Complete initial pass of sql conversion

2024-12-12 16:24:45 -05:00 · 2024-12-12 16:24:45 -05:00 · 9892d738d4
commit 9892d738d4
parent f7c6c506a1
19 changed files with 324 additions and 238 deletions
--- a/admin/judges_scheduler_status_output.php
+++ b/admin/judges_scheduler_status_output.php
@ -1,7 +1,7 @@
 <?
 include "../data/config.inc.php";
-mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
+include "../common.inc.php";
-mysql_select_db($DBNAME);
+
 $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
 $q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
--- a/admin/tours_sa_status.php
+++ b/admin/tours_sa_status.php
@ -26,8 +26,8 @@ ogram; see the file COPYING.  If not, write to
 if($_GET['action'] == 'output') {
 	include "../data/config.inc.php";
-	mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
+	include "../common.inc.php";
-	mysql_select_db($DBNAME);
+	
 	$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
 	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
@ -49,20 +49,7 @@ ogram; see the file COPYING.  If not, write to
 			'Tours' => 'admin/tours.php')
 				);
 require_once("../ajax.inc.php");
-?>
+?>DBHOST'updatestatus').innerHTML="Updating...";
 <script type="text/javascript">
 var starttime=0;
 var startpercent=0;
 var deltatime=0;
 var deltapercent=0;
 var avgtimeperpercent=0;
 var remainingpercent=0;
 var remainingtime=0;
 function updateStatus()
 {
 	document.getElementById('updatestatus').innerHTML="Updating...";
 	var url="tours_sa_status.php?action=output";
 	http.open("GET",url,true);
 	http.onreadystatechange=handleResponse;
@ -75,26 +62,26 @@ function clearUpdatingMessage()
 }
-function handleResponse()
+function handleResponse()DBHOST
 {
 	try {
 		if(http.readyState==4)
-		{
+		{DBHOST
 			var obj=http.responseText.split(":");
-			document.getElementById('schedulerstatus').innerHTML=obj[1];
+			document.getEleDBHOSTmentById('schedulerstatus').innerHTML=obj[1];
 			if(obj[0]=="-1")
 			{
 				document.getElementById('schedulerpercent').innerHTML="100%";
 				document.getElementById('updatestatus').innerHTML="Scheduling Complete";
-				document.getElementById('schedulereta').innerHTML="Complete";
+				document.getDBHOSTElementById('schedulereta').innerHTML="Complete";
 			}
 			else
 			{
 				document.getElementById('schedulerpercent').innerHTML=obj[0]+"%";
-				setTimeout('updateStatus()',5000);
+				setTimeout('DBHOSTupdateStatus()',5000);
 				document.getElementById('updatestatus').innerHTML="Updating... Done!";
-				setTimeout('clearUpdatingMessage()',500);
+				setTimeout('DBHOSTclearUpdatingMessage()',500);
 				var currentTime=new Date();
 				if(starttime==0)
@ -102,7 +89,7 @@ function handleResponse()
 					starttime=currentTime.getTime();
 					startpercent=obj[0];
 				}
-				deltatime=currentTime.getTime()-starttime;
+				deltatime=cDBHOSTurrentTime.getTime()-starttime;
 				deltapercent=obj[0]-startpercent;
 				avgtimeperpercent=deltatime/deltapercent;
@ -115,7 +102,7 @@ function handleResponse()
 			}
 		}
 	}
-	catch(e)
+	catch(e)DBHOST
 	{
 		alert('caught error'+e);
--- a/db/db.update.111.php
+++ b/db/db.update.111.php
@ -3,15 +3,19 @@ function db_update_111_post()
 {
 	global $config;
 	//grab the index page
-	$q=mysql_query("SELECT * FROM pagetext WHERE textname='index' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='{$config['FAIRYEAR']}'");
-    if(!mysql_num_rows($q)) {
+	$q->execute();
-        $q=mysql_query("SELECT * FROM pagetext WHERE textname='index' AND year='-1'");
+    if(!$q->rowCount()) {
-    }
+        $q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='-1'");
-	while($r=mysql_fetch_object($q)) {
+		$q->execute();
 	}
 	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		//insert it into the CMS under index.html
-		mysql_query("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html','$r->lastupdate','$r->lang','".mysql_escape_string($r->text)."','1')");
+		$stmt = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html','$r->lastupdate','$r->lang','".$r->text."','1')");
 		$stmt->execute();
 	}
 	//and remove it from the pagetext
-	mysql_query("DELETE FROM pagetext WHERE textname='index'");
+	$stmt = $pdo->prepare("DELETE FROM pagetext WHERE textname='index'");
 	$stmt->execute();
 }
 ?>
--- a/db/db.update.117.php
+++ b/db/db.update.117.php
@ -9,18 +9,21 @@ function db_update_117_post()
 				'willing_chair' => 'Willing Chair');
 	foreach($qmap as $field=>$head) {
-		$q = mysql_query("SELECT id FROM questions WHERE db_heading='{$head}'");
+		$q = $pdo->prepare("SELECT id FROM questions WHERE db_heading='{$head}'");
-		while($i = mysql_fetch_object($q)) {
+		$q->execute();
 		while($i = $q->fetch(PDO::FETCH_OBJ)) {
 			$id = $i->id;
 			/* Drop all answers for this question */
-			mysql_query("DELETE FROM question_answers
+			$stmt = $pdo->prepare("DELETE FROM question_answers
 					WHERE questions_id='$id'");
-		}
+			$stmt->execute();	
 	}
 		/* Now dump the question itself */
-		mysql_query("DELETE FROM questions 
+		$stmt = $pdo->prepare("DELETE FROM questions 
 				WHERE id='$id'");
 		$stmt->execute();
 	}
 }
--- a/db/db.update.118.php
+++ b/db/db.update.118.php
@ -8,8 +8,9 @@ function db_update_118_post()
 	$userfields=array("salutation","firstname","lastname","email","phonehome","phonework","phonecell","fax");
 	//grab all the contacts from awards_contacts
-	$q=mysql_query("SELECT * FROM award_contacts");
+	$q=$pdo->prepare("SELECT * FROM award_contacts");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
 	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		//if its older than the current year, then set them to complete/active because if they were in the
 		//system then, then they must have beenc omplete and active
@ -24,8 +25,9 @@ function db_update_118_post()
 			$active="yes";
 		}
 		//see if a user exists with this email
-		$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($r->email)."' OR email='".mysql_real_escape_string($r->email)."') ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
+		$uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$r->email."' OR email='".$r->email."') ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
-		if($r->email && $ur=mysql_fetch_object($uq)) {
+		$uq->execute();
 		if($r->email && $ur=$uq->fetch(PDO::FETCH_OBJ)) {
 			$user_id=$ur->id;
 			echo "Using existing users.id=$user_id for award_contacts.id=$r->id because email address ($r->email) matches\n";
@ -34,12 +36,13 @@ function db_update_118_post()
 			foreach($userfields AS $f) {
 				//if its NOT in their USER record, but it IS in their AWARD_CONTACTS record, then bring it over, else, assume the users record has priority
 				if(!$ur->$f && $r->$f) {
-					$sqlset.="`$f`='".mysql_real_escape_string($r->$f)."', ";
+					$sqlset.="`$f`='".$r->$f."', ";
 				}
 			}
 			$sql="UPDATE users SET $sqlset `types`='{$ur->types},sponsor' WHERE id='$user_id'";
-			mysql_query($sql);
+			$stmt = $pdo->prepare($sql);
-			echo mysql_error();
+			$stmt->execute();
 			echo $pdo->errorInfo();
 			echo "  Updated user record\n";
 		}
@ -61,31 +64,34 @@ function db_update_118_post()
 			//set passwordset to 0000-00-00 to force it to expire on next login
 			$sql="INSERT INTO users (`types`,`username`,`created`,`password`,`passwordset`,`".implode("`,`",$userfields)."`,`year`) VALUES (";
-			$sql.="'sponsor','".mysql_real_escape_string($username)."',NOW(),'$password','0000-00-00'";
+			$sql.="'sponsor','".$username."',NOW(),'$password','0000-00-00'";
 			foreach($userfields AS $f) {
-				$sql.=",'".mysql_real_escape_string($r->$f)."'";
+				$sql.=",'".$r->$f."'";
 			}
-			$sql.=",'".mysql_real_escape_string($r->year)."')";
+			$sql.=",'".$r->year."')";
-			mysql_query($sql);
+			$stmt = $pdo->prepare($sql);
-			echo mysql_error();
+			$stmt->execute();
 			echo $pdo->errorInfo();
-			$user_id=mysql_insert_id();
+			$user_id=$pdo->lastInsertId();
 			//and link it to themselves as a starting record
-			mysql_query("UPDATE users SET uid='$user_id' WHERE id='$user_id'");
+			$stmt = $pdo->prepare("UPDATE users SET uid='$user_id' WHERE id='$user_id'");
 			$stmt->execute();
 			echo "Creating new users.id=$user_id for award_contacts.id=$r->id\n";
 		}
 		echo "  Linking $user_id to users_sponsor record\n";
-		mysql_query("INSERT INTO users_sponsor (`users_id`,`sponsors_id`,`sponsor_complete`,`sponsor_active`,`primary`,`position`,`notes`) VALUES (
+		$stmt = $pdo->prepare("INSERT INTO users_sponsor (`users_id`,`sponsors_id`,`sponsor_complete`,`sponsor_active`,`primary`,`position`,`notes`) VALUES (
 				'".$user_id."',
 				'".$r->award_sponsors_id."',
 				'$complete',
 				'$active',
-				'".mysql_real_escape_string($r->primary)."',
+				'".$r->primary."',
-				'".mysql_real_escape_string($r->position)."',
+				'".$r->position."',
-				'".mysql_real_escape_string($r->notes)."')");
+				'".$r->notes."')");
-		echo mysql_error();
+		$stmt->execute();
 		echo $pdo->errorInfo();
 	}
 }
--- a/db/db.update.131.php
+++ b/db/db.update.131.php
@ -8,13 +8,16 @@ function db_update_131_pre()
    //add a sponsorship entry with a value of the total sum of the prizes given
    //for each sponsor
-    $q=mysql_query("SELECT * FROM sponsors");
+    $q=$pdo->prepare("SELECT * FROM sponsors");
-    while($r=mysql_fetch_object($q)) {
+   $q->execute();
    while($r=$q->fetch(PDO::FETCH_OBJ)) {
        $total=0;
-        $awardq=mysql_query("SELECT * FROM award_awards WHERE sponsors_id='$r->id' AND year='$year'");
+        $awardq=$pdo->prepare("SELECT * FROM award_awards WHERE sponsors_id='$r->id' AND year='$year'");
-        while($awardr=mysql_fetch_object($awardq)) {
+        $awardq->execute();
-            $prizeq=mysql_query("SELECT cash,scholarship,value,number FROM award_prizes WHERE award_awards_id='$awardr->id'");
+        while($awardr=$awardq->fetch(PDO::FETCH_OBJ)) {
-            while($prizer=mysql_fetch_object($prizeq)) {
+            $prizeq=$pdo->prepare("SELECT cash,scholarship,value,number FROM award_prizes WHERE award_awards_id='$awardr->id'");
            $prizeq->execute();
            while($prizer=$prizeq->fetch(PDO::FETCH_OBJ)) {
                //some people never set the value for some reason, i dunno why.. 
                $realvalue=max($prizer->cash+$prizer->scholarship,$prizer->value);
                $totalvalue=$realvalue*$prizer->number;
@ -22,14 +25,16 @@ function db_update_131_pre()
            }
        }
        echo "Creating sponsorship for ID: $r->id value: $total\n";
-        mysql_query("INSERT INTO sponsorships (sponsors_id,fundraising_type,value,status,probability,year) VALUES (
+        $pdo->prepare("INSERT INTO sponsorships (sponsors_id,fundraising_type,value,status,probability,year) VALUES (
            '$r->id',
            'sfawards',
            '$total',
            'pending',
            '25',
            '$year')");
-        mysql_query("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES ('$r->id',NOW(),0,'Automatically created sponsorship from existing sponsor. type=award, value=\$$total, status=pending, probability=25%')");
+        $pdo->execute(0;)
        $stmt = $pdo->prepare("INSERT INTO sponsors_logs (sponsors_id,dt,users_id,log) VALUES ('$r->id',NOW(),0,'Automatically created sponsorship from existing sponsor. type=award, value=\$$total, status=pending, probability=25%')");
        $stmt->execute();
    }
 }
--- a/db/db.update.146.php
+++ b/db/db.update.146.php
@ -41,8 +41,9 @@ function db_update_146_handle($name, $email, $phone, $type)
 function db_update_146_post() 
 {
 	global $config;
-    $q = mysql_query("SELECT * FROM schools WHERE year='{$config['FAIRYEAR']}'");
+    $q = $pdo->prepare("SELECT * FROM schools WHERE year='{$config['FAIRYEAR']}'");
-    while($s = mysql_fetch_assoc($q)) {
+	$q->execute();
    while($s = $q->fetch(PDO::FETCH_ASSOC) {
 		/* Science head */
 		if(trim($s['sciencehead']) != '') {
 			$u = db_update_146_handle($s['sciencehead'],
@ -50,7 +51,8 @@ function db_update_146_post()
 								$s['scienceheadphone'],
 								'teacher');
 			if($u != false) {
-				mysql_query("UPDATE schools SET sciencehead_uid='{$u['uid']}' WHERE id='{$s['id']}'");
+				$stmt = $pdo->prepare("UPDATE schools SET sciencehead_uid='{$u['uid']}' WHERE id='{$s['id']}'");
 				$stmt->execute();
 			}
 		}
@ -61,8 +63,9 @@ function db_update_146_post()
 								$s['phone'],
 								'principal');
 			if($u != false) {
-				mysql_query("UPDATE schools SET principal_uid='{$u['uid']}' WHERE id='{$s['id']}'");
+				$stmt = $pdo->prepare("UPDATE schools SET principal_uid='{$u['uid']}' WHERE id='{$s['id']}'");
-			}
+				$stmt->execute();
 				}
 		}
    }
 }
--- a/db/db.update.146.user.inc.php
+++ b/db/db.update.146.user.inc.php
@ -131,8 +131,9 @@ function db146_user_load_sponsor(&$u)
 	$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
 	$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
 	if($u['sponsors_id']) {
-		$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
+		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
-		$u['sponsor']=mysql_fetch_assoc($q);
+		$q->execute(0;)
 		$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
 	}
 	return true;
 }
@ -185,16 +186,17 @@ function db146_user_load($user, $uid = false)
 		$id = intval($user);
 		$query .= "	`users`.`id`='$id'";
 	}
-	$q=mysql_query($query);
+	$q=$pdo->prepare($query);
 	$q->execute();
-	if(mysql_num_rows($q)!=1) {
+	if($q->rowCount()!=1) {
-//		echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
+//		echo "Query [$query] returned ".$q->rowCount()." rows\n";
 //		echo "<pre>";
 //		print_r(debug_backtrace());
 		return false;
 	}
-	$ret = mysql_fetch_assoc($q);
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
 	 * simply return the previous year (where deleted=no) */
@ -256,11 +258,12 @@ function db146_user_load_by_uid($uid)
 function db146_user_load_by_email($email)
 {
 	/* Find the most recent uid for the email, regardless of deleted status */
-	$e = mysql_real_escape_string($email);
+	$e = $email;
-	$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
+	$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
 	$q->execute();
-	if(mysql_num_rows($q) == 1) {
+	if($q->rowCount() == 1) {
-			$i = mysql_fetch_assoc($q);
+			$i = $q->fetch(PDO::FETCH_ASSOC);
 			return db146_user_load_by_uid($i['uid']);
 	}
 	return false;
@ -268,9 +271,10 @@ function db146_user_load_by_email($email)
 function db146_user_load_by_uid_year($uid, $year)
 {
-	$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
+	$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
-	if(!mysql_num_rows($q)) return false;
+		$q->execute();
-	$i = mysql_fetch_assoc($q);
+	if(!$q->rowCount()) return false;
 	$i = $q->fetch(PDO::FETCH_ASSOC);
 	return db146_user_load($i['id']);
 }
@ -279,8 +283,9 @@ function db146_user_set_password($id, $password = NULL)
 	/* pass $u by reference so we can update it */
 	$save_old = false;
 	if($password == NULL) {
-		$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
+		$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
-		$u = mysql_fetch_assoc($q);
+		$q->execute();
 		$u = $q->fetch(PDO::FETCH_ASSOC);
 		/* Generate a new password */
 		$password = db146_user_generate_password(12);
 		/* save the old password only if it's not an auto-generated one */
@ -293,13 +298,14 @@ function db146_user_set_password($id, $password = NULL)
 		$save_set = 'NOW()';
 	}
-	$p = mysql_escape_string($password);
+	$p = $password;
 	$set = ($save_old == true) ? 'oldpassword=password, ' : '';
 	$set .= "password='$p', passwordset=$save_set ";
 	$query = "UPDATE users SET $set WHERE id='$id'";
-	mysql_query($query);
+	$stmt = $pdo->prepare($query);
-	echo mysql_error();
+	$stmt->execute();
 	echo $pdo->errorInfo();
 	return $password;
 }
@ -323,17 +329,18 @@ function db146_user_save_type_list($u, $db, $fields)
 		}
 		if(is_array($u[$f])) 
-			$data = mysql_escape_string(serialize($u[$f]));
+			$data = serialize($u[$f]);
 		else 
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 		$set .= "`$f`='$data'";
 	}
 	if($set != "") {
 		$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
-		if(mysql_error()) {
+		$stmt->execute();
-			echo mysql_error();
+		if($pdo->errorInfo()) {
 			echo $pdo->errorInfo();
 			echo error("Full query: $query");
 		}
 	}
@ -409,7 +416,8 @@ function db146_user_save(&$u)
 			exit;
 		}
        //give em a record, the primary key on the table takes care of uniqueness
-   	    $q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
+   	    $q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
 		$q->execute();
 	}
@ -429,7 +437,7 @@ function db146_user_save(&$u)
 		if($f == 'types') 
 			$set .= "$f='".implode(',', $u[$f])."'";
 		else {
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 			$set .= "$f='$data'";
 		}
 	}
@ -438,9 +446,10 @@ function db146_user_save(&$u)
 //	echo "</pre>";
 	if($set != "") {
 		$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 //		echo "query=[$query]";
-		echo mysql_error();
+		echo $pdo->errorInfo();
 	}
 	/* Save the password if it changed */
@ -466,7 +475,8 @@ function db146_user_save(&$u)
 function db146_user_delete_committee($u)
 {
-	mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+	$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
 	$stmt->execute();
 }
 function db146_user_delete_volunteer($u)
@ -477,8 +487,10 @@ function db146_user_delete_judge($u)
 {
 	global $config;
 	$id = $u['id'];
-	mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
-	mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
+	$stmt->execute();
 	$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
 	$stmt->execute();
 }
 function db146_user_delete_fair($u)
@ -535,7 +547,8 @@ function db146_user_delete($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_delete = true;
 		}
@ -548,7 +561,8 @@ function db146_user_delete($u, $type=false)
 		$finish_delete = true;
 	}
 	if($finish_delete == true) {
-		mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -578,7 +592,8 @@ function db146_user_purge($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_purge = true;
 		}
@ -586,18 +601,21 @@ function db146_user_purge($u, $type=false)
 		 * out the entry */
 		call_user_func("db146_user_delete_$type", $u);
 //		call_user_func("user_purge_$type", $u);
-		mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
 		$stmt->execute();
 	} else {
 		/* Delete the whole user */
 		foreach($u['types'] as $t) {
 			call_user_func("db146_user_delete_$t", $u);
 //			call_user_func("user_purge_$t", $u);
-			mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+			$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
 			$stmt->execute();
 		}
 		$finish_purge = true;
 	}
 	if($finish_purge == true) {
-		mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -607,12 +625,13 @@ function db146_user_dupe_row($db, $key, $val, $newval)
 {
 	global $config;
 	$nullfields = array('deleteddatetime'); /* Fields that can be null */
-	$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
+	$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
-	if(mysql_num_rows($q) != 1) {
+	$q->execute();
 	if($q->rowCount() != 1) {
 		echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
 		exit;
 	}
-	$i = mysql_fetch_assoc($q);
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	$i[$key] = $newval;
 	foreach($i as $k=>$v) {
@ -621,7 +640,7 @@ function db146_user_dupe_row($db, $key, $val, $newval)
 		else if($k == 'year') 
 			$i[$k] = $config['FAIRYEAR'];
 		else
-			$i[$k] = '\''.mysql_escape_string($v).'\'';
+			$i[$k] = '\''.$v.'\'';
 	}
 	$keys = '`'.join('`,`', array_keys($i)).'`';
@ -629,10 +648,11 @@ function db146_user_dupe_row($db, $key, $val, $newval)
 	$q = "INSERT INTO $db ($keys) VALUES ($vals)";
 //	echo "Dupe Query: [$q]";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
-	echo mysql_error();
+	$r->execute();
 	echo $pdo->errorInfo();
-	$id = mysql_insert_id();
+	$id = $pdo->lastInsertId();
 	return $id;
 }
 /* Used by the login scripts to copy one user from one year to another */
@ -646,9 +666,10 @@ function db146_user_dupe($u, $new_year)
 	 * - That previous entry has deleted=no */
 	/* Find the last entry */
-	$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
+	$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
 				ORDER BY year DESC LIMIT 1");
-	$r = mysql_fetch_object($q);
+	$q->execute();
 	$r = $q->fetch(PDO::FETCH_OBJ);
 	if($r->deleted == 'yes') {
 		echo "Cannot duplicate user ID {$u['id']}, they are deleted.  Undelete them first.\n";
 		exit;
@ -659,8 +680,9 @@ function db146_user_dupe($u, $new_year)
 	}
 	$id = db146_user_dupe_row('users', 'id', $u['id'], NULL);
-	$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
+	$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
 	$q->execute();
 	/* Load the new user */
 	$u2 = db146_user_load($id);
@ -703,20 +725,25 @@ function db146_user_create($type, $username, $u = NULL)
 {
 	global $config;
 	if(!is_array($u)) {
-		mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
+		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
 			VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$stmt->execute();
-		$uid = mysql_insert_id();
+		echo $pdo->errorInfo();
 		$uid = $pdo->lastInsertId();
        if(db146_user_valid_email($username)) {
-            mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
+            $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
-        }
+			$stmt->execute();
-		mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+		}
-		echo mysql_error();
+			
 		$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
 		$stmt->execute();
 		echo $pdo->errorInfo();
 		db146_user_set_password($uid, NULL);
 		/* Since the user already has a type, user_save won't create this
 		 * entry for us, so do it here */
-		mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')");
+		$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
-		echo mysql_error();
+		$stmt->execute();
 		echo $pdo->errorInfo();
 		/* Load the complete user */
 		$u = db146_user_load($uid);
 	} else {
--- a/db/db.update.149.php
+++ b/db/db.update.149.php
@ -3,8 +3,9 @@
 include "db.update.149.user.inc.php";
 function db_update_149_post() {
-	$q=mysql_query("SELECT * FROM emergencycontact");
+	$q=$pdo->prepare("SELECT * FROM emergencycontact");
-	while($r=mysql_fetch_object($q))  {
+	$q->execute();
 	while($r=$q->fetch(PDO::FETCH_OBJ)))  {
 		$relation=strtolower(trim($r->relation));
 		if(			levenshtein('parent',$relation)<2 
 				|| levenshtein('mother',$relation)<3 
--- a/db/db.update.149.user.inc.php
+++ b/db/db.update.149.user.inc.php
@ -131,8 +131,9 @@ function db149_user_load_sponsor(&$u)
 	$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
 	$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
 	if($u['sponsors_id']) {
-		$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
+		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
-		$u['sponsor']=mysql_fetch_assoc($q);
+		$q->execute();
 		$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
 	}
 	return true;
 }
@ -185,16 +186,16 @@ function db149_user_load($user, $uid = false)
 		$id = intval($user);
 		$query .= "	`users`.`id`='$id'";
 	}
-	$q=mysql_query($query);
+	$q=$pdo->prepare($query);
-
+	$q->execute();
-	if(mysql_num_rows($q)!=1) {
+	if($q->rowCount()!=1) {
-//		echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
+//		echo "Query [$query] returned ".$q->rowCount()." rows\n";
 //		echo "<pre>";
 //		print_r(debug_backtrace());
 		return false;
 	}
-	$ret = mysql_fetch_assoc($q);
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
 	 * simply return the previous year (where deleted=no) */
@ -256,11 +257,12 @@ function db149_user_load_by_uid($uid)
 function db149_user_load_by_email($email)
 {
 	/* Find the most recent uid for the email, regardless of deleted status */
-	$e = mysql_real_escape_string($email);
+	$e = $email;
-	$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
+	$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
 	$q->execute();
-	if(mysql_num_rows($q) == 1) {
+	if($q->rowCount() == 1) {
-			$i = mysql_fetch_assoc($q);
+			$i = $q->fetch(PDO::FETCH_ASSOC);
 			return db149_user_load_by_uid($i['uid']);
 	}
 	return false;
@ -268,9 +270,10 @@ function db149_user_load_by_email($email)
 function db149_user_load_by_uid_year($uid, $year)
 {
-	$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
+	$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
-	if(!mysql_num_rows($q)) return false;
+		$q->execute();
-	$i = mysql_fetch_assoc($q);
+	if(!$q->rowCount()) return false;
 	$i = $q->fetch(PDO::FETCH_ASSOC);
 	return db149_user_load($i['id']);
 }
@ -279,8 +282,9 @@ function db149_user_set_password($id, $password = NULL)
 	/* pass $u by reference so we can update it */
 	$save_old = false;
 	if($password == NULL) {
-		$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
+		$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
-		$u = mysql_fetch_assoc($q);
+		$q->execute();
 		$u = $q->fetch(PDO::FETCH_ASSOC);
 		/* Generate a new password */
 		$password = db149_user_generate_password(12);
 		/* save the old password only if it's not an auto-generated one */
@ -293,13 +297,14 @@ function db149_user_set_password($id, $password = NULL)
 		$save_set = 'NOW()';
 	}
-	$p = mysql_escape_string($password);
+	$p = $password;
 	$set = ($save_old == true) ? 'oldpassword=password, ' : '';
 	$set .= "password='$p', passwordset=$save_set ";
 	$query = "UPDATE users SET $set WHERE id='$id'";
-	mysql_query($query);
+	$stmt = $pdo->prepare($query);
-	echo mysql_error();
+	$stmt->execute();
 	echo $pdo->errorInfo();
 	return $password;
 }
@ -323,17 +328,18 @@ function db149_user_save_type_list($u, $db, $fields)
 		}
 		if(is_array($u[$f])) 
-			$data = mysql_escape_string(serialize($u[$f]));
+			$data = serialize($u[$f]);
 		else 
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 		$set .= "`$f`='$data'";
 	}
 	if($set != "") {
 		$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
-		if(mysql_error()) {
+		$stmt->execute();
-			echo mysql_error();
+		if($pdo->errorInfo()) {
 			echo $pdo->errorInfo();
 			echo error("Full query: $query");
 		}
 	}
@ -409,7 +415,8 @@ function db149_user_save(&$u)
 			exit;
 		}
        //give em a record, the primary key on the table takes care of uniqueness
-   	    $q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
+   	    $q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
 		$q->execute();
 	}
@ -429,7 +436,7 @@ function db149_user_save(&$u)
 		if($f == 'types') 
 			$set .= "$f='".implode(',', $u[$f])."'";
 		else {
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 			$set .= "$f='$data'";
 		}
 	}
@ -438,9 +445,10 @@ function db149_user_save(&$u)
 //	echo "</pre>";
 	if($set != "") {
 		$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 //		echo "query=[$query]";
-		echo mysql_error();
+		echo $pdo->errorInfo();
 	}
 	/* Save the password if it changed */
@ -466,8 +474,9 @@ function db149_user_save(&$u)
 function db149_user_delete_committee($u)
 {
-	mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+	$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
-}
+$stmt->execute();}
 function db149_user_delete_volunteer($u)
 {
@ -477,9 +486,11 @@ function db149_user_delete_judge($u)
 {
 	global $config;
 	$id = $u['id'];
-	mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
-	mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
+	$stmt->execute();
-}
+	$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
 $stmt->execute();}
 function db149_user_delete_fair($u)
 {
@ -535,7 +546,8 @@ function db149_user_delete($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_delete = true;
 		}
@ -548,7 +560,8 @@ function db149_user_delete($u, $type=false)
 		$finish_delete = true;
 	}
 	if($finish_delete == true) {
-		mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -578,7 +591,8 @@ function db149_user_purge($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_purge = true;
 		}
@ -586,18 +600,21 @@ function db149_user_purge($u, $type=false)
 		 * out the entry */
 		call_user_func("db149_user_delete_$type", $u);
 //		call_user_func("user_purge_$type", $u);
-		mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
 		$stmt->execute();
 	} else {
 		/* Delete the whole user */
 		foreach($u['types'] as $t) {
 			call_user_func("db149_user_delete_$t", $u);
 //			call_user_func("user_purge_$t", $u);
-			mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+			$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
 			$stmt->execute();
 		}
 		$finish_purge = true;
 	}
 	if($finish_purge == true) {
-		mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -607,12 +624,13 @@ function db149_user_dupe_row($db, $key, $val, $newval)
 {
 	global $config;
 	$nullfields = array('deleteddatetime'); /* Fields that can be null */
-	$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
+	$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
-	if(mysql_num_rows($q) != 1) {
+	$q->exectue();
 	if($q->rowCount() != 1) {
 		echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
 		exit;
 	}
-	$i = mysql_fetch_assoc($q);
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	$i[$key] = $newval;
 	foreach($i as $k=>$v) {
@ -621,7 +639,7 @@ function db149_user_dupe_row($db, $key, $val, $newval)
 		else if($k == 'year') 
 			$i[$k] = $config['FAIRYEAR'];
 		else
-			$i[$k] = '\''.mysql_escape_string($v).'\'';
+			$i[$k] = '\''.$v.'\'';
 	}
 	$keys = '`'.join('`,`', array_keys($i)).'`';
@ -629,10 +647,11 @@ function db149_user_dupe_row($db, $key, $val, $newval)
 	$q = "INSERT INTO $db ($keys) VALUES ($vals)";
 //	echo "Dupe Query: [$q]";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
-	echo mysql_error();
+	$r->execute(0;)
 	echo $pdo->errorInfo();
-	$id = mysql_insert_id();
+	$id = $pdo->lastInsertId();
 	return $id;
 }
 /* Used by the login scripts to copy one user from one year to another */
@ -646,9 +665,10 @@ function db149_user_dupe($u, $new_year)
 	 * - That previous entry has deleted=no */
 	/* Find the last entry */
-	$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
+	$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
 				ORDER BY year DESC LIMIT 1");
-	$r = mysql_fetch_object($q);
+	$q->execute();
 	$r = $q->fetch(PDO::FETCH_OBJ);
 	if($r->deleted == 'yes') {
 		echo "Cannot duplicate user ID {$u['id']}, they are deleted.  Undelete them first.\n";
 		exit;
@ -659,8 +679,8 @@ function db149_user_dupe($u, $new_year)
 	}
 	$id = db149_user_dupe_row('users', 'id', $u['id'], NULL);
-	$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
+	$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
-
+	$q->execute();
 	/* Load the new user */
 	$u2 = db149_user_load($id);
@ -703,20 +723,32 @@ function db149_user_create($type, $username, $u = NULL)
 {
 	global $config;
 	if(!is_array($u)) {
-		mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
+		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
 			VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$stmt->execute();
-		$uid = mysql_insert_id();
+		echo $pdo->errorInfo();
 		$uid = $pdo->lastInsertId();
        if(db149_user_valid_email($username)) {
-            mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
+            $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
        }
-		mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+
-		echo mysql_error();
+
 		$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
 		$stmt->execute();
 		echo $pdo->errorInfo();
 		db149_user_set_password($uid, NULL);
 		/* Since the user already has a type, user_save won't create this
 		 * entry for us, so do it here */
-		mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')");
+		$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
-		echo mysql_error();
+		$stmt->execute();
 		echo $pdo->errorInfo();
 		/* Load the complete user */
 		$u = db149_user_load($uid);
 	} else {
--- a/db/db.update.155.php
+++ b/db/db.update.155.php
@ -2,14 +2,16 @@
 function db_update_155_post() {
 	//we need to query the stuff from the table
-	$q=mysql_query("SELECT * FROM emails");
+	$q=$pdo->prepare("SELECT * FROM emails");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
 	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "Updating email id $r->id\n";
-		mysql_query("UPDATE emails SET
+		$stmt = $pdo->prepare("UPDATE emails SET
-		body='".mysql_real_escape_string(iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->body))."' ,
+		body='".iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->body)."' ,
-		bodyhtml='".mysql_real_escape_string(iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->bodyhtml))."' ,
+		bodyhtml='".iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->bodyhtml)."' ,
-		subject='".mysql_real_escape_string(iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->subject))."'
+		subject='".iconv("ISO-8859-1","UTF-8//TRANSLIT",$r->subject)."'
 		WHERE id='$r->id'");
 		$stmt->execute();
 	}
 }
--- a/db/db.update.174.php
+++ b/db/db.update.174.php
@ -3,11 +3,12 @@ function db_update_174_post()
 {
 	global $config;
-	$q = mysql_query("SELECT * FROM users WHERE deleted = 'yes'");
+	$q = $pdo->prepare("SELECT * FROM users WHERE deleted = 'yes'");
-	while($row = mysql_fetch_assoc($q)){
+	while($row = $q->fetch(PDO::FETCH_ASSOC)){
 		echo "Flagging user records prior to " . $row['year'] . " for user " . $row['uid'] . " as deleted - ";
-		mysql_query("UPDATE users SET deleted = 'yes' WHERE uid = " . $row['uid'] . " AND year < " . $row['year']);
+		$stmt = $pdo->prepare("UPDATE users SET deleted = 'yes' WHERE uid = " . $row['uid'] . " AND year < " . $row['year']);
-		echo mysql_affected_rows() . " rows affected.\n";
+		$stmt->execute();
 		echo $pdo->rowCount() . " rows affected.\n";
 	}
 }
 ?>
--- a/db/db.update.75.php
+++ b/db/db.update.75.php
@ -9,19 +9,21 @@ function db_update_75_post()
 {
 	global $config;
-	$q = mysql_query("SELECT id FROM users WHERE types LIKE '%committee%'");
+	$q = $pdo->prepare("SELECT id FROM users WHERE types LIKE '%committee%'");
 	$q->execute();
 	$x = 0;
-	while($i = mysql_fetch_object($q)) {
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$uid = $i->id;
 		$sid = array(9, 36, -1, -2, 17, 19, 16, 30, 26, 27,
 				28, -3, 21, 22, -4, -6, 29, -8, -9);
 		foreach($sid as $s) {
 			if($s > 0) {
-				$qq = mysql_query("SELECT id FROM reports WHERE 
+				$qq = $pdo->prepare("SELECT id FROM reports WHERE 
 						system_report_id='$s'");
-				$ii = mysql_fetch_object($qq);
+				$qq->execute();
 				$ii = $qq->fetch(PDO::FETCH_OBJ);
 				$rid[$x] = $ii->id;
 			} else {
 				$rid[$x] = $s;
@ -55,7 +57,8 @@ function db_update_75_post()
 		echo $qq;
 		echo "\n\n";
-		mysql_query($qq);
+		$stmt = $pdo->prepare($qq);
 		$stmt->execute();
 	}
 }
--- a/db/db.update.76.php
+++ b/db/db.update.76.php
@ -6,18 +6,20 @@ function db_update_76_pre()
 	 * types link.  Right now this can only happen with committee members
 	 * and volunteers */
-	$q = mysql_query("SELECT DISTINCT username FROM users WHERE 1");
+	$q = $pdo->prepare("SELECT DISTINCT username FROM users WHERE 1");
-	while($r = mysql_fetch_assoc($q)) {
+	$q->execute();
 	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$user = $r['username'];
 		if($user == '') continue;
-		$qq = mysql_query("SELECT * FROM users WHERE username='$user'");
+		$qq = $pdo->prepare("SELECT * FROM users WHERE username='$user'");
-		if(mysql_num_rows($qq) <= 1) continue;
+		$qq->execute();
 		if($qq->rowCount() <= 1) continue;
 		/* Fix $user */
 		/* Load all their data */
-		while($rr = mysql_fetch_assoc($qq)) {
+		while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
 			$types = explode(',', $rr['types']);
 			foreach($types as $t) {
 				$u[$t] = $rr;
@ -46,27 +48,30 @@ function db_update_76_pre()
 		$query = "`types`='committee,volunteer'";
 		foreach($fields as $f) {
 			if($u['committee'][$f] == '' && $u['volunteer'][$f] != '') {
-				$v = mysql_escape_string($u['volunteer'][$f]);
+				$v = $u['volunteer'][$f];
 				$query .= ",`$f`='$v'";
 			}
 		}
 		$query = "UPDATE users SET $query WHERE id='$cid'";
 		echo "$query\n";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 		/* Now fix the volunteers links */
 		$query = "UPDATE volunteer_positions_signup SET users_id='$cid' WHERE users_id='$vid'";
 		echo "$query\n";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
-
+		$stmt->execute();
 		/* The user_volunteer table is empty, we should just delete it,
 		 * no need to update it */
 		/* Delete the old user */
 		$query = "DELETE FROM users WHERE id='$vid'";
 		echo "$query\n";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 	}
 }
--- a/db/db.update.87.php
+++ b/db/db.update.87.php
@ -3,8 +3,8 @@ function db_update_87_post()
 {
 	global $config;
-	$q = mysql_query("SELECT id,types,passwordset FROM users");
+	$q = $pdo->prepare("SELECT id,types,passwordset FROM users");
-	while($i = mysql_fetch_object($q)) {
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$id = $i->id;
 		$types = explode(',', $i->types);
 		$expiry = $i->passwordset;
@ -40,7 +40,8 @@ function db_update_87_post()
 		if($newval != false) {
 			$query = "UPDATE users SET passwordset=$newval WHERE id='$id'";
 			echo "$query\n";
-			mysql_query($query);
+			$stmt = $pdo->prepare($query);
 			$stmt->execute();
 		}
 	}
 }
--- a/db/db_update.php
+++ b/db/db_update.php
@ -7,6 +7,7 @@ if(!function_exists("system")) {
 //include the config.inc.php
 //so we have the db connection info
 require("../data/config.inc.php");
 require("../common.inc.php");
 echo "<pre>\n";
 if(file_exists("db.code.version.txt"))
 {
@ -22,11 +23,12 @@ else
 //same fix here for mysql 5.1 not truncating the 16 char usernames
 $DBUSER=substr($DBUSER,0,16);
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
+
-mysql_select_db($DBNAME);
+$stmt = $pdo->prepare("SET NAMES latin1");
-@mysql_query("SET NAMES latin1");
+$stmt->execute();
-$q=mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
+$q=$pdo->prepare("SELECT val FROM config WHERE var='DBVERSION' AND year='0'");
-$r=mysql_fetch_object($q);
+$q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
 $dbdbversion=$r->val;
 if(!$dbdbversion)
 {
@ -35,13 +37,15 @@ if(!$dbdbversion)
 }
 /* Get the fair year */
-$q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'");
+$q=$pdo->prepare("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'");
-$r=mysql_fetch_object($q);
+$q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
 $config = array('FAIRYEAR' => $r->val);
 /* Load config just in case there's a PHP script that wants it */
-$q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'");
+$q=$pdo->prepare("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'");
-while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val;
+$q->execute();
 while($r=$q->fetch(PDO::FETCH_OBJ)) $config[$r->var]=$r->val;
 require_once("../config_editor.inc.php"); // For config_update_variables()
@ -111,8 +115,8 @@ if($dbcodeversion && $dbdbversion)
 						if (substr(trim($line), -1, 1) == ';')
 						{
 							// Perform the query
-							if(!mysql_query($templine)){
+							if(!$pdo->query($templine)){
-								echo('<br/>Error performing query!<br/>'.$templine.'<br/>  mysqlerror: '.mysql_error().'<br /><br />');
+								echo('<br/>Error performing query!<br/>'.$templine.'<br/>  mysqlerror: '.$pdo->errorInfo().'<br /><br />');
 								$error_count += 1;
 							    $exit_code = -1;   // do we bail out here or keep going?  keep going for now,  get all errors
 							}
@ -145,8 +149,8 @@ if($dbcodeversion && $dbdbversion)
 		}
 		echo "\nAll done - updating new DB version to $dbcodeversion\n";
-		mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
+		$stmt = $pdo->prepare("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
-
+		$stmt->execute();
 	}
 }
--- a/fckeditor/editor/filemanager/connectors/php/config.php
+++ b/fckeditor/editor/filemanager/connectors/php/config.php
@ -23,10 +23,11 @@
 */
 require_once("../../../../../data/config.inc.php");
-mysql_connect($DBHOST,$DBUSER,$DBPASS);
+require("../../../../../common.inc.php");
-mysql_select_db($DBNAME);
+
-$q=mysql_query("SELECT * FROM config WHERE var='SFIABDIRECTORY'");
+$q=$pdo->prepare("SELECT * FROM config WHERE var='SFIABDIRECTORY'");
-$r=mysql_fetch_object($q);
+$q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
 $config_sfiabdirectory=$r->val;
 global $Config ;
--- a/install3.php
+++ b/install3.php
@ -80,7 +80,7 @@ if(pdo->errorInfo)
 }
 //1 is okay (DBVERSION). More than 1 is bad (already isntalled)
-if(mysql_num_rows($q)>1)
+if($q->rowCount()>1)
 {
 	//we say all tables, but really only we check for config where year=0;
 	echo "<div class=\"error\">ERROR: Detected existing table data, SFIAB Installation Step 3 requires a clean SFIAB database installation.</div>";
@ -209,17 +209,17 @@ $stmt->execute([
 		$u = user_create('committee',$_POST['email']);
 		if($_POST['firstname'] && $_POST['lastname']) {
-			$u['firstname']=mysql_escape_string(stripslashes($_POST['firstname']));
+			$u['firstname']=stripslashes($_POST['firstname']);
-			$u['lastname']=mysql_escape_string(stripslashes($_POST['lastname']));
+			$u['lastname']=stripslashes($_POST['lastname']);
 		}
 		else {
 			$u['firstname'] = 'Superuser';
 			$u['lastname'] = 'Account';
 		}
-		$u['emailprivate'] = mysql_escape_string(stripslashes($_POST['email']));
+		$u['emailprivate'] = stripslashes($_POST['email']);
-		$u['email'] = mysql_escape_string(stripslashes($_POST['email']));
+		$u['email'] = stripslashes($_POST['email']);
-		$u['username'] = mysql_escape_string(stripslashes($_POST['email']));
+		$u['username'] = stripslashes($_POST['email']);
-		$u['password'] = mysql_escape_string(stripslashes($_POST['pass1']));
+		$u['password'] = stripslashes($_POST['pass1']);
 		$u['access_admin'] = 'yes';
 		$u['access_config'] = 'yes';
 		$u['access_super'] = 'yes'; 
--- a/winners.php
+++ b/winners.php
@ -114,7 +114,8 @@ if($_GET['year'] && $_GET['type']) {
 						}
 					}
 					// Still have to find the PDO equivalent
-					mysql_data_seek($pq, 0);
+					//mysql_data_seek($pq, 0);
 					$pq->fetch(PDO::FETCH_ORI_ABS(0));
 				}
 				if($show_unawarded_awards=="yes" || $awarded_count > 0)
 				{