ $q->execute();
     $goalr=$goalq->fetch(PDO:FETCH_OBJ);
     $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
     $recq->execute();
-    echo $pdo->errorInfo();
+    show_pdo_errors_if_any();
     $recr=$recq->fetch(PDO::FETCH_OBJ);
     $received=$recr->received;
     if($r->target)
@@ -132,7 +132,7 @@ $q=$pdo->prepare("SELECT id,value, thanked, status, sponsors_id, datereceived,
     ORDER BY datereceived
     ");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
 
 if($q->rowCount()) {
     echo "<table class=\"tableview\">";
@@ -186,7 +186,7 @@ $q=$pdo->prepare("SELECT value, receiptrequired, receiptsent, status, sponsors_i
     ORDER BY datereceived
     ");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
 if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr><th>".i18n("Name")."</th>\n";
@@ -223,7 +223,7 @@ if($q->rowCount()) {
 <?
 $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
 if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<thead><tr>";
@@ -246,7 +246,8 @@ if($q->rowCount()) {
 <?
 $q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
+
 if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr>";
@@ -267,7 +268,7 @@ if($q->rowCount()) {
 
 	exit;
 }
-else if (count($_POST['thanked'])) {
+else if (get_value_from_array($_POST, 'thanked')) {
 	foreach($_POST['thanked'] AS $t) {
 		$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
     $stmt->execute();
diff --git a/admin/fundraising_common.inc.php b/admin/fundraising_common.inc.php
index cddf0e3..3c293b0 100644
--- a/admin/fundraising_common.inc.php
+++ b/admin/fundraising_common.inc.php
@@ -7,6 +7,6 @@ function getGoal($goal) {
 	$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
 	$q->execute();
 	return $q->rowCount();
-
+}
 
 ?>
diff --git a/admin/fundraising_setup.php b/admin/fundraising_setup.php
index 50a6d9e..41bbacb 100644
--- a/admin/fundraising_setup.php
+++ b/admin/fundraising_setup.php
@@ -183,7 +183,7 @@
         echo $config['FISCALYEAR'];
         echo "</td></tr>\n";
         echo "<tr><td>".i18n("Fiscal Year End")."</td><td>";
-        list($month,$day)=split("-",$config['fiscal_yearend']);
+        list($month,$day)=explode("-",$config['fiscal_yearend']);
         emit_month_selector("fiscalendmonth",$month);
         emit_day_selector("fiscalendday",$day);
         echo "</td></tr>\n";
diff --git a/admin/index.php b/admin/index.php
index 46ab175..aeaa644 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -84,7 +84,7 @@
  echo "  <td><a href=\"cwsfregister.php\">".theme_icon("one-click_cwsf_registration")."<br />".i18n("One-Click CWSF Registration")."</a></td>";
  echo "  <td><a href=\"fair_stats.php\">".theme_icon("fair_stats")."<br />".i18n("Upload Fair Statistics")."</a></td>";
  echo "  <td><a href=\"user_list.php?show_types[]=fair\">".theme_icon("sciencefair_management")."<br />".i18n("Feeder/Upstream Fair Management")."</a></td>";
-if($config['score_entry_enable'] == 'yes') {
+if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
  echo "<td><a href=\"judging_score_entry.php\">".theme_icon("judging_score_entry")."<br />".i18n("Judging Score Entry")."</a></td>";
  }
  echo " </tr>\n";
@@ -96,7 +96,7 @@ if($config['score_entry_enable'] == 'yes') {
  echo "  <td><a href=\"documents.php\">".theme_icon("internal_document_management")."<br />".i18n("Internal Document Management")."</a></td>";
  echo "  <td><a href=\"cms.php\">".theme_icon("website_content_management")."<br />".i18n("Website Content Management")."</a></td>";
  echo "  <td><a href=\"fundraising.php\">".theme_icon("fundraising")."<br />".i18n("Fundraising")."</a></td>";
- if($config['score_entry_enable'] == 'yes') {
+ if(get_value_from_array($config, 'score_entry_enable') == 'yes') {
  echo "<td><a href=\"../plugins/evaluations/index.php\">".theme_icon("judging_score_entry")."<br />".i18n("Evaluations Plugin")."</a></td>"; 
  }
  //echo "  <td><a href=\"../plugins/evaluations/index.php\">Go To Evaluations</a></td>";
diff --git a/admin/judges.inc.php b/admin/judges.inc.php
index 13e75a6..84cc677 100644
--- a/admin/judges.inc.php
+++ b/admin/judges.inc.php
@@ -2,7 +2,7 @@
 function getJudgingTeams()
 {
 	global $config;
-
+	global $pdo;
 	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
@@ -17,9 +17,9 @@ function getJudgingTeams()
 
 	$lastteamid=-1;
 	$lastteamnum=-1;
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	$teams=array();
-	while($r=$q->fetch(PDO::FETCH_OBJS))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$teams[$r->id]['id']=$r->id;
 		$teams[$r->id]['num']=$r->num;
@@ -32,7 +32,7 @@ function getJudgingTeams()
 		$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
 					LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
 					WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
-		tq->execute();
+		$tq->execute();
 		$teams[$r->id]['timeslots'] = array();
 		$teams[$r->id]['rounds'] = array();
 		while($ts = $tq->fetch(PDO::FETCH_ASSOC)) {
@@ -63,7 +63,7 @@ function getJudgingTeams()
 			lastname,
 			firstname");
 		$mq->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 
 		
         $teamlangs=array();
@@ -94,7 +94,7 @@ function getJudgingTeams()
 			WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
 			judges_teams_id='$r->id' AND language!='' ");
 		$lq->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		$projectlangs=array();
 		while($lr=$lq->fetch(PDO::FETCH_OBJ)) {
 			if(!in_array($lr->language,$projectlangs))
@@ -141,7 +141,7 @@ function getJudgingTeams()
 function getJudgingTeam($teamid)
 {
 	global $config;
-
+	global $pdo;
 	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
@@ -184,7 +184,7 @@ function getJudgingTeam($teamid)
 			lastname,
 			firstname");
 		$mq->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any();
 
 		
 		while($mr=$mq->fetch(PDO::FETCH_OBJ))
diff --git a/admin/judges_timeslots.php b/admin/judges_timeslots.php
index 0e28880..828496e 100644
--- a/admin/judges_timeslots.php
+++ b/admin/judges_timeslots.php
@@ -92,7 +92,7 @@
 								`type`='$type' WHERE id='$round_id'");
 		$stmt->execute();
 
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		message_push(happy(i18n("Round successfully saved")));
 		$action = '';
 	}
@@ -265,11 +265,11 @@
 
 	echo "</td></tr>";
 	echo "<tr><td>".i18n("Start Time").":</td><td>";
-	emit_time_selector("starttime",$r['starttime']);
+	emit_time_selector("starttime",get_value_from_array($r, 'starttime'));
 
 	echo "</td></tr>";
 	echo "<tr><td>".i18n("End Time").":</td><td>";
-	emit_time_selector("endtime",$r['endtime']);
+	emit_time_selector("endtime",get_value_from_array($r, 'endtime'));
 
 	echo "</td></tr>";
 	echo "</table>";
diff --git a/admin/registration_list.php b/admin/registration_list.php
index dedd4bc..a869f27 100644
--- a/admin/registration_list.php
+++ b/admin/registration_list.php
@@ -404,7 +404,7 @@ send_footer();
 /* Now some helper functions we call more than once */
 function list_query($year, $wherestatus, $reg_id)
 {
-	global $auth_type;
+	global $auth_type, $pdo;
 
 	$reg = '';
 	if($reg_id != false)
@@ -415,7 +415,7 @@ function list_query($year, $wherestatus, $reg_id)
 		$fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'";
 	}
 
-	$q = pdo->prepare("SELECT  registrations.id AS reg_id,
+	$q = $pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				registrations.email,
@@ -439,7 +439,8 @@ function list_query($year, $wherestatus, $reg_id)
 
 	
 
-	echo $pdo->erroInfo();
+	// FIXME
+	//echo $pdo->errorInfo();
 	return $q;
 }
 
diff --git a/admin/registration_receivedforms.php b/admin/registration_receivedforms.php
index 1909d8c..b58b677 100644
--- a/admin/registration_receivedforms.php
+++ b/admin/registration_receivedforms.php
@@ -40,7 +40,7 @@
  echo "<br />";
 
 $showformatbottom=true;
- if($_POST['action']=="received" && $_POST['registration_number'])
+ if(get_value_from_array($_POST, 'action') == "received" && get_value_from_array($_POST, 'registration_number'))
  {
  	$q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
 	$q->execute();
@@ -209,7 +209,7 @@ echo $pdo->errorInfo();
  	
 
  }
- else if(($_POST['action']=="receivedyes" || $_POST['action']=="receivedyesnocash") && $_POST['registration_number']) {
+ else if((get_value_from_array($_POST,'action',"receivedyes") || get_value_from_array($_POST,'action',"receivedyesnocash")) && get_value_from_array($_POST, 'registration_number')) {
  	
 	$regnum = intval($_POST['registration_number']);
  	$checkNumQuery=$pdo->prepare("SELECT projectnumber
@@ -285,12 +285,12 @@ echo $pdo->errorInfo();
  		echo happy(i18n("Registration of form %1 marked as payment pending",array($regnum)));
  	}
  }
- else if($_POST['action']=="receivedno" && $_POST['registration_number'])
+ else if(get_value_from_array($_POST, 'action',"receivedno") && get_value_from_array($_POST, 'registration_number'))
  {
  	echo notice(i18n("Registration of form %1 cancelled",array($_POST['registration_number'])));
 
  }
- else if($_GET['action']=="unregister" && $_GET['registration_number']) {
+ else if(get_value_from_array($_GET,'action',"unregister") && get_value_from_array($_GET, 'registration_number')) {
  	$reg_num=intval(trim($_GET['registration_number']));
  	$q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
 	$q->execute();
diff --git a/admin/registration_stats.php b/admin/registration_stats.php
index 0805558..a55f527 100644
--- a/admin/registration_stats.php
+++ b/admin/registration_stats.php
@@ -27,7 +27,7 @@
  user_auth_required('committee', 'admin');
  require("../register_participants.inc.php");
 
- if($_GET['year']) $year=$_GET['year'];
+ if(get_value_from_array($_GET, 'year')) $year=$_GET['year'];
  else $year=$config['FAIRYEAR'];
 
  send_header("Registration Statistics",
@@ -62,9 +62,8 @@
  echo "</form>";
 
 $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-
-
-while($r=$q->fetch(PDO::FETCH_OBJ)
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
 $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
@@ -83,7 +82,7 @@ if($showstatus) {
 	}
 }
 else $wherestatus="";
-	switch($_GET['sort']) {
+	switch(get_value_from_array($_GET, 'sort')) {
 		case 'status': 	$ORDERBY="registrations.status DESC, projects.title"; break;
 		case 'num': 	$ORDERBY="registrations.num"; break;
 		case 'projnum':	$ORDERBY="projects.projectsort, projects.projectnumber"; break;
@@ -113,7 +112,8 @@ else $wherestatus="";
 				$ORDERBY
 			");
 		$q->execute();
-		echo $pdo->errorInfo();
+		// FIXME
+		//echo $pdo->errorInfo();
 	
 	$stats_totalprojects=0;
 	$stats_totalstudents=0;
diff --git a/admin/rerollprizes.php b/admin/rerollprizes.php
index 31f6c83..853008c 100644
--- a/admin/rerollprizes.php
+++ b/admin/rerollprizes.php
@@ -54,7 +54,7 @@ $stmt->execute();
 		{
 			$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
 				'".$r->award_sponsors_id."',
-				'".$r->award_types_i)."',
+				'".$r->award_types_i."',
 				'".$r->name."',
 				'".$r->criteria."',
 				'".$r->presenter."',
diff --git a/admin/user_list.php b/admin/user_list.php
index 7f331a8..633ff9e 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -37,12 +37,12 @@
  $show_types = $_GET['show_types'];
  if(user_valid_type($show_types) == false) $show_types = array('judge');
 
- $show_complete = ($_GET['show_complete'] == 'yes') ? 'yes' : 'no';
- $show_year = ($_GET['show_year'] == 'current') ? 'current' : 'all';
+ $show_complete = (get_value_from_array($_GET,'show_complete','yes')) ? 'yes' : 'no';
+ $show_year = get_value_from_array($_GET,'show_year','current') ? 'current' : 'all';
 
- $uid = intval($_GET['uid']);
+ $uid = intval(get_value_from_array($_GET,'uid'));
 
- if($_GET['action']=='remove') {
+ if(get_value_from_array($_GET,'action','remove')) {
 	if(!$uid) {
 		echo "Invalid uid for delete";
 		exit;
diff --git a/admin/winners.php b/admin/winners.php
index 29ac2e2..83c3fcd 100644
--- a/admin/winners.php
+++ b/admin/winners.php
@@ -419,7 +419,8 @@ $q = $pdo->prepare("SELECT
 			$fair_where
 		ORDER BY awards_order");
 
-echo $pdo->errorInfo();
+// FIXME 
+//echo $pdo->errorInfo();
 
 if($q->rowCount() == 0) {
 	echo i18n('No awards to display.');
diff --git a/committees.php b/committees.php
index 6211f08..d9045ae 100644
--- a/committees.php
+++ b/committees.php
@@ -24,20 +24,21 @@
 <?
  require_once('common.inc.php');
  require_once('user.inc.php');
+ require_once('helper.inc.php');
  send_header("Committee List", null, "committee_management");
 
 	echo "<table>";
 	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
 	$q->execute();
 
-	while($r=$q->fetch())
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		/* Select all the u$q=("SELECT * FROM committees ORDER BY ord,name");sers in the committee, using MAX(year) for the most recent year */
-		$q2=("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
+		$q2=$pdo->prepare("SELECT committees_link.*,users.uid,MAX(users.year),users.lastname
 							FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid 
 							WHERE committees_id='{$r->id}' 
 							GROUP BY users.uid ORDER BY ord,users.lastname ");
-			
+		$q2->execute();
 		//if there's nobody in this committee, then just skip it and go on to the next one.
 		if($q2->rowCount()==0)
 			continue;
@@ -46,9 +47,10 @@
 		echo "<td colspan=\"3\"><h3>".i18n($r->name)."</h3>";
 		echo "</td></tr>\n";
 
-		echo pdo->errorInfo();
-		while($r2 = $q2->fetch()){
+		show_pdo_errors_if_any($pdo);
 
+		while($r2 = $q2->fetch(PDO::FETCH_OBJ)){
+			
 			$uid = $r2->users_uid;
 			$u = user_load_by_uid($uid);
 
@@ -72,8 +74,8 @@
 				$output=str_replace("email","",$output);
 
 			$output=str_replace("phonehome",$u['phonehome'],$output);
-			$output=str_replace("phonework",$u['->phonework'],$output);
-			$output=str_replace("phonecell",$u['->phonecell'],$output);
+			$output=str_replace("phonework",$u['phonework'],$output);
+			$output=str_replace("phonecell",$u['phonecell'],$output);
 			$output=str_replace("fax",$u['fax'],$output);
 
 			echo $output;
diff --git a/common.inc.php b/common.inc.php
index c1f019d..d0b8c2b 100644
--- a/common.inc.php
+++ b/common.inc.php
@@ -22,10 +22,10 @@
 */
 ?>
 <?
-include_once("helper.inc.php");
+
 //////echo phpinfo();
 header("Content-Type: text/html; charset=utf8"); 
-
+include_once("helper.inc.php");
 //set error reporting to not show notices, for some reason some people's installation dont set this by default
 //so we will set it in the code instead just to make sure
 error_reporting(E_ALL);
@@ -460,6 +460,7 @@ echo "</div>";
 <table cellpadding="5" width="100%">
 <tr><td width="175">
 <?
+	global $pdo;
 	//if the date is greater than the date/time that the confirmed participants gets posted,
 	//then we will show the registration confirmation page as a link in the menu,
 	$registrationconfirmationlink="";
@@ -467,8 +468,9 @@ echo "</div>";
 	//only display it if a date is set to begin with.
 	if($config['dates']['postparticipants'] && $config['dates']['postparticipants']!="0000-00-00 00:00:00")
 	{
-		$q=("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
-		$r=$q->fetch();
+		$q= $pdo->prepare("SELECT (NOW()>'".$config['dates']['regclose']."') AS test");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		if($r->test==1)
 		{
 			$registrationconfirmationlink="<li><a href=\"".$config['SFIABDIRECTORY']."/confirmed_participants.php\">".i18n("Confirmed Participants")."</a></li>";
@@ -480,21 +482,16 @@ echo "</div>";
 <?
 if(is_array($nav)) {
 		$navkeys=array_keys($nav);
-		switch($navkeys[2]) {
-			case "Fundraising":
-					echo "<ul class=\"mainnav\">\n";
-					echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n";
-					echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>';
-					echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>';
-					echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>';
-					echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>';
-					echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>';
-					echo "</ul><br />\n";
-			break;
-			default:
-				//no special menu
-			break;
-		}
+		if (isset($navkeys[2]) && $navkeys[2] == "Fundraising") {
+			echo "<ul class=\"mainnav\">\n";
+			echo "<li><h4 style=\"text-align: center;\">".i18n("Fundraising")."</h4></li>\n";
+			echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising.php\">".i18n("Fundraising Dashboard").'</a></li>';
+			echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_setup.php\">".i18n("Fundraising Setup").'</a></li>';
+			echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_campaigns.php\">".i18n("Manage Appeals").'</a></li>';
+			echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/donors.php\">".i18n("Manage Donors/Sponsors").'</a></li>';
+			echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/fundraising_reports.php\">".i18n("Fundraising Reports").'</a></li>';
+			echo "</ul><br />\n";
+		}		
 }
 ?>
 <ul class="mainnav">
@@ -618,7 +615,7 @@ else if($title)
 //if we're under /admin or /config then we want to show the ? help icon
 if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="\\admin" || substr(getcwd(),-7)=="\\config" )
 {
-	if($_SERVER['REDIRECT_SCRIPT_URL'])
+	if(get_value_from_array($_SERVER, 'REDIRECT_SCRIPT_URL'))
 		$fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1);
 	else
 		$fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1);	
@@ -830,7 +827,8 @@ function emit_minute_selector($name,$selected="")
 
 function emit_time_selector($name,$selected="")
 {
-
+	global $hour;
+	global $minute;
 	if($selected)
 	{
 		list($hour,$minute,$second)=explode(":",$selected);
@@ -848,7 +846,9 @@ function emit_time_selector($name,$selected="")
 function emit_province_selector($name,$selected="",$extra="")
 {
 	global $config;
-	$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
+	global $pdo;
+	$q=$pdo->prepare("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
+	$q->execute();
 	if($q->rowCount()==1)
 	{
 		$r = $q->fetch();
@@ -1169,7 +1169,8 @@ function committee_warnings()
 	$q = $pdo->prepare("SELECT DATE_ADD('".$config['dates']['fairdate']."', INTERVAL 4 MONTH) < NOW() AS rollovercheck");
 	$q->execute();
 
-	$r = $q->fetch();
+	$r = $q->fetch(PDO::FETCH_OBJ);
+	
 	if($r->rollovercheck) {
 		echo error(i18n("It has been more than 4 months since your fair.  In order to prepare the system for the next year's fair, you should go to the SFIAB Configuration page, and click on 'Rollover Fair Year'.  Do not start updating the system with new information until the year has been properly rolled over."));
 	}
@@ -1183,7 +1184,7 @@ function committee_warnings()
 		/* The bug was that the external_identifier was set to the prize name.. so only display the warning
 		 * if we find that case for a non-sfiab external fair */
 		while(($p = $q->fetch(PDO::FETCH_ASSOC) )) {
-			$qq = ("SELECT * FROM award_awards 
+			$qq = ("SELECT * FROM award_awards $r->rollovercheck
 						LEFT JOIN fairs ON fairs.id=award_awards.award_source_fairs_id
 						WHERE award_awards.id='{$p['award_awards_id']}'
 						AND year='{$config['FAIRYEAR']}'
@@ -1254,7 +1255,7 @@ function format_datetime($dt) {
 }
 
 function format_money($n,$decimals=true)
-{
+{	global $neg;
 	if($n<0){
 		$neg=true;
 		$n=$n*-1;
diff --git a/config/backuprestore.php b/config/backuprestore.php
index b219120..5dea7bd 100644
--- a/config/backuprestore.php
+++ b/config/backuprestore.php
@@ -32,7 +32,7 @@ if(!file_exists("../data/backuprestore"))
  	file_put_contents("../data/backuprestore/.htaccess","Order Deny,Allow\r\nDeny From All\r\n");
 
 
-if($_GET['action']=="backup") {
+if(get_value_from_array($_GET,'action',"backup")) {
 $ts=time();
 $dump="#SFIAB SQL BACKUP: ".date("r",$ts)."\n";
 $dump.="#SFIAB VERSION: ".$config['version']."\n";
@@ -50,7 +50,7 @@ while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
 	$str="INSERT INTO `$table` (";
 	unset($fields);
 	$fields=array();
-	while($cr=$columnq->fetch(PDO:FETCH_OBJ)) {
+	while($cr=$columnq->fetch(PDO::FETCH_OBJ)) {
 		$str.="`".$cr->Field."`,";
 		$fields[]=$cr->Field;
 	}
diff --git a/config/categories.php b/config/categories.php
index 15668ab..8c3929f 100644
--- a/config/categories.php
+++ b/config/categories.php
@@ -24,10 +24,11 @@
 <?
  require("../common.inc.php");
  require_once("../user.inc.php");
+ require_once('../helper.inc.php');
  user_auth_required('committee', 'config');
 
- if($_GET['action']=="edit" || $_GET['action']=="new") {
- 	send_header(($_GET['action']=="edit") ? 'Edit Category' : 'New Category',
+ if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
+ 	send_header((get_value_from_array($_GET, 'action',"edit")) ? 'Edit Category' : 'New Category',
  		array('Committee Main' => 'committee_main.php',
 			'SFIAB Configuration' => 'config/index.php',
 			'Age Categories' => 'config/categories.php'),"project_age_categories");
@@ -37,10 +38,10 @@
 			'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
  }
 
- if($_POST['action']=="edit")
+ if(get_value_from_array($_POST, 'action', "edit"))
  {
  	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
- 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
+ 	if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'category') && isset($_POST['mingrade']) && $_POST['maxgrade'])
 	{
 		$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
@@ -68,10 +69,10 @@
 	}
  }
 
- if($_POST['action']=="new")
+ if(get_value_from_array($_POST, 'action', "new"))
  {
  	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
- 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
+ 	if(get_value_from_array($_POST, 'id') && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
 	{
 		$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
@@ -99,7 +100,7 @@
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
+ if(get_value_from_array($_GET, 'action',"remove") && get_value_from_array($_GET, 'remove'))
  {
  	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
@@ -113,7 +114,7 @@
 
  echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
 
- if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
+ if(! get_value_from_array($_GET, 'action', "edit" ) || get_value_from_array($_GET, 'action',"new") )
 	echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new age category")."</a>\n";
 
  echo "<table class=\"summarytable\">";
@@ -126,18 +127,18 @@
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
+ if(get_value_from_array($_GET, 'action', "edit") || get_value_from_array($_GET, 'action', "new"))
  {
- 	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
+ 	echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";	
+ 	if(get_value_from_array($_GET,'action',"edit"))
 	{
- 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+ 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";	
+		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".get_value_from_array($_GET, 'edit')."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
 		$categoryr=$q->fetch(PDO::FETCH_OBJ);
 		$buttontext="Save";
 	}
-	else if($_GET['action']=="new")
+	else if(get_value_from_array($_GET,'action',"new"))
 	{
 		$buttontext="Add";
 	}
diff --git a/config/dates.php b/config/dates.php
index e66a2fd..c534750 100644
--- a/config/dates.php
+++ b/config/dates.php
@@ -24,6 +24,7 @@
 <?
  require("../common.inc.php");
  require_once("../user.inc.php");
+ require_once('../helper.inc.php');
  user_auth_required('committee', 'config');
  send_header("Dates",
  		array('Committee Main' => 'committee_main.php',
@@ -49,7 +50,7 @@ $(document).ready(function() {
 
 $error_ids = array();
 
- if($_POST['action']=="save") {
+ if(get_value_from_array($_POST, 'action', "save")) {
  	if($_POST['savedates']) {
 		foreach($_POST['savedates'] as $key=>$val) {
             //put the date and time back together
@@ -74,7 +75,7 @@ $dates  = array('fairdate' => array() ,
 		'regclose' => array(), 
 		'postparticipants' => array(),
 		'postwinners' => array(), 
-		'judgeregopen' => datesarray(), 
+		'judgeregopen' => array(), 
 		'judgeregclose' => array(), 
 		'judgescheduleavailable' => array(), 
 		'specawardregopen' => array(),
@@ -141,7 +142,7 @@ foreach($dates as $dn=>$d) {
 		$d['date']=$def->date;
 	}
 	$e = '';
-	if($error_ids[$d['id']]) {
+	if(get_value_from_array($error_ids, $d['id'])) {
 		$e = "<span style=\"color: red;\">*</span> ".$error_ids[$d['id']]."</font>";
 	}
     list($_d,$_t)=explode(" ",$d['date']);
diff --git a/config/divisions.php b/config/divisions.php
index 86bfd9b..db956d6 100644
--- a/config/divisions.php
+++ b/config/divisions.php
@@ -24,10 +24,11 @@
 <?
  require("../common.inc.php");
  require_once("../user.inc.php");
+ require_once('../helper.inc.php');
  user_auth_required('committee', 'config');
 
-if($_GET['action']=="edit" || $_GET['action']=="new") {
-	send_header(($_GET['action']=="edit") ? "Edit Division" : "New Division",
+if(get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new")) {
+	send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Division" : "New Division",
 			array('Committee Main' => 'committee_main.php',
 				'SFIAB Configuration' => 'config/index.php',
 				'Project Divisions' => 'config/divisions.php'),
@@ -40,9 +41,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
  }
 
  
- if($_POST['action']=="edit")
+ if(get_value_from_array($_POST,'action',"edit"))
  {
- 	if($_POST['id'] && $_POST['division'] )
+ 	if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division' ))
 	{
 		$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
@@ -86,9 +87,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	}
  }
 
- if($_POST['action']=="new")
+ if(get_value_from_array($_POST, 'action',"new"))
  {
- 	if($_POST['id'] && $_POST['division'])
+ 	if(get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division'))
 	{
 		$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
@@ -125,7 +126,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
+ if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET, 'remove'))
  {
  	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
@@ -138,7 +139,7 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 
  echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
 
- if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
+ if(! get_value_from_array($_GET, 'action',"edit") || get_value_from_array($_GET,'action',"new") )
 	echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new division")."</a>\n";
 
  echo "<table class=\"summarytable\">";
@@ -153,18 +154,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
+ if(get_value_from_array($_GET, 'action', "edit") ||get_value_from_array( $_GET,'action',"new"))
  {
- 	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
+ 	echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET, 'action')."\">\n";	
+ 	if(get_value_from_array($_GET,'action',"edit"))
 	{
- 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+ 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET,'edit')."\">\n";	
+		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
 		$divisionr=$q->fetch(PDO::FETCH_OBJ);
+		
 		$buttontext="Save";
 	}
-	else if($_GET['action']=="new")
+	else if(get_vaue_from_array($_GET,'action',"new"))
 	{
 		$buttontext="Add";
 	}
diff --git a/config/divisions_cwsf.php b/config/divisions_cwsf.php
index 0f644d6..05314cd 100644
--- a/config/divisions_cwsf.php
+++ b/config/divisions_cwsf.php
@@ -24,6 +24,7 @@
 <?
  require("../common.inc.php");
  require_once("../user.inc.php");
+ require_once('../helper.inc.php');
  user_auth_required('committee', 'config');
  send_header("CWSF Project Divisions",
  		array('Committee Main' => 'committee_main.php',
@@ -32,7 +33,7 @@
 			);
 
 ////// FIX ME!!!!!
- if(count($_POST['cwsfdivision']))
+ if(count(get_value_from_array($_POST, 'cwsfdivision')))
  {
  	foreach($_POST['cwsfdivision'] AS $k=>$v)
 	{
diff --git a/config/images.php b/config/images.php
index af0696c..c9fdcfc 100644
--- a/config/images.php
+++ b/config/images.php
@@ -30,7 +30,7 @@ send_header("Fair Logo Image",
 			'SFIAB Configuration' => 'config/index.php'),
             "images");
 
-if($_POST['action']=="addimage") {
+if(get_value_from_array($_POST,'action',"addimage")) {
 	if($_FILES['image']['error']==UPLOAD_ERR_OK) {
 		//make sure its a JPEG
 		$imagesize=getimagesize($_FILES['image']['tmp_name']);
@@ -96,7 +96,7 @@ if($_POST['action']=="addimage") {
 		echo error(i18n("Error uploading Logo Image").": ".$_FILES['image']['error']);
 }
 
-if($_POST['action']=="delimage") {
+if(get_value_from_array($_POST,'action',"delimage")) {
 	@unlink("../data/logo.gif");
 	@unlink("../data/logo-100.gif");
 	@unlink("../data/logo-200.gif");
diff --git a/config/languagepacks.php b/config/languagepacks.php
index 21c377a..569e912 100644
--- a/config/languagepacks.php
+++ b/config/languagepacks.php
@@ -49,7 +49,7 @@
 		{
 			foreach($packs AS $p)
 			{
-				list($langpack,$filename,$lastupdate)=split("\t",trim($p));
+				list($langpack,$filename,$lastupdate)=explode("\t",trim($p));
 				$ret[$langpack]=array("lang"=>$langpack,"filename"=>$filename,"lastupdate"=>$lastupdate);
 			}
 		}
@@ -62,7 +62,7 @@
 
  }
 
- if($_GET['action']=="check")
+ if(get_value_from_array($_GET,'action',"check"))
  {
  	$packs=loadLanguagePacks();
 
@@ -92,7 +92,7 @@
 	}
  }
 
- if($_GET['action']=="install" && $_GET['install'])
+ if(get_value_from_array($_GET,'action',"install") && get_value_from_array($_GET,'install'))
  {
  	$packs=loadLanguagePacks();
 	$loaded=0;
diff --git a/config/rollover.php b/config/rollover.php
index cbe9332..69ee254 100644
--- a/config/rollover.php
+++ b/config/rollover.php
@@ -56,6 +56,7 @@
 
  function roll($currentfairyear, $newfairyear, $table, $where='', $replace=array())
  {
+	global $pdo;
 	/*  Field 	Type 			Null 	Key 	Default 	Extra
 	 * id 		int(10) unsigned 	NO 	PRI 	NULL 	auto_increment
 	 * sponsors_id 	int(10) unsigned 	NO 	MUL 	0 	 
@@ -65,7 +66,7 @@
 	/* Get field list for this table */
  	$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
 	$q->execute();
-	while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
+	while(($c = $q->fetch(PDO::FETCH_ASSOC))) {
 		$col[$c['Field']] = $c;
 	}
 
@@ -86,29 +87,32 @@
 	/* Get data */
 	$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
 	$q->execute();
-	echo $pdo->errorInfo();
+	// FIXME
+	//echo $pdo->errorInfo();
 	$names = '`'.join('`,`', $fields).'`';
 
 	/* Process data */
-	while($r=$q->fech(PDDO::FETCH_ASSOC)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$vals = '';
 		foreach($fields as $f) {
 			if(array_key_exists($f, $replace))
-				$vals .= ",'".$replace[$f]."'";
+				$vals .= ",".$pdo->quote($replace[$f]);
 			else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
 				$vals .= ',NULL';
 			else 
-				$vals .= ",'".$r[$f]."'";
+				$vals .= ",".$pdo->quote($r[$f]);
 		}
+
 		$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
 		$stmt->execute();
-		echo $pdo->errorInfo();	
+		// FIXME
+		//echo $pdo->errorInfo();	
 	}
  }
 
- if($_POST['action']=="rollover" && $_POST['nextfairyear'])
+ if(get_value_from_array($_POST, 'action', "rollover") && get_value_from_array($_POST, 'nextfairyear'))
  {
- 	$newfairyear=intval($_POST['nextfairyear']);
+ 	$newfairyear=intval(get_value_from_array($_POST, 'nextfairyear'));
 	$currentfairyear=intval($config['FAIRYEAR']);
 
 	$cy = $currentfairyear;
@@ -130,37 +134,42 @@
 		echo i18n("Rolling dates")."<br />";
 		$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME Error handling
+		//print_r($pdo->errorInfo());
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
 				'".$r->newdate."',
 				'".$r->name."',
 				'".$r->description."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 		
 
 		//page text
 		echo i18n("Rolling page texts")."<br />";
 		$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
 				'".$r->textname."',
 				'".$r->textdescription."',
 				'".$r->text."',
 				'".$r->lastupdate."',
-				'".$newfairyear)."',
-                '".$r->lang."')";
+				'".$newfairyear."',
+                '".$r->lang."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling project categories")."<br />";
 		//project categories
 		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
 				'".$r->id."',
 				'".$r->category."',
@@ -169,13 +178,15 @@
 				'".$r->maxgrade."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling project divisions")."<br />";
 		//project divisions
 		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
 				'".$r->id."',
 				'".$r->division."',
@@ -183,38 +194,44 @@
 				'".$r->cwsfdivisionid."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling project category-division links")."<br />";
 		//project categories divisions links
 		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
 				'".$r->projectdivisions_id."',
 				'".$r->projectcategories_id."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling project sub-divisions")."<br />";
 		//project subdivisions
 		$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		// FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
 				'".$r->id."',
 				'".$r->projectsubdivisions_id."',
 				'".$r->subdivision."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling safety questions")."<br />";
 		//safety questions 
 		$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		//FIXME
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
 				'".$r->question."',
 				'".$r->type."',
@@ -222,6 +239,7 @@
 				'".$r->ord."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling awards")."<br />";
 		//awards
@@ -229,7 +247,8 @@
 
 		$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
+		//FIXME
+		//echo $pdo->errorInfo();
 		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			/* Roll the one award */
 			roll($cy, $ny, 'award_awards', "id='{$r->id}'");
@@ -249,64 +268,65 @@
 		//award types
 		$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		//echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
 				'".$r->id."',
 				'".$r->type."',
 				'".$r->order."',
 				'".$newfairyear."')");
 			$stmt->execute();
+		}
 
 		echo i18n("Rolling schools")."<br />";
 		//award types
 		$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
 		$q->execute();
-		echo $pdo->errorInfo();
+		//echo $pdo->errorInfo();
 		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
 			$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
 
-
 			$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
-				'".$r->school."',
-				'".$r->schoollang."',
-				'".$r->schoollevel."',
-				'".$r->board."',
-				'".$r->district."',
-				'".$r->phone."',
-				'".$r->fax."',
-				'".$r->address."',
-				'".$r->city."',
-				'".$r->province_code."',
-				'".$r->postalcode."',$puid,
-				'".$r->schoolemail."',$shuid,
-				'".$r->accesscode."',
+				".$pdo->quote($r->school).",
+				".$pdo->quote($r->schoollang).",
+				".$pdo->quote($r->schoollevel).",
+				".$pdo->quote($r->board).",
+				".$pdo->quote($r->district).",
+				".$pdo->quote($r->phone).",
+				".$pdo->quote($r->fax).",
+				".$pdo->quote($r->address).",
+				".$pdo->quote($r->city).",
+				".$pdo->quote($r->province_code).",
+				".$pdo->quote($r->postalcode).",$puid,
+				".$pdo->quote($r->schoolemail).",$shuid,
+				".$pdo->quote($r->accesscode).",
 				NULL,
-				'".$r->junior."',
-				'".$r->intermediate."',
-				'".$r->senior."',
-				'".$r->registration_password."',
-				'".$r->projectlimit."',
-				'".$r->projectlimitper."',
-				'".$newfairyear."')");
+				".$pdo->quote($r->junior).",
+				".$pdo->quote($r->intermediate).",
+				".$pdo->quote($r->senior).",
+				".$pdo->quote($r->registration_password).",
+				".$pdo->quote($r->projectlimit).",
+				".$pdo->quote($r->projectlimitper).",
+				".$newfairyear.")");
 			$stmt->execute();
 		}
 
 		echo i18n("Rolling questions")."<br />";
 		$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
 		$q->execute();
-		while($r=$q->fetch(PDO::FETCH_OBJ))
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
 				'',
 				'$newfairyear',
-				'".$r->section."',
-				'".$r->db_heading."',
-				'".$r->question."',
-				'".$r->type."',
-				'".$r->required."',
-				'".$r->ord."')");
+				".$pdo->quote($r->section).",
+				".$pdo->quote($r->db_heading).",
+				".$pdo->quote($r->question).",
+				".$pdo->quote($r->type).",
+				".$pdo->quote($r->required).",
+				".$pdo->quote($r->ord).")");
 			$stmt->execute();
+		}
 
 		//regfee items
 		echo i18n("Rolling registration fee items")."<br />";
@@ -320,18 +340,18 @@
 		echo i18n('Rolling judging timeslots and rounds')."<br />";
 		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
 		$q->execute();
-                echo $pdo->errorInfo();
-		while($r=$q->fech(PDDO::FETCH_ASSOC)) {
+        //echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 			$d = $newfairyear - $currentfairyear;
 			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
 				VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
 					'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
 			$stmt->execute();
-			echo $pdo->errorInfo();
+			//echo $pdo->errorInfo();
 			$round_id = $pdo->lastInsertId();
 			$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
 			$qq->execute();
-			echo $pdo->errorInfo();
+			//echo $pdo->errorInfo();
 			while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
 				$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
 						VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
diff --git a/config/safetyquestions.php b/config/safetyquestions.php
index 5937f07..696370b 100644
--- a/config/safetyquestions.php
+++ b/config/safetyquestions.php
@@ -30,11 +30,11 @@
 			'SFIAB Configuration' => 'config/index.php')
             ,"project_safety_questions"
 			);
- if($_POST['action']=="save" && $_POST['save'])
+ if(get_value_from_array($_POST, 'action') == "save" && get_value_from_array($_POST, 'save'))
  {
  	if($_POST['question'])
 	{
-		if(!ereg("^[0-9]*$",$_POST['ord']))
+		if(!preg_match("/^[0-9]*$/",$_POST['ord']))
 			echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
 
 		$stmt = $pdo->prepare("UPDATE safetyquestions SET 
@@ -44,7 +44,7 @@
 				ord='".stripslashes($_POST['ord'])."'
 				WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
 		$stmt->execute();
-				echo $pdo->errorInfo();
+				show_pdo_errors_if_any($pdo);
 
 		echo happy(i18n("Safety question successfully saved"));
 	}
@@ -52,7 +52,7 @@
 		echo error(i18n("Question is required"));
  }
 
- if($_POST['action']=="new")
+ if(get_value_from_array($_POST, 'action') == "new")
  {
  	if($_POST['question'])
 	{
@@ -72,7 +72,7 @@
 		echo error(i18n("Question is required"));
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
+ if(get_value_from_array($_GET, 'action') == "remove" && get_value_from_array($_GET, 'remove'))
  {
  	$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
 	$stmt->execute();
@@ -80,7 +80,7 @@
 
  }
 
- if(($_GET['action']=="edit" && $_GET['edit']) || $_GET['action']=="new")
+ if((get_value_from_array($_GET, 'action') == "edit" && get_value_from_array($_GET, 'edit')) || get_value_from_array($_GET, 'action') == "new")
  {
  	$showform=true;
 	echo "<form method=\"post\" action=\"safetyquestions.php\">";
@@ -109,7 +109,7 @@
 	{
 		echo "<table class=\"summarytable\">";
 		echo "<tr><td>".i18n("Question")."</td><td>";
-		echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars($r->question)."\">\n";
+		echo "<input size=\"60\" type=\"text\" name=\"question\" value=\"".htmlspecialchars(get_value_or_default($r->question, ""))."\">\n";
 		echo "</td></tr>";
 		echo "<tr><td>".i18n("Type")."</td><td>";
 		echo "<select name=\"type\">";
@@ -128,7 +128,7 @@
 		echo "</select>";
 		echo "</td>";
 		echo "<tr><td>".i18n("Display Order")."</td><td>";
-		echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars($r->ord)."\">\n";
+		echo "<input size=\"5\" type=\"text\" name=\"ord\" value=\"".htmlspecialchars(get_value_or_default($r->ord, ""))."\">\n";
 		echo "</td></tr>";
 		echo "<tr><td colspan=\"2\" align=\"center\">";
 		echo "<input type=\"submit\" value=\"".i18n($buttontext)."\" />\n";
diff --git a/config/signaturepage.php b/config/signaturepage.php
index c59a090..3051c2d 100644
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@@ -32,21 +32,21 @@
             ,"exhibitor_signature_page"
 			);
 
- if($_POST['action']=="save")
+ if(get_value_from_array($_POST,'action',"save"))
  {
- 	if($_POST['useexhibitordeclaration']) $useex="1"; else $useex="0";
- 	if($_POST['useparentdeclaration']) $usepg="1"; else $usepg="0";
- 	if($_POST['useteacherdeclaration']) $usete="1"; else $usete="0";
- 	if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
- 	if($_POST['useregfee']) $userf="1"; else $userf="0";
+ 	if(get_value_from_array($_POST, 'useexhibitordeclaration')) $useex="1"; else $useex="0";
+ 	if(get_value_from_array($_POST, 'useparentdeclaration')) $usepg="1"; else $usepg="0";
+ 	if(get_value_from_array($_POST,'useteacherdeclaration')) $usete="1"; else $usete="0";
+ 	if(get_value_from_array($_POST,'usepostamble')) $usepa="1"; else $usepa="0";
+ 	if(get_value_from_array($_POST, 'useregfee')) $userf="1"; else $userf="0";
 
- 	$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
+ 	$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".get_value_from_array($_POST,'exhibitordeclaration')."' WHERE name='exhibitordeclaration'");
  	$stmt->execute();
-    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
+    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".get_value_from_array($_POST, 'parentdeclaration')."' WHERE name='parentdeclaration'");
  	$stmt->execute();
-    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
+    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".get_value_from_array($_POST, 'teacherdeclaration')."' WHERE name='teacherdeclaration'");
  	$stmt->execute();
-    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
+    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".get_value_from_array($_POST,'postamble')."' WHERE name='postamble'");
  	$stmt->execute();
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
 	$stmt->execute();
diff --git a/config/subdivisions.php b/config/subdivisions.php
index be94be3..7b1ce2c 100644
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@@ -25,8 +25,8 @@
  require("../common.inc.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'config');
- if($_GET['action']=="edit" || $_GET['action']=="new") {
-	 send_header(($_GET['action']=="edit") ? "Edit Sub-Division" : "New Sub-Division",
+ if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) {
+	 send_header(get_value_from_array($_GET,'action',"edit") ? "Edit Sub-Division" : "New Sub-Division",
  		array('Committee Main' => 'committee_main.php',
 			'SFIAB Configuration' => 'config/index.php',
 			'Project Sub-Divisions' => 'config/subdivisions.php'),
@@ -38,9 +38,9 @@
             "project_sub_divisions");
  }
 
- if($_POST['action']=="edit")
+ if(get_value_from_array($_POST,'action',"edit"))
  {
- 	if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
+ 	if(get_value_from_array($_POST,'id' )&& get_value_from_array($_POST,'projectdivisions_id') && get_value_from_array($_POST,'subdivision') )
 	{
 		$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
@@ -65,9 +65,9 @@
 	}
  }
 
- if($_POST['action']=="new")
+ if(get_value_from_array($_POST,'action',"new"))
  {
- 	if($_POST['projectdivisions_id'] && $_POST['subdivision'])
+ 	if(get_value_from_array($_POST, 'projectdivisions_id') && get_value_from_array($_POST,'subdivision'))
 	{
 		if(!$_POST['id'])
 		{
@@ -103,7 +103,7 @@
 	}
  }
 
- if($_GET['action']=="remove" && $_GET['remove'])
+ if(get_value_from_array($_GET,'action',"remove") && get_value_from_array($_GET,'remove'))
  {
 	$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
 	$stmt->execute();
@@ -112,7 +112,7 @@
 
  echo "<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">";
 
- if(! ($_GET['action']=="edit" || $_GET['action']=="new") )
+ if(! (get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET,'action',"new")) )
 	echo "<a href=\"".$_SERVER['PHP_SELF']."?action=new\">".i18n("Add new sub-division")."</a>\n";
 
  echo "<table class=\"summarytable\">";
@@ -123,13 +123,13 @@
  echo "<th>".i18n("Actions")."</th>\n";
  echo "</tr>";
 
- if($_GET['action']=="edit" || $_GET['action']=="new")
+ if(get_value_from_array($_GET,'action',"edit") || get_value_from_array($_GET, 'action',"new"))
  {
- 	echo "<input type=\"hidden\" name=\"action\" value=\"".$_GET['action']."\">\n";	
- 	if($_GET['action']=="edit")
+ 	echo "<input type=\"hidden\" name=\"action\" value=\"".get_value_from_array($_GET,'action')."\">\n";	
+ 	if(get_value_from_array($_GET,'action',"edit"))
 	{
- 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+ 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".get_value_from_array($_GET, 'edit')."\">\n";	
+		$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".get_value_from_array($_GET,'edit')."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
 		$divisionr=$q->fetch(PDO::FETCH_OBJ);
 		$buttontext="Save";
@@ -186,7 +186,7 @@ echo $pdo->errorInfo();
 	 }
  }
  echo "</table>";
-if($_GET['action']=="new")
+if(get_value_from_array($_GET,'action',"new"))
 	echo "&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;".i18n("Leave ID field blank to auto-assign next available ID");
  echo "</form>";
 
diff --git a/config/variables.php b/config/variables.php
index b0943a7..24f4cea 100644
--- a/config/variables.php
+++ b/config/variables.php
@@ -43,8 +43,8 @@
  }
 
  //for the Special category
- if($_POST['action']=="save") {
- 	if($_POST['specialconfig']) {
+ if(get_value_from_array($_POST, 'action', 'save')) {
+ 	if(get_value_from_array($_POST, 'specialconfig')) {
 		foreach($_POST['specialconfig'] as $key=>$val) {
 			$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
 			$stmt->execute();
@@ -54,8 +54,8 @@
  }
 
  //get the category, and if nothing is chosen, default to Global
- if($_GET['category']) $category=$_GET['category'];
- else if($_POST['category']) $category=$_POST['category'];
+ if(get_value_from_array($_GET, 'category')) $category=$_GET['category'];
+ else if(get_value_from_array($_POST, 'category')) $category=$_POST['category'];
  else $category="Global";
 
  $action = config_editor_handle_actions($category, $config['FAIRYEAR'], "var");
diff --git a/config/versionchecker.php b/config/versionchecker.php
index 64a4517..f14a3db 100644
--- a/config/versionchecker.php
+++ b/config/versionchecker.php
@@ -44,7 +44,7 @@
 	// FIXME Replace
  	if($v=file("http://www.sfiab.ca/version.txt"))
 	{
-		list($version,$date)=split("\t",trim($v[0]));
+		list($version,$date)=explode("\t",trim($v[0]));
 		$ret['version']=$version;
 		$ret['date']=$date;
 	}
@@ -53,7 +53,7 @@
 	return $ret;
  }
 
- if($_GET['action']=="check")
+ if(get_value_from_array($_GET, 'action',"check"))
  {
  	$v=loadVersions();
 	echo i18n("Newest version available: <b>%1</b> (%2)",array($v['version'],$v['date']));
diff --git a/config_editor.inc.php b/config_editor.inc.php
index 6511534..e38d440 100644
--- a/config_editor.inc.php
+++ b/config_editor.inc.php
@@ -23,6 +23,8 @@
 ?>
 <?
 
+include_once('helper.inc.php');
+
 function config_editor_load($category, $year)
 {	
 	global $pdo;
@@ -47,7 +49,7 @@ function config_editor_load($category, $year)
 function config_editor_parse_from_http_headers($array_name)
 {
 	$ans = array();
-	if(!is_array($_POST[$array_name])) return $ans;
+	if(!is_array(get_value_from_array($_POST, $array_name))) return $ans;
 
 	$keys = array_keys($_POST[$array_name]);
 	foreach($keys as $id) {
@@ -75,6 +77,7 @@ function config_editor_parse_from_http_headers($array_name)
 function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 {
 	global $config;
+	global $pdo;
 
 	/* if fairyear isn't specified... */
 	if($fairyear == NULL) $fairyear = $config['FAIRYEAR'];
@@ -83,21 +86,23 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 	/* The master list of variables is the year=-1, grab
 	 * ALL config variables that exist for -1 but
 	 * do NOT exist for $fairyear */
-	$q = "SELECT config.var FROM `config` 
+	$q = $pdo->prepare("SELECT config.var FROM `config` 
 		LEFT JOIN `config` AS C2 ON(config.var=C2.var 
 					AND C2.year='$fairyear') 
-		WHERE config.year=-1 AND C2.year IS NULL";
-	$r = ($q);
-	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
+		WHERE config.year=-1 AND C2.year IS NULL");
+	
+	
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 		$var = $i['var'];
 		/* See if this var exists for last year or
 		 * the -1 year, prefer last year's value */
-		$q = "SELECT * FROM `config` 
+		$r2 = $pdo->prepare("SELECT * FROM `config` 
 			WHERE config.var='$var'
 				AND (config.year='$lastfairyear' 
 					OR config.year='-1')
-			ORDER BY config.year DESC";
-		$r2 = ($q);
+			ORDER BY config.year DESC");
+		$r2->execute();
 		if($r2->rowCount() < 1) {
 			/* Uhoh, this shouldn't happen */
 			echo "ERROR, Variable '$var' doesn't exist";
@@ -106,13 +111,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 		$v = $r2->fetch();
 
 		("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
-	                '".$v->var."',
-			'".$v->val."',
-			'".$v->category."',
-			'".$v->type."',
-			'".$v->type_values."',
-			'".$v->ord."',
-			'".$v->description."',
+	                '".$v['var']."',
+			'".$v['val']."',
+			'".$v['category']."',
+			'".$v['type']."',
+			'".$v['type_values']."',
+			'".$v['ord']."',
+			'".$v['description']."',
 			'$fairyear')");
 	}
 }
@@ -129,7 +134,7 @@ function config_editor_handle_actions($category, $year, $array_name)
 	
 	$config_editor_actions_done = true;
 	$updated = false;
-	if($_POST['action']=="update") {
+	if(get_value_from_array($_POST, 'action', "update")) {
 		$var = config_editor_parse_from_http_headers($array_name);
 		$varkeys = array_keys($var);
 		foreach($varkeys as $k) {
diff --git a/confirmed_participants.php b/confirmed_participants.php
index e063925..5de13ae 100644
--- a/confirmed_participants.php
+++ b/confirmed_participants.php
@@ -23,15 +23,19 @@
 ?>
 <?
  require("common.inc.php");
+
+
  require("./config/signaturepage_or_permissionform.php");
 
  send_header("Confirmed Participants");
 
+
+ global $stats_totalstudents;
 	//first, lets make sure someone isnt tryint to see something that they arent allowed to!
 	
 	$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postparticipants']."') AS test");
 	$q->execute();
-	$r=$q->fetch();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	if($r->test!=1)
 	{
 		list($d,$t)=explode(" ",$config['dates']['postparticipants']);
@@ -68,7 +72,13 @@
 					projects.projectnumber
 				");
 			$q->execute();
-			echo $pdo->errorInfo();
+		
+			// Check for errors after the query execution
+$errorInfo = $pdo->errorInfo();
+if ($errorInfo[0] != '00000') {
+    // If there's an error (the SQLSTATE isn't '00000', which means no error)
+    echo "Error: " . $errorInfo[2]; // The third element contains the error message
+}
 		
 		$lastcat="something_that_does_not_exist";
 		$lastdiv="something_that_does_not_exist";
@@ -81,7 +91,7 @@
 			echo "<br />";
 		}
 		echo "<table style=\"font-size: 0.9em;\">";
-		while($r=$q->fetch())
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($r->category != $lastcat)
 			{
@@ -122,7 +132,7 @@
 			echo "<td>$r->projectnumber</td>";
 			echo "<td>$r->title</td>";
 
-			$sq=("SELECT students.firstname,
+			$sq=$pdo->prepare("SELECT students.firstname,
 						students.lastname,
 						students.id,
 						students.webfirst,
@@ -135,20 +145,27 @@
 						AND
 						students.schools_id=schools.id
 					");
-					echo pdo->errorInfo();
-
+			$sq->execute();
+				
+								// Check for errors after the query execution
+$errorInfo = $pdo->errorInfo();
+if ($errorInfo[0] != '00000') {
+    // If there's an error (the SQLSTATE isn't '00000', which means no error)
+    echo "Error: " . $errorInfo[2]; // The third element contains the error message
+}
+	
 			$studnum=1;
 			$schools="";
 			$students="";
 			$sameschools=true;
 			$lastschool="";
-			while($studentinfo=$sq->fetch())
+			while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 			{
 				if($studentinfo->webfirst=="yes")
 					$students.="$studentinfo->firstname ";
 				if($studentinfo->weblast=="yes")
 					$students.="$studentinfo->lastname ";
-				if($r->studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />";
+				if($studentinfo->webfirst=="yes" || $studentinfo->weblast=="yes") $students.="<br />";
 
 				$schools.="$studentinfo->school <br />";
 				if($lastschool)
diff --git a/helper.inc.php b/helper.inc.php
index ab96214..1e1261e 100644
--- a/helper.inc.php
+++ b/helper.inc.php
@@ -15,4 +15,16 @@ function get_value(mixed $var) : mixed
     return isset($var) ? $var : null;
 }
 
+function get_value_or_default(mixed $var, mixed $default = null) : mixed {
+	return isset($var) ? $var : $default;
+}
+
+function show_pdo_errors_if_any($pdo) {// Check for errors after the query execution
+	$errorInfo = $pdo->errorInfo();
+	if ($errorInfo[0] != '00000') {
+		// If there's an error (the SQLSTATE isn't '00000', which means no error)
+		echo "Error: " . $errorInfo[2]; // The third element contains the error message
+	} 
+}
+
 ?>
\ No newline at end of file
diff --git a/register_participants.php b/register_participants.php
index 232c938..c2b3e39 100644
--- a/register_participants.php
+++ b/register_participants.php
@@ -30,7 +30,7 @@
 	
 	$datecheck = $q->fetch(PDO::FETCH_OBJ);
 
- if($_POST['action']=="new") {
+ if(get_value_from_array($_POST, 'action') == "new") {
  	$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
 	$q->execute();
 	if($q->rowCount()) {
@@ -55,8 +55,8 @@ $stmt->execute();
 	}
 
  }
- else if($_POST['action']=="continue") {
- 	if($_POST['email'])
+ else if(get_value_from_array($_POST, 'action') == "continue") {
+ 	if(get_value_from_array($_POST, 'email'))
 	 	$_SESSION['email']=stripslashes($_POST['email']);
 
 	 $q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
@@ -82,7 +82,7 @@ $stmt->execute();
 	}
 
  }
- else if($_GET['action']=="resend" && $_SESSION['email']) {
+ else if(get_value_from_array($_GET, 'action') == "resend" && get_value_from_array($_SESSION, 'email')) {
  	//first see if the email matches directly from the registrations table
  	$q=$pdo->prepare("SELECT registrations.num FROM 
 				registrations
@@ -117,7 +117,7 @@ $stmt->execute();
 		echo error(i18n("Could not find a registration for your email address"));
 	}
  }
- else if($_GET['action']=="logout") {
+ else if(get_value_from_array($_GET, 'action') == "logout") {
  	unset($_SESSION['email']);
 	unset($_SESSION['registration_number']);
 	unset($_SESSION['registration_id']);
@@ -127,7 +127,7 @@ $stmt->execute();
 
  
  //if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
- if($_SESSION['registration_number'] && $_SESSION['registration_id'] && $_SESSION['email']) {
+ if(get_value_from_array($_SESSION, 'registration_number') && get_value_from_array($_SESSION, 'registration_id') && get_value_from_array($_SESSION, 'email')) {
 	header("Location: register_participants_main.php");
 	exit;
 
@@ -135,8 +135,8 @@ $stmt->execute();
 
  send_header("Participant Registration");
  
- if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) ) {
- 	if($_POST['email'])
+ if(get_value_from_array($_POST, 'action') == "login" && ( get_value_from_array($_POST, 'email') || get_value_from_array($_SESSION, 'email')) ) {
+ 	if(get_value_from_array($_POST, 'email'))
 	 	$_SESSION['email']=stripslashes($pdo->quote($_POST['email']));
 
  	echo "<form method=\"post\" action=\"register_participants.php\">";
diff --git a/user.inc.php b/user.inc.php
index 8e3c3c6..b0b0002 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -23,6 +23,7 @@
 */
 ?>
 <?
+require_once('helper.inc.php');
 
 $user_what =  array('student'=>'Participant', 
 			'judge' => 'Judge',
@@ -319,7 +320,7 @@ function user_load_by_uid_year($uid, $year)
 }
 
 function user_set_password($id, $password = NULL)
-{
+{	global $pdo;
 	/* pass $u by reference so we can update it */
 	$save_old = false;
 	if($password == NULL) {
@@ -344,13 +345,13 @@ function user_set_password($id, $password = NULL)
 
 	$query = "UPDATE users SET $set WHERE id='$id'";
 	$stmt = $pdo->prepare($query);
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 
 	return $password;
 }
 
 function user_save_type_list($u, $db, $fields)
-{
+{	global $pdo;
 /*	echo "<pre> save type list $db";
 	print_r($u);
 	echo "</pre>";*/
@@ -379,7 +380,7 @@ function user_save_type_list($u, $db, $fields)
 		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 		if($pdo->errorInfo()) {
-			echo $pdo->errorInfo();
+			show_pdo_errors_if_any($pdo);
 			echo error("Full query: $query");
 		}
 	}
@@ -448,7 +449,7 @@ function user_save_parent($u)
 }
 
 function user_save(&$u)
-{
+{	global $pdo;
 	/* Add any new types */
 	$added = array_diff($u['types'], $u['orig']['types']);
 	foreach($added as $t) {
@@ -490,7 +491,7 @@ function user_save(&$u)
 		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 //		echo "query=[$query]";
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 	}
 
 	/* Save the password if it changed */
@@ -560,9 +561,7 @@ function user_delete_principal($u)
 {
 }
 
-function user_delete_teacher($u)
-{
-}
+function user_delete_teacher($u){} $pdo->errorInfo();
 
 function user_delete_parent($u)
 {
@@ -703,7 +702,7 @@ function user_dupe_row($db, $key, $val, $newval)
 //	echo "Dupe Query: [$q]";
 	$r = $pdo->prepare($q);
 	$r->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 
 	$id = $pdo->errorInfo();
 	return $id;
@@ -778,11 +777,12 @@ function user_add_role_allowed($type, $u)
 function user_create($type, $username, $u = NULL)
 {
 	global $config;
+	global $pdo;
 	if(!is_array($u)) {
 		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) 
 			VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
 		$stmt->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		$uid = $pdo->lastInsertId();
         if(user_valid_email($username)) {
             $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
@@ -790,13 +790,13 @@ function user_create($type, $username, $u = NULL)
         }
 		$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
 		$stmt->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		user_set_password($uid, NULL);
 		/* Since the user already has a type, user_save won't create this
 		 * entry for us, so do it here */
 		$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
 		$stmt->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		/* Load the complete user */
 		$u = user_load($uid);
 	//	echo "user_create / user_load($uid) returned <pre>";
@@ -889,7 +889,7 @@ function user_auth_required($type, $access='')
 	}
 
 	/* Forward to password expired, remember the target URI */
-	if($_SESSION['password_expired'] == true) {
+	if(get_value_from_array($_SESSION, 'password_expired') == true) {
 		$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
 		header("location: {$config['SFIABDIRECTORY']}/user_password.php");
 		exit;
diff --git a/user_activate.php b/user_activate.php
index 354ee65..b90d09a 100644
--- a/user_activate.php
+++ b/user_activate.php
@@ -33,7 +33,7 @@
  }
 
 /* Sort out who we're editting */
-if($_POST['users_id']) 
+if(get_value_from_array($_POST, 'users_id')) 
 	$eid = intval($_POST['users_id']); /* From a save form */
 else if(array_key_exists('embed_edit_id', $_SESSION))
 	$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@@ -48,7 +48,7 @@ if($eid != $_SESSION['users_id']) {
  $u = user_load($eid);
 
  /* Validate the type */
- if($_GET['action'] != '' && $_GET['action'] != 'delete') {
+ if(get_value_from_array($_GET, 'action') != '' && $_GET['action'] != 'delete') {
 	 $action_type = $_GET['type'];
 	 if(!in_array($action_type, $user_types)) {
  		echo "ERROR: not an allowed type.";
@@ -57,7 +57,7 @@ if($eid != $_SESSION['users_id']) {
 	 $action_what = $user_what[$action_type]; 
  }
 
-switch($_GET['action']) {
+switch(get_value_from_array($_GET, 'action')) {
 case 'delete':
  	//okay here we go, lets get rid of them completely, since this is what theyve asked for
 	message_push(happy(i18n("Account successfully deleted. Goodbye")));
@@ -92,7 +92,7 @@ case 'remove':
 
  $u = user_load($u['id']);
 
- if($_SESSION['embed'] == true) {
+ if(get_value_from_array($_SESSION, 'embed') == true) {
  	echo "<br/>";
  	display_messages();
  	echo "<h3>".i18n("Role and Account Management")."</h3>";
@@ -182,5 +182,5 @@ function remove(type)
  echo "<input style=\"width: 300px;\" onclick=\"return confirmClick('".i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")."')\" type=\"submit\" value=\"".i18n("Delete Entire Account")."\">";
  echo "</form>";
 
- if($_SESSION['embed'] != true) send_footer();
+ if(get_value_from_array($_SESSION, 'embed') != true) send_footer();
 ?>
diff --git a/user_invite.php b/user_invite.php
index b7fc19c..843cedf 100644
--- a/user_invite.php
+++ b/user_invite.php
@@ -29,7 +29,7 @@
  //include "judges.inc.php";
 
  /* AJAX query */
- if(intval($_GET['ajax']) == 1) {
+ if(intval(get_value_from_array($_GET,'ajax')) == 1) {
  	/* Do ajax processing for this file */
 	$email = stripslashes($_GET['email']);
 	$type = $_GET['type'];
@@ -158,7 +158,7 @@
  echo "<br />";
 
  $allowed_types = array('judge', 'volunteer');
- $type = $_POST['type'];
+ $type = get_value_from_array($_POST,'type');
  if($type == '') $type = $_GET['type'];
  if($type != '') {
 	 if(!in_array($type, $allowed_types)) {
@@ -167,7 +167,7 @@
 	}
  }
 
- if($_POST['action']!="" && $_POST['email'] && $type != '') {
+ if(get_value_from_array($_POST, 'action',"") && get_value_from_array($_POST,'email') && ($type != '')) {
  	$allowed_actions = array('notexist','norole','noyear');
  	$email = stripslashes($_POST['email']);
 
diff --git a/user_password.php b/user_password.php
index d5e00c9..fb1ae3c 100644
--- a/user_password.php
+++ b/user_password.php
@@ -56,10 +56,10 @@
 	 $back_link = "{$type}_main.php";
  unset($_SESSION['request_uri']);
 
- $password_expiry_days = $config["{$type}_password_expiry_days"];
+ $password_expiry_days = get_value_from_array($config, "{$type}_password_expiry_days");
 
 
- if($_POST['action']=="save")
+ if(get_value_from_array($_POST, 'action') == "save")
  {
 	$pass = $_POST['pass1'];
  	//first, lets see if they choosed the same password again (bad bad bad)
@@ -90,7 +90,7 @@
 				  ,"change_password"
 		                  );
 
- if($_SESSION['password_expired'] == true)
+ if(get_value_from_array($_SESSION, 'password_expired') == true)
  {
  	echo i18n('Your password has expired.  You must choose a new password now.');
  }
diff --git a/user_personal.php b/user_personal.php
index 03a37ca..e61d07c 100644
--- a/user_personal.php
+++ b/user_personal.php
@@ -70,7 +70,7 @@
 );
 
 /* Sort out who we're editting */
-if($_POST['users_id']) 
+if(get_value_from_array($_POST, 'users_id')) 
 	$eid = intval($_POST['users_id']); /* From a save form */
 else if(array_key_exists('embed_edit_id', $_SESSION))
 	$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
@@ -102,7 +102,7 @@ if($eid != $_SESSION['users_id']) {
  	$fields[] = 'password';
  }
 
-switch($_GET['action']) {
+switch(get_value_from_array($_GET, 'action')) {
 case 'save':
 	$users_id = intval($_POST['users_id']);
 	if($users_id != $_SESSION['users_id']) {
@@ -176,7 +176,7 @@ case 'save':
 
 
  //send the header
- if($_SESSION['embed'] == true) {
+ if(get_value_from_array($_SESSION, 'embed') == true) {
  	echo "<br/>";
 	display_messages();
  	echo "<h3>".i18n("Personal Information")."</h3>";
@@ -225,6 +225,7 @@ function item($user, $fname, $subtext='')
 	global $fields, $required;
 	global $errorfields;
 	global $user_personal_fields;
+	global $style;
 
 	if(in_array($fname, $fields)) {
 		$text = i18n($user_personal_fields[$fname]['name']);
@@ -235,7 +236,7 @@ function item($user, $fname, $subtext='')
 
 		$req = in_array($fname, $required) ? REQUIREDFIELD : '';
 
-		switch($user_personal_fields[$fname]['type']) {
+		switch($user_personal_fields[$fname]['name']) {
 		case 'yesno':
 			echo "<select name=\"$fname\">";
 			$sel = ($user[$fname]=='yes') ? 'selected="selected"' : '';
@@ -383,7 +384,7 @@ echo "</form>";
 
  echo "<br />";
 
-if($_SESSION['embed'] != true) {
+if(get_value_from_array($_SESSION, 'embed') != true) {
 	send_footer();
 }
 
diff --git a/winners.php b/winners.php
index 6090d3a..4391e6d 100644
--- a/winners.php
+++ b/winners.php
@@ -24,6 +24,7 @@
 <?
  require("common.inc.php");
  require("projects.inc.php");
+ require_once('helper.inc.php');
 
  send_header("Winners");
 
@@ -74,7 +75,7 @@ if(get_value_from_array($_GET, 'year') && get_value_from_array($_GET, 'type')) {
 				ORDER BY 
 					awards_order");
 
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 
 		if($q->rowCount())
 		{
@@ -279,7 +280,11 @@ else
 						award_types.order
 					");
 			$tq->execute();
-					echo $pdo->errorInfo();
+			$errorInfo = $pdo->errorInfo();
+			if ($errorInfo[0] != '00000') {
+				// If there's an error (the SQLSTATE isn't '00000', which means no error)
+				echo "Error: " . $errorInfo[2]; // The third element contains the error message
+			} 
 			while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 				echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
 			}