forked from science-ation/science-ation
about 150 database lines have been changed in roughly 15-18 files
This commit is contained in:
Muad Sakah
parent
e86f06f141
commit
a077e3fdc9
@ -686,17 +686,17 @@ if (get_value_from_array($_GET, 'action') == 'sendqueue') {
|
||||
$fcid = intval($_POST['fundraising_campaigns_id']);
|
||||
$emailid = intval($_POST['emails_id']);
|
||||
|
||||
$fcq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
|
||||
$fcq->execute();
|
||||
$fcq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=?");
|
||||
$fcq->execute([$fcid]);
|
||||
$fc = $fcq->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$emailq = $pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
|
||||
$emailq->execute();
|
||||
$emailq = $pdo->prepare("SELECT * FROM emails WHERE id=?");
|
||||
$emailq->execute([$emailid]);
|
||||
$email = $emailq->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$recipq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
|
||||
WHERE fundraising_campaigns_id='$fcid'");
|
||||
$recipq->execute();
|
||||
WHERE fundraising_campaigns_id=?");
|
||||
$recipq->execute([$fcid]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$numtotal = $recipq->rowCount();
|
||||
@ -727,8 +727,8 @@ if (get_value_from_array($_GET, 'action') == 'sendqueue') {
|
||||
|
||||
// we only send school access codes to science heads or principals
|
||||
|
||||
$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
|
||||
$acq->execute();
|
||||
$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid=? OR principal_uid=? AND `year`=?");
|
||||
$acq->execute([$u['uid'],$config['FAIRYEAR']]);
|
||||
$acr = $acq->fetch(PDO::FETCH_OBJ);
|
||||
$accesscode = $acr->accesscode;
|
||||
|
||||
@ -755,8 +755,8 @@ if (get_value_from_array($_GET, 'action') == 'sendqueue') {
|
||||
$q->execute();
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id=?");
|
||||
$q->execute([$emailid]);
|
||||
}
|
||||
echo 'ok';
|
||||
launchQueue();
|
||||
@ -786,16 +786,16 @@ echo '<br />';
|
||||
<?
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'delete' && get_value_from_array($_GET, 'delete')) {
|
||||
$q = $pdo->prepare("DELETE FROM emails WHERE id='" . $_GET['delete'] . "' AND `type`='user'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("DELETE FROM emails WHERE id=? AND `type`='user'");
|
||||
$q->execute([$_GET['delete']]);
|
||||
echo happy('Email successfully deleted');
|
||||
}
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GET, 'send')) {
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE id='" . $_GET['send'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE id=?");
|
||||
$q->execute($_GET['send']);
|
||||
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
@ -859,8 +859,8 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
|
||||
// echo $str;
|
||||
} else if (get_value_from_array($_POST, 'action') == 'reallysend' && get_value_from_array($_POST, 'reallysend') && get_value_from_array($_POST, 'to')) {
|
||||
$emailid = intval($_POST['reallysend']);
|
||||
$emailq = $pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
|
||||
$emailq->execute();
|
||||
$emailq = $pdo->prepare("SELECT * FROM emails WHERE id=?");
|
||||
$emailq->execute([$emailid]);
|
||||
$email = $emailq->fetch(PDO::FETCH_OBJ);
|
||||
$to = $_POST['to'];
|
||||
|
||||
@ -915,8 +915,8 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
|
||||
}
|
||||
if ($u) {
|
||||
// we only send school access codes to science heads or principals
|
||||
$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
|
||||
$acq->execute();
|
||||
$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid=? OR principal_uid=?) AND `year`=?");
|
||||
$acq->execute([$u['uid'],$u['uid'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$acr = $acq->fetch(PDO::FETCH_OBJ);
|
||||
$accesscode = $acr->accesscode;
|
||||
@ -949,8 +949,8 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id=?");
|
||||
$q->execute([$emailid]);
|
||||
}
|
||||
launchQueue();
|
||||
echo '<br />';
|
||||
|
||||
@ -25,8 +25,8 @@
|
||||
require ('../common.inc.php');
|
||||
require_once ('../user.inc.php');
|
||||
user_auth_required('committee', 'admin');
|
||||
$q = $pdo->prepare("SELECT * FROM documents WHERE id='" . $_GET['id'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM documents WHERE id=?");
|
||||
$q->execute([$_GET['id']]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
header('Content-type: ' . trim(exec("file -bi ../data/documents/$r->filename")));
|
||||
header('Content-disposition: inline; filename="' . $r->filename . '"');
|
||||
|
||||
@ -143,15 +143,15 @@ function refresh_fundraising_table() {
|
||||
<?
|
||||
|
||||
// first, insert any defaults
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising WHERE year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising WHERE year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
if (!$q->rowCount()) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising WHERE year='-1'");
|
||||
|
||||
$q->execute();
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$q = $pdo->prepare("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES ('$r->type','" . $r->name . "','" . $r->description . "','$r->system','$r->goal','" . $config['FAIRYEAR'] . "')");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES (?,?,?,?,?,?)");
|
||||
$q->execute([$r->type,$r->name,$r->description,$r->system,$r->goal,$config['FAIRYEAR']]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
100
admin/donors.php
100
admin/donors.php
@ -32,8 +32,8 @@ global $pdo;
|
||||
switch (get_value_from_array($_GET, 'action')) {
|
||||
case 'organizationinfo_load':
|
||||
$id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id=?");
|
||||
$q->execute([$id]);
|
||||
$ret = $q->fetch(PDO::FETCH_ASSOC);
|
||||
echo json_encode($ret);
|
||||
exit;
|
||||
@ -43,8 +43,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
$id = intval($_POST['sponsor_id']);
|
||||
if ($id == -1) {
|
||||
echo "INSERT INTO sponsors (year) VALUES ('" . $config['FAIRYEAR'] . "')";
|
||||
$q = $pdo->prepare("INSERT INTO sponsors (year) VALUES ('" . $config['FAIRYEAR'] . "')");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO sponsors (year) VALUES (?)");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$id = $pdo->lastInsertId();
|
||||
echo json_encode(array('id' => $id));
|
||||
save_activityinfo('Created donor/sponsor', $id, $_SESSION['users_uid'], 'System');
|
||||
@ -93,8 +93,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
echo "<table cellspacing=3 cellpadding=3>\n";
|
||||
|
||||
// LAST DONATION
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE sponsors_id='$id' ORDER BY datereceived DESC LIMIT 1");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE sponsors_id=? ORDER BY datereceived DESC LIMIT 1");
|
||||
$q->execute([$id]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$lastdonation = i18n('%1 on %2', array(format_money($r->value, false), format_date($r->datereceived)), array('Donation amount', 'Donation date'));
|
||||
else
|
||||
@ -102,11 +102,11 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
|
||||
// TOTAL THIS YEAR
|
||||
$q = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations
|
||||
WHERE sponsors_id='$id'
|
||||
WHERE sponsors_id=?
|
||||
AND status='received'
|
||||
AND fiscalyear={$config['FISCALYEAR']}
|
||||
AND fiscalyear=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$id,$config['FISCALYEAR']]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$totalthisyear = format_money($r->total, false);
|
||||
else
|
||||
@ -115,11 +115,11 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
// TOTAL LAST YEAR
|
||||
$lastyear = $config['FISCALYEAR'] - 1;
|
||||
$q = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations
|
||||
WHERE sponsors_id='$id'
|
||||
WHERE sponsors_id=?
|
||||
AND status='received'
|
||||
AND fiscalyear=$lastyear
|
||||
AND fiscalyear=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$id,$lastyear]);
|
||||
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$totallastyear = format_money($r->total, false);
|
||||
@ -139,11 +139,11 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
fundraising_campaigns.name AS campaignname
|
||||
FROM fundraising_donations
|
||||
LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id
|
||||
WHERE sponsors_id='$id'
|
||||
WHERE sponsors_id=?
|
||||
AND status='received'
|
||||
AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}'
|
||||
AND fundraising_donations.fiscalyear=?
|
||||
ORDER BY datereceived DESC");
|
||||
$q->execute();
|
||||
$q->execute([$id,$config['FISCALYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
if ($q->rowCount()) {
|
||||
@ -193,10 +193,10 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
fundraising_campaigns.name AS campaignname
|
||||
FROM fundraising_donations
|
||||
LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id
|
||||
WHERE sponsors_id='$id'
|
||||
WHERE sponsors_id=?
|
||||
AND status='received'
|
||||
ORDER BY datereceived DESC");
|
||||
$q->execute();
|
||||
$q->execute([$id]);
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo "<tr>\n";
|
||||
@ -228,13 +228,13 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
FROM users
|
||||
LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
|
||||
WHERE
|
||||
sponsors_id='$id'
|
||||
sponsors_id=?
|
||||
AND types LIKE '%sponsor%'
|
||||
GROUP BY uid
|
||||
HAVING deleted='no'
|
||||
ORDER BY users_sponsor.primary DESC,lastname,firstname
|
||||
");
|
||||
$query->execute();
|
||||
$query->execute([$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$uids = array();
|
||||
while ($r = $query->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -242,9 +242,9 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
}
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns
|
||||
WHERE fiscalyear='{$config['FISCALYEAR']}'
|
||||
WHERE fiscalyear=?
|
||||
ORDER BY name");
|
||||
$q->execute();
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
$str = '';
|
||||
echo '<select id="fundraising_campaign_id" name="fundraising_campaigns_id" onchange="campaignchange()">';
|
||||
echo '<option value="">' . i18n('Choose an appeal') . "</option>\n";
|
||||
@ -255,10 +255,10 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
|
||||
if (count($uids)) {
|
||||
$tq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
|
||||
WHERE fundraising_campaigns_id='$r->id'
|
||||
WHERE fundraising_campaigns_id=?
|
||||
AND users_uid IN (" . implode(',', $uids) . ')
|
||||
');
|
||||
$tq->execute();
|
||||
$tq->execute([$r->id]);
|
||||
if ($tq->rowCount()) {
|
||||
$incampaign = i18n('*In Appeal*') . ': ';
|
||||
} else
|
||||
@ -284,8 +284,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
echo '<option value="">' . i18n('Choose a purpose') . "</option>\n";
|
||||
// FIXME: only show campaigns that they were included as part of
|
||||
// we need a campaigns_users_link or campaigns_sponsors_link or something
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY name");
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo "<option value=\"$r->goal\">$r->name</option>\n";
|
||||
}
|
||||
@ -365,8 +365,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
|
||||
case 'newcontactsearch':
|
||||
if ($_POST['email'])
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='" . trim($_POST['email']) . "' GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE email=? GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute([trim($_POST['email'])]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo i18n('There is an exact email address match for %1', array($_POST['email']));
|
||||
echo '<ul>';
|
||||
@ -393,8 +393,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
if ($_POST['email'])
|
||||
$searchstr .= " AND email LIKE '%" . $_POST['email'] . "%'";
|
||||
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE $searchstr GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE ? GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute([$searchstr]);
|
||||
$num = $q->rowCount();
|
||||
if ($num == 0) {
|
||||
echo i18n('No existing users match, will create a new user');
|
||||
@ -453,8 +453,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
if ($logStr = getDonationString($id)) {
|
||||
save_activityinfo("Removed donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'], 'System');
|
||||
happy_('Donation/sponsorship removed');
|
||||
$q = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='$id' AND sponsors_id='$sponsorid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("DELETE FROM fundraising_donations WHERE id=? AND sponsors_id=?");
|
||||
$q->execute([$id,$sponsorid]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
} else {
|
||||
error_('Invalid donation/sponsorship to remove');
|
||||
@ -474,8 +474,8 @@ function delete_contact()
|
||||
global $pdo;
|
||||
if (array_key_exists('userid', $_POST)) {
|
||||
$uid = $_POST['userid'];
|
||||
$data = $pdo->prepare("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=" . $uid);
|
||||
$data->execute();
|
||||
$data = $pdo->prepare("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=?");
|
||||
$data->execute([$uid]);
|
||||
$namedata = $data->fetch();
|
||||
$name = trim($namedata['name']);
|
||||
user_delete($uid, 'sponsor');
|
||||
@ -514,8 +514,8 @@ function save_contact()
|
||||
// load or create the user, according to the situation
|
||||
if ($_POST['recordtype'] == 'new') {
|
||||
if ($_POST['email']) {
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='" . trim($_POST['email']) . "' GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT *,MAX(year) FROM users WHERE email=? GROUP BY uid HAVING deleted='no'");
|
||||
$q->execute([trim($_POST['email'])]);
|
||||
if ($q->rowCount()) {
|
||||
error_('A user with that email address already exists');
|
||||
exit;
|
||||
@ -544,12 +544,12 @@ function save_contact()
|
||||
FROM users_sponsor, users
|
||||
WHERE
|
||||
users_sponsor.users_id=users.id
|
||||
AND sponsors_id='$sponsor_id'
|
||||
AND sponsors_id=?
|
||||
AND `primary`='yes'
|
||||
AND year='" . $config['FAIRYEAR'] . "'
|
||||
AND users_id!='$id'";
|
||||
AND year=?
|
||||
AND users_id!=?";
|
||||
$q = $pdo->prepare($query);
|
||||
$q->execute();
|
||||
$q->execute([$sponsor_id,$config['FAIRYEAR'],$id]);
|
||||
if ($q->rowCount() == 0) {
|
||||
/* This has to be the primary since there isn't one already */
|
||||
$p = 'yes';
|
||||
@ -557,8 +557,8 @@ function save_contact()
|
||||
} else {
|
||||
/* Unset all other primaries */
|
||||
$q = $pdo->prepare("UPDATE users_sponsor SET `primary`='no'
|
||||
WHERE sponsors_id='$sponsor_id' AND users_id != '$id'");
|
||||
$q->execute();
|
||||
WHERE sponsors_id=? AND users_id !=?");
|
||||
$q->execute([$sponsor_id,$id]);
|
||||
}
|
||||
|
||||
// we now know whether or not they're the primary user. Update them with that,
|
||||
@ -624,13 +624,13 @@ function draw_contactsinfo_form($contact = null)
|
||||
// loop through each contact and draw a form with their data in it.
|
||||
$query = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
|
||||
WHERE
|
||||
sponsors_id='" . $sponsor_id . "'
|
||||
sponsors_id=?
|
||||
AND types LIKE '%sponsor%'
|
||||
GROUP BY uid
|
||||
HAVING deleted='no'
|
||||
ORDER BY users_sponsor.primary DESC,lastname,firstname
|
||||
");
|
||||
$query->execute();
|
||||
$query->execute([$sponsor_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
while ($contact = $query->fetch()) {
|
||||
@ -665,8 +665,8 @@ function draw_contact_form($sponsor_id, $contact = null)
|
||||
global $salutations, $config, $pdo;
|
||||
|
||||
// grab the sponsor details, so we can do diff things for individual vs organization
|
||||
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id='$sponsor_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM sponsors WHERE id=?");
|
||||
$q->execute([$sponsor_id]);
|
||||
$sponsor = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
if ($contact != null) {
|
||||
@ -816,8 +816,8 @@ function draw_activityinfo_form()
|
||||
</td>
|
||||
<td align="center">
|
||||
<?php
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear=? ORDER BY name");
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
echo '<select name="fundraising_campaigns_id">';
|
||||
echo '<option value="">' . i18n('Choose Appeal') . "</option>\n";
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -890,10 +890,10 @@ function getDonationString($id)
|
||||
fundraising_campaigns.name AS campaignname
|
||||
FROM fundraising_donations
|
||||
LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id
|
||||
WHERE fundraising_donations.id='$id'
|
||||
AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}'
|
||||
WHERE fundraising_donations.id=?
|
||||
AND fundraising_donations.fiscalyear=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$id,$config['FISCALYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$str = '';
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
|
||||
@ -52,12 +52,12 @@ $lastyear = $config['FISCALYEAR'] - 1;
|
||||
$rows = array();
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
|
||||
$cq->execute();
|
||||
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id=? AND status='received' AND fiscalyear=?");
|
||||
$cq->execute([$r->id,$thisyear]);
|
||||
$cr = $cq->fetch(PDO::FETCH_OBJ);
|
||||
$thisyeartotal = $cr->total;
|
||||
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$lastyear'");
|
||||
$cq->execute();
|
||||
$cq = $pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id=? AND status='received' AND fiscalyear=?");
|
||||
$cq->execute([$r->id,$lastyear]);
|
||||
$cr = $cq->fetch(PDO::FETCH_OBJ);
|
||||
$lastyeartotal = $cr->total;
|
||||
if ($lastyeartotal)
|
||||
|
||||
@ -236,8 +236,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
|
||||
TRACE("Loading Project Age Categories...\n");
|
||||
$cat = array();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$catshort[$r->id] = $r->category_shortform;
|
||||
$cat[$r->id] = $r->category;
|
||||
@ -248,13 +248,13 @@ TRACE("Loading Projects...\n");
|
||||
$projects = array();
|
||||
$q = $pdo->prepare("SELECT projects.* FROM projects, registrations
|
||||
WHERE
|
||||
projects.year='{$config['FAIRYEAR']}'
|
||||
projects.year=?
|
||||
AND registrations.id = projects.registrations_id
|
||||
" . getJudgingEligibilityCode());
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($p = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$qq = $pdo->prepare("SELECT grade,schools_id FROM students WHERE registrations_id='{$p->registrations_id}'");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("SELECT grade,schools_id FROM students WHERE registrations_id=?");
|
||||
$qq->execute([$p->registrations_id]);
|
||||
$num_students = $qq->rowCouunt();
|
||||
$grade = 0;
|
||||
$schools_id = 0;
|
||||
@ -286,8 +286,8 @@ if ($action == 'pn') {
|
||||
$n = sprintf('%03d', $p['floornumber']);
|
||||
$pn = "$c $n $d";
|
||||
TRACE("Project {$p['projects_id']} at loc {$p['floornumber']}: $pn\n");
|
||||
$q = $pdo->prepare("UPDATE projects SET projectnumber='$pn' WHERE id='{$p['projects_id']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE projects SET projectnumber=? WHERE id=?");
|
||||
$q->execute([$pn,$p['projects_id']]);
|
||||
}
|
||||
TRACE("Done.\n");
|
||||
exit;
|
||||
@ -629,12 +629,12 @@ for ($x = 0; $x < $a->num_buckets; $x++) {
|
||||
print_r($projects);
|
||||
|
||||
/* Assign floor numbers */
|
||||
$q = $pdo->prepare("UPDATE projects SET floornumber=0 WHERE year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE projects SET floornumber=0 WHERE year=?");
|
||||
$q->execute($config['FAIRYEAR']);
|
||||
|
||||
foreach ($projects as $pid => $p) {
|
||||
$q = $pdo->prepare("UPDATE projects SET floornumber='{$p['floornumber']}' WHERE id='$pid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE projects SET floornumber=? WHERE id=?");
|
||||
$q->execute([$p['floornumber'],$pid]);
|
||||
TRACE("Project $pid => Floor number {$p['floornumber']}\n");
|
||||
}
|
||||
|
||||
|
||||
@ -28,8 +28,8 @@ require_once ('../user.inc.php');
|
||||
user_auth_required('committee', 'admin');
|
||||
require ('../lpdf.php');
|
||||
|
||||
$catq = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' AND id='" . $_GET['cat'] . "'");
|
||||
$catq->execute();
|
||||
$catq = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? AND id=?");
|
||||
$catq->execute([$config['FAIRYEAR'],$_GET['cat']]);
|
||||
if ($catr = $catq->fetch(PDO::FETCH_OBJ)) {
|
||||
$pdf = new lpdf(i18n($config['fairname']),
|
||||
i18n('Checkin List') . ' - ' . i18n($catr->category),
|
||||
@ -47,13 +47,13 @@ if ($catr = $catq->fetch(PDO::FETCH_OBJ)) {
|
||||
registrations
|
||||
left outer join projects on projects.registrations_id=registrations.id
|
||||
WHERE
|
||||
registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
registrations.year=?
|
||||
AND ( registrations.status='complete' OR registrations.status='paymentpending' )
|
||||
AND projects.projectcategories_id='$catr->id'
|
||||
AND projects.projectcategories_id=?
|
||||
ORDER BY
|
||||
projects.title
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$catr->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$table = array();
|
||||
@ -69,8 +69,8 @@ if ($catr = $catq->fetch(PDO::FETCH_OBJ)) {
|
||||
$table['dataalign'] = array('left', 'left', 'left', 'center');
|
||||
}
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$divq = $pdo->prepare("SELECT division,division_shortform FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' AND id='" . $r->projectdivisions_id . "'");
|
||||
$divq->execute();
|
||||
$divq = $pdo->prepare("SELECT division,division_shortform FROM projectdivisions WHERE year=? AND id=?");
|
||||
$divq->execute([$config['FAIRYEAR'],$r->projectdivisions_id]);
|
||||
$divr = $divq->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$sq = $pdo->prepare("SELECT students.firstname,
|
||||
@ -78,9 +78,9 @@ if ($catr = $catq->fetch(PDO::FETCH_OBJ)) {
|
||||
FROM
|
||||
students
|
||||
WHERE
|
||||
students.registrations_id='$r->reg_id'
|
||||
students.registrations_id=?
|
||||
");
|
||||
$sq->execute();
|
||||
$sq->execute([$r->reg_id]);
|
||||
|
||||
$students = '';
|
||||
$studnum = 0;
|
||||
|
||||
@ -96,8 +96,8 @@ else
|
||||
$fairs_id = -1;
|
||||
|
||||
if ($fairs_id != -1) {
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id=?");
|
||||
$q->execute([$fairs_id]);
|
||||
$fair = $q->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
@ -225,8 +225,8 @@ if (is_array(get_value_from_array($data, 'stats'))) {
|
||||
/* And now, overwrite all the stuff we pulled down with stats we can compute */
|
||||
|
||||
// number of schools
|
||||
$q = $pdo->prepare("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(id) AS num FROM schools WHERE year=?");
|
||||
$q->execute([$year]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$stats['schools_total'] = $r->num;
|
||||
|
||||
@ -235,10 +235,10 @@ $q = $pdo->prepare("SELECT DISTINCT(students.schools_id) AS sid, schools.*
|
||||
\t\t \tFROM students
|
||||
LEFT JOIN registrations ON students.registrations_id=registrations.id
|
||||
LEFT JOIN schools ON students.schools_id=schools.id
|
||||
WHERE students.year='$year'
|
||||
AND registrations.year='$year'
|
||||
WHERE students.year=?
|
||||
AND registrations.year=?
|
||||
AND (registrations.status='complete' OR registrations.status='paymentpending')");
|
||||
$q->execute();
|
||||
$q->execute([$year,$year]);
|
||||
$stats['schools_active'] = $q->rowCount();
|
||||
$stats['schools_public'] = 0;
|
||||
$stats['schools_private'] = 0;
|
||||
@ -262,10 +262,10 @@ $q = $pdo->prepare("SELECT students.*,schools.*
|
||||
\t \t\tFROM students
|
||||
LEFT JOIN registrations ON students.registrations_id=registrations.id
|
||||
LEFT JOIN schools on students.schools_id=schools.id
|
||||
WHERE students.year='$year'
|
||||
AND registrations.year='$year'
|
||||
WHERE students.year=?
|
||||
AND registrations.year=?
|
||||
AND (registrations.status='complete' OR registrations.status='paymentpending')");
|
||||
$q->execute();
|
||||
$q->execute([$year,$year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$stats['students_total'] = $q->rowCount();
|
||||
$stats['students_public'] = 0;
|
||||
@ -304,12 +304,12 @@ foreach ($unknown as $g => $a) {
|
||||
$q = $pdo->prepare("SELECT MAX(students.grade) AS grade FROM students
|
||||
\t \t\tLEFT JOIN registrations ON students.registrations_id=registrations.id
|
||||
LEFT JOIN projects ON projects.registrations_id=registrations.id
|
||||
WHERE students.year='$year'
|
||||
AND registrations.year='$year'
|
||||
AND projects.year='$year'
|
||||
WHERE students.year=?
|
||||
AND registrations.year=?
|
||||
AND projects.year=?
|
||||
AND (registrations.status='complete' OR registrations.status='paymentpending')
|
||||
GROUP BY projects.id");
|
||||
$q->execute();
|
||||
$q->execute([$year,$year,$year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$stats["projects_{$grademap[$r['grade']]}"]++;
|
||||
@ -318,20 +318,20 @@ while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$q = $pdo->prepare("SELECT COUNT(id) AS num FROM users
|
||||
\t\t\t\tLEFT JOIN users_committee ON users_committee.users_id=users.id
|
||||
\t \t\tWHERE types LIKE '%committee%'
|
||||
AND year='$year'
|
||||
AND year=?
|
||||
AND users_committee.committee_active='yes'
|
||||
AND deleted='no'");
|
||||
$q->execute();
|
||||
$q->execute([$year]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$stats['committee_members'] = $r->num;
|
||||
|
||||
$q = $pdo->prepare("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id
|
||||
\t\t\t\t\tWHERE users.year='$year'
|
||||
\t\t\t\t\tWHERE users.year=?
|
||||
AND users.types LIKE '%judge%'
|
||||
AND users.deleted='no'
|
||||
AND users_judge.judge_complete='yes'
|
||||
AND users_judge.judge_active='yes'");
|
||||
$q->execute();
|
||||
$q->execute([$year]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$stats['judges'] = $r->num;
|
||||
|
||||
|
||||
@ -52,8 +52,8 @@
|
||||
}
|
||||
}
|
||||
$s = join(',', $_POST['stats']);
|
||||
$q = $pdo->prepare("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE fairs SET gather_stats=? WHERE id=?");
|
||||
$q->execute([$s,$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo "UPDATE fairs SET gather_stats='$s' WHERE id='$id'";
|
||||
happy_("Saved");
|
||||
@ -63,8 +63,8 @@
|
||||
/* Load the user we're editting */
|
||||
$u = user_load($_SESSION['embed_edit_id']);
|
||||
/* Load the fair attached to the user */
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id=?");
|
||||
$q->execute([$u['fairs_id']]);
|
||||
$f = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
?>
|
||||
|
||||
@ -35,8 +35,8 @@ switch (get_value_from_array($_GET, 'action')) {
|
||||
|
||||
case 'modify':
|
||||
echo "<div id=\"campaignaccordion\" style=\"width: 780px;\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear=? ORDER BY name");
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<h3><a href="#">' . htmlspecialchars($r->name) . "</a></h3>\n";
|
||||
echo "<div id=\"campaign_{$r->id}\">\n";
|
||||
@ -92,14 +92,14 @@ case 'managelist':
|
||||
</tr>
|
||||
</thead>
|
||||
<?
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear=?");
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$goalq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$goalq->execute();
|
||||
$goalq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal=? AND fiscalyear=?");
|
||||
$goalq->execute([$r->fundraising_goal,$config['FISCALYEAR']]);
|
||||
$goalr = $goalq->fetch(PDO::FETCH_OBJ);
|
||||
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
|
||||
$recq->execute();
|
||||
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id=? AND fiscalyear=? AND status='received'");
|
||||
$recq->execute([$r->id,$config['FISCALYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$recr = $recq->fetch(PDO::FETCH_OBJ);
|
||||
$received = $recr->received;
|
||||
@ -139,8 +139,8 @@ case 'managelist':
|
||||
exit;
|
||||
}
|
||||
$id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=?");
|
||||
$q->execute([$id]);
|
||||
$campaign = $q->fetch(PDO::FETCH_OBJ);
|
||||
echo "<h3>$campaign->name</h3>\n";
|
||||
?>
|
||||
@ -171,12 +171,12 @@ case 'managelist':
|
||||
|
||||
case 'manage_tab_overview':
|
||||
$campaign_id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=? AND fiscalyear=?");
|
||||
$q->execute([$campaign_id,$config['FISCALYEAR']]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$goalr = getGoal($r->fundraising_goal);
|
||||
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
|
||||
$recq->execute();
|
||||
$recq = $pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id=? AND fiscalyear=? AND status='received'");
|
||||
$recq->execute([$r->id,$config['FISCALYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$recr = recq->fetch(PDO::FETCH_OBJ);
|
||||
$received = $recr->received;
|
||||
@ -209,8 +209,8 @@ case 'managelist':
|
||||
|
||||
case 'manage_tab_donations':
|
||||
$campaign_id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=? AND fiscalyear=?");
|
||||
$q->execute([$campaign_id,$config['FISCALYEAR']]);
|
||||
if ($campaign = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<table class="tableview">';
|
||||
echo '<thead>';
|
||||
@ -227,8 +227,8 @@ case 'managelist':
|
||||
\t\t\tAND status='received' ORDER BY datereceived DESC");
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$goal = getGoal($r->fundraising_goal);
|
||||
$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'");
|
||||
$sq->execute();
|
||||
$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id=?");
|
||||
$sq->execute([$r->sponsors_id]);
|
||||
$sponsor = $sq->fetch(PDO::FETCH_OBJ);
|
||||
echo '<tr><td>' . format_date($r->datereceived) . "</td>\n";
|
||||
echo ' <td>' . $sponsor->organization . "</td>\n";
|
||||
@ -258,8 +258,8 @@ case 'managelist':
|
||||
'mentor' => 'Mentor (not implemented)',
|
||||
);
|
||||
$campaign_id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=? AND fiscalyear=?");
|
||||
$q->execute([$campaign_id,$config['FISCALYEAR']]);
|
||||
$campaign = $q->fetch(PDO::FETCH_OBJ);
|
||||
if ($campaign->filterparameters) {
|
||||
echo '<h4>' . i18n('User List') . "</h4>\n";
|
||||
@ -307,8 +307,8 @@ case 'managelist':
|
||||
echo '<br />';
|
||||
echo "<form id=\"prospectremoveform\" onsubmit=\"return removeselectedprospects()\">\n";
|
||||
echo "<input type=\"hidden\" name=\"fundraising_campaigns_id\" value=\"$campaign_id\" />\n";
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=?");
|
||||
$q->execute([$campaign_id]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$u = user_load_by_uid($r->users_uid);
|
||||
// hopefully this never returns false, but who knows..
|
||||
@ -359,8 +359,8 @@ case 'managelist':
|
||||
</td></tr>
|
||||
<tr><td><?= i18n('Donation Level') ?>:</td><td>
|
||||
<?
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear=? ORDER BY min");
|
||||
$q->execute([$config['FISCALYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo "<label><input onchange=\"return prospect_search()\" disabled=\"disabled\" type=\"checkbox\" name=\"donationlevel[]\" value=\"$r->level\" >" . i18n($r->level) . ' (' . format_money($r->min, false) . ' - ' . format_money($r->max, false) . ")</label><br />\n";
|
||||
}
|
||||
@ -408,8 +408,8 @@ case 'managelist':
|
||||
|
||||
case 'manage_tab_communications':
|
||||
$campaign_id = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id=? AND fiscalyear=?");
|
||||
$q->execute([$campaign_id,$config['FISCALYEAR']]);
|
||||
if ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
}
|
||||
$communications = array('initial' => 'Initial Communication',
|
||||
@ -418,8 +418,8 @@ case 'managelist':
|
||||
foreach ($communications as $key => $name) {
|
||||
echo '<h4>' . i18n($name) . "</h4>\n";
|
||||
// check if they have one in the emails database
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id=? AND val=?");
|
||||
$q->execute([$campaign_id,$key]);
|
||||
if ($email = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<div style="float: right; margin-right: 15px;">';
|
||||
echo "<a title=\"Edit\" href=\"#\" onclick=\"return opencommunicationeditor(null,$email->id,$campaign_id)\"><img src=\"" . $config['SFIABDIRECTORY'] . '/images/16/edit.' . $config['icon_extension'] . '" border=0></a>';
|
||||
@ -471,12 +471,12 @@ case 'managelist':
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
// if theres nobody left in the list we need to reset the filter params as well
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=?");
|
||||
$q->execute([$campaignid]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
if ($r->num == 0) {
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id=?");
|
||||
$stmt->execute([$campaignid]);
|
||||
}
|
||||
|
||||
happy_('Selected users removed from list');
|
||||
@ -485,10 +485,10 @@ case 'managelist':
|
||||
|
||||
case 'prospect_removeall':
|
||||
$campaignid = intval($_POST['fundraising_campaigns_id']);
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id=?");
|
||||
$stmt->execute([$campaignid]);
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id=?");
|
||||
$stmt->execute([$campaignid]);
|
||||
happy_('All users removed from list');
|
||||
exit;
|
||||
break;
|
||||
@ -496,14 +496,14 @@ case 'managelist':
|
||||
case 'communication_remove':
|
||||
$emails_id = $_POST['id'];
|
||||
// check if its been sent, if so, it cannot be deleted, sorry!
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE id='$emails_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM emails WHERE id=?");
|
||||
$q->execute([$emails_id]);
|
||||
$e = $q->fetch(PDO::FETCH_OBJ);
|
||||
if ($e->lastsent) {
|
||||
error_('Cannot remove an email that has already been sent');
|
||||
} else {
|
||||
$stmt = $pdo->prepare("DELETE FROM emails WHERE id='$emails_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM emails WHERE id=?");
|
||||
$stmt->execute([$emails_id]);
|
||||
happy_('Communicaton removed');
|
||||
}
|
||||
|
||||
@ -800,8 +800,8 @@ function display_campaign_form($r = null)
|
||||
<td><?= i18n('Target') ?></td><td>$<input type="text" id="target" name="target" size="10" value="<?= get_value_property_or_default($r, 'target') ?>" /></td>
|
||||
<td><?= i18n('Default Purpose') ?></td><td colspan="3">
|
||||
<?
|
||||
$fgq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
|
||||
$fgq->execute();
|
||||
$fgq = $pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear=? ORDER BY name");
|
||||
$fgq->execute([$config['FISCALYEAR']]);
|
||||
echo '<select name="fundraising_goal">';
|
||||
echo '<option value="">' . i18n('Choose Default Purpose') . "</option>\n";
|
||||
while ($fgr = $fgq->fetch(PDO::FETCH_OBJ)) {
|
||||
|
||||
@ -140,8 +140,8 @@ $thisyearlist = $userslist;
|
||||
|
||||
foreach ($neverlist AS $uid => $u) {
|
||||
if ($u['sponsors_id']) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id=?");
|
||||
$q->execute([$u['sponsors_id']]);
|
||||
if ($q->rowCount()) {
|
||||
// echo "removing $uid because they have donated in the past <br />";
|
||||
unset($neverlist[$uid]);
|
||||
@ -155,8 +155,8 @@ foreach ($neverlist AS $uid => $u) {
|
||||
|
||||
foreach ($pastlist AS $uid => $u) {
|
||||
if ($u['sponsors_id']) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id=?");
|
||||
$q->execute([$u['sponsors_id']]);
|
||||
if (!$q->rowCount()) {
|
||||
// echo "removing $uid because they have NOT donated in the past <br />";
|
||||
unset($pastlist[$uid]);
|
||||
@ -171,8 +171,8 @@ $lastyear = $config['FISCALYEAR'] - 1;
|
||||
|
||||
foreach ($lastyearlist AS $uid => $u) {
|
||||
if ($u['sponsors_id']) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id=? AND fiscalyear=?");
|
||||
$q->execute([$u['sponsors_id'],$lastyear]);
|
||||
if (!$q->rowCount()) {
|
||||
// echo "removing $uid because they have NOT donated last year <br />";
|
||||
unset($lastyearlist[$uid]);
|
||||
@ -185,8 +185,8 @@ foreach ($lastyearlist AS $uid => $u) {
|
||||
|
||||
foreach ($thisyearlist AS $uid => $u) {
|
||||
if ($u['sponsors_id']) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
|
||||
$q->execcute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id=? AND fiscalyear=?");
|
||||
$q->execute([$u['sponsors_id'],$config['FISCALYEAR']]);
|
||||
if (!$q->rowCount()) {
|
||||
// echo "removing $uid because they have NOT donated this year <br />";
|
||||
unset($thisyearlist[$uid]);
|
||||
@ -216,12 +216,12 @@ if ($_GET['generatelist']) {
|
||||
$campaignid = $_POST['fundraising_campaigns_id'];
|
||||
$params = serialize($_POST);
|
||||
echo "params=$params";
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=? WHERE id=?");
|
||||
$stmt->execute([$params,$campaignid]);
|
||||
$uids = array_keys($userslist);
|
||||
foreach ($uids AS $u) {
|
||||
$stmt = $pdo->prepare("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES (?,?)");
|
||||
$stmt->execute([$campaignid,$u]);
|
||||
}
|
||||
|
||||
echo 'List created';
|
||||
|
||||
@ -5,8 +5,8 @@ $salutations = array('Mr.', 'Mrs.', 'Ms', 'Dr.', 'Professor');
|
||||
function getGoal($goal)
|
||||
{
|
||||
global $config, $pdo;
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE goal=? AND fiscalyear=? LIMIT 1");
|
||||
$q->execute([$goal,$config['FISCALYEAR']]);
|
||||
return $q->fetch(PDO::FETCH_OBJ);
|
||||
}
|
||||
|
||||
|
||||
@ -2,16 +2,16 @@
|
||||
if ($_POST['action'] == 'funddelete' && $_POST['delete']) {
|
||||
// first lookup all the sponsorships inside the fund
|
||||
$id = intval($_POST['delete']);
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND year='" . $config['FISCALYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id=? AND year=?");
|
||||
$q->execute([$id,$config['FISCALYEAR']]);
|
||||
$f = $q->fetch(PDO::FETCH_OBJ);
|
||||
// hold yer horses, no deleting system funds!
|
||||
if ($f) {
|
||||
if ($f->system == 'no') {
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE fundraising_goal='" . $f->type . "' AND fiscalyear='" . $config['FISCALYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE fundraising_goal=? AND fiscalyear=?");
|
||||
$stmt->execute([$f->type,$config['FISCALYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id=?");
|
||||
$stmt->execute([$id]);
|
||||
if ($pdo->rowCount())
|
||||
happy_('Successfully removed fund %1', array($f->name));
|
||||
} else {
|
||||
@ -23,8 +23,8 @@ if ($_POST['action'] == 'funddelete' && $_POST['delete']) {
|
||||
if ($_POST['action'] == 'fundedit' || $_POST['action'] == 'fundadd') {
|
||||
$fundraising_id = intval($_POST['fundraising_id']);
|
||||
if ($fundraising_id) {
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fundraising_goals WHERE id=?");
|
||||
$q->execute([$fundraising_id]);
|
||||
$f = $q->fetch(PDO::FETCH_OBJ);
|
||||
$system = $f->system;
|
||||
}
|
||||
@ -37,11 +37,11 @@ if ($_POST['action'] == 'fundedit' || $_POST['action'] == 'fundadd') {
|
||||
if ($_POST['action'] == 'fundedit') {
|
||||
if (($system == 'yes' && $budget) || ($system == 'no' && $budget && $goal && $name)) {
|
||||
if ($system == 'yes') {
|
||||
$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE fundraising SET budget=?, description=? WHERE id=?");
|
||||
$stmt->execute([$budget,$description,$fundraising_id]);
|
||||
} else {
|
||||
$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE fundraising SET budget=?, description=?, goal=?, name=? WHERE id=?");
|
||||
$stmt->execute([$budget,$description,$goal,$name,$fundraising_id]);
|
||||
}
|
||||
|
||||
if ($pdo->errorInfo())
|
||||
|
||||
@ -44,13 +44,13 @@ if ($_GET['csv'] == 'yes') {
|
||||
}
|
||||
?>
|
||||
<?
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$cats[$r->id] = $r->category;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$divs[$r->id] = $r->division;
|
||||
|
||||
@ -74,13 +74,13 @@ $q = $pdo->prepare("SELECT registrations.id AS reg_id,
|
||||
left outer join projects on projects.registrations_id=registrations.id
|
||||
left outer join judges_teams_timeslots_projects_link on projects.id=judges_teams_timeslots_projects_link.projects_id
|
||||
WHERE
|
||||
registrations.year='$year' "
|
||||
registrations.year=?"
|
||||
. getJudgingEligibilityCode() . "
|
||||
GROUP BY projectid
|
||||
ORDER BY
|
||||
$ORDERBY
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
if ($_GET['csv'] != 'yes') {
|
||||
|
||||
@ -47,11 +47,11 @@ if ($auth_type == 'fair') {
|
||||
/* Make sure they have permission to laod this student, check
|
||||
the master copy of the fairs_id in the project */
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE
|
||||
registrations_id='$registrations_id'
|
||||
AND year='{$config['FAIRYEAR']}'
|
||||
AND fairs_id=$fairs_id");
|
||||
registrations_id=?
|
||||
AND year=?
|
||||
AND fairs_id=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$registrations_id,$config['FAIRYEAR'],$fairs_id]);
|
||||
if ($q->rowCount() != 1) {
|
||||
echo 'permission denied.';
|
||||
exit;
|
||||
@ -69,22 +69,22 @@ switch ($action) {
|
||||
project_save();
|
||||
|
||||
/* Now generate */
|
||||
$q = $pdo->prepare("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projects WHERE registrations_id=? AND year=?");
|
||||
$q->execute([$registrations_id,$config['FAIRYEAR']]);
|
||||
$i = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$id = $i['id'];
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
|
||||
projectnumber_seq='0',projectsort_seq='0'
|
||||
WHERE id='$id'");
|
||||
$stmt->execute();
|
||||
WHERE id=?");
|
||||
$stmt->execute([$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
list($pn, $ps, $pns, $pss) = generateProjectNumber($registrations_id);
|
||||
// print("Generated Project Number [$pn]");
|
||||
$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
|
||||
projectnumber_seq='$pns',projectsort_seq='$pss'
|
||||
WHERE id='$id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE projects SET projectnumber=?,projectsort=?,
|
||||
projectnumber_seq=?,projectsort_seq=?
|
||||
WHERE id=?");
|
||||
$stmt->execute([$pn,$ps,$pns,$pss,$id]);
|
||||
happy_("Generated and Saved Project Number: $pn");
|
||||
break;
|
||||
|
||||
@ -102,8 +102,8 @@ function project_save()
|
||||
global $registrations_id, $config, $pdo;
|
||||
|
||||
// first, lets make sure this project really does belong to them
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=? AND year=?");
|
||||
$q->execute([$registrations_id,$config['FAIRYEAR']]);
|
||||
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
|
||||
if (!projectinfo) {
|
||||
echo error(i18n('Invalid project to update'));
|
||||
@ -121,13 +121,13 @@ function project_save()
|
||||
if (empty($_POST['feedback'])) {
|
||||
$stmt = $pdo->prepare('UPDATE projects SET '
|
||||
. "flagged='0'"
|
||||
. "WHERE id='" . intval($_POST['id']) . "'");
|
||||
$stmt->execute();
|
||||
. "WHERE id=?");
|
||||
$stmt->execute([intval($_POST['id'])]);
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projects SET '
|
||||
. "flagged='1'"
|
||||
. "WHERE id='" . intval($_POST['id']) . "'");
|
||||
$stmt->execute();
|
||||
. "WHERE id=?");
|
||||
$stmt->execute([intval($_POST['id'])]);
|
||||
}
|
||||
show_pdo_errors_if_any($pdo);
|
||||
happy_('Flagging process successfully updated');
|
||||
@ -159,15 +159,15 @@ function project_save()
|
||||
// check if they changed the project number
|
||||
if ($_POST['projectnumber'] != $projectinfo->projectnumber) {
|
||||
// check if hte new one is available
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE year='" . $config['FAIRYEAR'] . "' AND projectnumber='" . $_POST['projectnumber'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE year=?' AND projectnumber=?");
|
||||
$q->execute([$config['FAIRYEAR'],$_POST['projectnumber']]);
|
||||
if ($q->rowCount()) {
|
||||
error_('Could not change project number. %1 is already in use', array($_POST['projectnumber']));
|
||||
} else {
|
||||
$stmt = $pdo->prepare("UPDATE projects SET
|
||||
projectnumber='" . $_POST['projectnumber'] . "'
|
||||
WHERE id='" . $_POST['id'] . "'");
|
||||
$stmt->execute();
|
||||
projectnumber=?
|
||||
WHERE id=?");
|
||||
$stmt->execute([$_POST['projectnumber'],$_POST['id']]);
|
||||
happy_('Project number successfully changed to %1', array($_POST['projectnumber']));
|
||||
}
|
||||
}
|
||||
@ -178,13 +178,13 @@ function project_load()
|
||||
global $registrations_id, $config, $pdo, $projectcategories_id;
|
||||
// $projectcategories_id=null;
|
||||
// now lets find out their MAX grade, so we can pre-set the Age Category
|
||||
$q = $pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='" . $registrations_id . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id=?");
|
||||
$q->execute([$registrations_id]);
|
||||
$gradeinfo = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
// now lets grab all the age categories, so we can choose one based on the max grade
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
// save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
|
||||
$agecategories[$r->id]['category'] = $r->category;
|
||||
@ -196,24 +196,24 @@ function project_load()
|
||||
}
|
||||
|
||||
// now select their project info
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='" . $registrations_id . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=? AND year=?");
|
||||
// check if it exists, if we didnt find any record, lets insert one
|
||||
$q->execute();
|
||||
$q->execute([$registrations_id,$config['FAIRYEAR']]);
|
||||
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
|
||||
if (!$projectinfo) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('" . $registrations_id . "','$projectcategories_id','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES (?,?,?)");
|
||||
// and then pull it back out
|
||||
$stmt->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='" . $registrations_id . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$stmt->execute([$registrations_id,$projectcategories_id,$config['FAIRYEAR']]);
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=? AND year=?");
|
||||
$q->execute([ $registrations_id,$config['FAIRYEAR']]);
|
||||
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
|
||||
}
|
||||
|
||||
// make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
|
||||
if ($projectcategories_id && $projectinfo->projectcategories_id != $projectcategories_id) {
|
||||
echo notice(i18n('Age category changed, updating to %1', array($agecategories[$projectcategories_id]['category'])));
|
||||
$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id=? WHERE id=?");
|
||||
$stmt->execute([$projectcategories_id,$projectinfo->id]);
|
||||
}
|
||||
|
||||
// output the current status
|
||||
@ -298,8 +298,8 @@ function countwords()
|
||||
show_pdo_errors_if_any($pdo);
|
||||
// ###
|
||||
} else
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY division");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY division");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
|
||||
echo '<select name="projectdivisions_id">';
|
||||
echo '<option value="">' . i18n('Select a division') . "</option>\n";
|
||||
|
||||
@ -39,14 +39,14 @@ if (get_value_from_array($_GET, 'year'))
|
||||
else
|
||||
$year = $config['FAIRYEAR'];
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$cats[$r->id] = $r->category;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$divs[$r->id] = $r->division;
|
||||
@ -62,34 +62,34 @@ switch ($action) {
|
||||
|
||||
case 'delete':
|
||||
$regid = intval($_GET['id']);
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='$regid'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id=?");
|
||||
$q->execute([$regid]);
|
||||
if ($q->rowCount()) {
|
||||
$p = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE projects_id='{$p['id']}'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE projects_id=?");
|
||||
$stmt->execute([$p['id']]);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM questions_answers WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM questions_answers WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$regid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id=? AND year=?");
|
||||
$stmt->execute([$regid,$config['FAIRYEAR']]);
|
||||
happy_('Registration and all related data successfully deleted');
|
||||
exit;
|
||||
}
|
||||
@ -459,14 +459,14 @@ function list_query($year, $wherestatus, $reg_id)
|
||||
left outer join projects on projects.registrations_id=registrations.id
|
||||
WHERE
|
||||
1
|
||||
AND registrations.year='$year'
|
||||
$wherestatus
|
||||
$reg $fair
|
||||
AND registrations.year=?
|
||||
?
|
||||
? ?
|
||||
ORDER BY
|
||||
registrations.status DESC, projects.title
|
||||
");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$year,$wherestatus,$reg,$fair]);
|
||||
|
||||
// FIXME
|
||||
show_pdo_errors_if_any($pdo);
|
||||
@ -516,11 +516,11 @@ function print_row($r)
|
||||
FROM
|
||||
students,schools
|
||||
WHERE
|
||||
students.registrations_id='$r->reg_id'
|
||||
students.registrations_id=?
|
||||
AND
|
||||
students.schools_id=schools.id
|
||||
");
|
||||
$sq->execute();
|
||||
$sq->execute([$r->reg_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$studnum = 1;
|
||||
|
||||
@ -41,8 +41,8 @@ echo '<br />';
|
||||
|
||||
$showformatbottom = true;
|
||||
if (get_value_from_array($_POST, 'action') == 'received' && get_value_from_array($_POST, 'registration_number')) {
|
||||
$q = $pdo->prepare("SELECT * FROM registrations WHERE num='" . $_POST['registration_number'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM registrations WHERE num=? AND year=?");
|
||||
$q->execute([$_POST['registration_number'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount() == 1) {
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$reg_id = $r->id;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user