diff --git a/config/backuprestore.php b/config/backuprestore.php index 894fbf99..1f9d8470 100644 --- a/config/backuprestore.php +++ b/config/backuprestore.php @@ -171,25 +171,25 @@ if (get_value_from_array($_GET, 'action') == 'backup') { if (mb_ereg('^[a-z0-9]{32}$', $_POST['realfilename']) && file_exists('../data/backuprestore/' . $_POST['realfilename'])) { $filename = $_POST['realfilename']; echo i18n('Proceeding with database restore from %1', array($_POST['filename'])) . '...'; - $lines = file("../data/backuprestore/?"); + $lines = file("../data/backuprestore/$filename"); $err = false; echo '
';
 		foreach ($lines AS $line) {
 			$line = trim($line);
 			if (mb_ereg('^#TABLE: (.*)', $line, $args)) {
 				// empty out the table
-				$sql = 'TRUNCATE TABLE ?';
+				$sql = "TRUNCATE TABLE $args[1]";
 				//			echo $sql."\n";
 
 				$stmt = $pdo->prepare($sql);
-				$stmt->execute([$args[1]]);
+				$stmt->execute();
 			} else if (mb_ereg('^#', $line)) {
 				// just skip it
 			} else {
 				// insert the new data
 
 				$stmt = $pdo->prepare($line);
-				$stmt->execute([$filename]);
+				$stmt->execute();
 				if ($pdo->errorInfo()) {
 					echo $line . "\n";
 					echo $pdo->errorInfo() . "\n";
diff --git a/config/rollover.php b/config/rollover.php
index 067dcb9a..ba09bbd8 100644
--- a/config/rollover.php
+++ b/config/rollover.php
@@ -66,8 +66,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
 	 */
 
 	/* Get field list for this table */
-	$q = $pdo->prepare("SHOW COLUMNS IN ?");
-	$q->execute([$table]);
+	$q = $pdo->prepare("SHOW COLUMNS IN $table");
+	$q->execute();
 	show_pdo_errors_if_any($pdo);
 	while (($c = $q->fetch(PDO::FETCH_ASSOC))) {
 		$col[$c['Field']] = $c;
@@ -108,8 +108,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
 				$vals .= ',' . $pdo->quote($r[$f]);
 		}
 
-		$stmt = $pdo->prepare("INSERT INTO ?(`year`,?) VALUES (??)");
-		$stmt->execute([$table,$names,$newfairyear,$vals]);
+		$stmt = $pdo->prepare("INSERT INTO `$table` (`year`,?) VALUES (?,?)");
+		$stmt->execute([$names,$newfairyear,$vals]);
 		show_pdo_errors_if_any($pdo);
 	}
 }
@@ -287,34 +287,9 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
 			$puid = ($r->principal_uid == null) ? 'NULL' : ("'" . intval($r->principal_uid) . "'");
 			$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'" . intval($r->sciencehead_uid) . "'");
 
-			$stmt = $pdo->prepare('INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,?,
-				?,?,
-				?,
-				NULL,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?)');
-			$stmt->execute([$pdo->quote($r->school),$pdo->quote($r->schoollang),$pdo->quote($r->schoollevel),
-			$pdo->quote($r->board),$pdo->quote($r->district),$pdo->quote($r->phone),$pdo->quote($r->fax),
-			$pdo->quote($r->address),$pdo->quote($r->city),$pdo->quote($r->province_code),$pdo->quote($r->postalcode),$puid,
-			$pdo->quote($r->schoolemail),$shuid,$pdo->quote($r->accesscode),$pdo->quote($r->junior),$pdo->quote($r->intermediate),
-			$pdo->quote($r->senior),$pdo->quote($r->registration_password),$pdo->quote($r->projectlimit),$pdo->quote($r->projectlimitper),
-			$newfairyear ]);
+			$stmt = $pdo->prepare('INSERT INTO schools (school, schoollang, schoollevel, board, district, phone, fax, address, city, province_code, postalcode, principal_uid, schoolemail, sciencehead_uid, accesscode, lastlogin, junior, intermediate, senior, registration_password, projectlimit, projectlimitper, year) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, ?, ?, ?, ?, ?)');
+			$stmt->execute([$r->school, $r->schoollang, $r->schoollevel, $r->board, $r->district, $r->phone, $r->fax, $r->address, $r->city, $r->province_code, $r->postalcode, $puid, $r->schoolemail, $shuid, $r->accesscode, $r->junior, $r->intermediate, $r->senior, $r->registration_password, $r->projectlimit, $r->projectlimitper, $newfairyear]);
+			
 			show_pdo_errors_if_any($pdo);
 		}
 
@@ -323,17 +298,9 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
 		$q->execute([$currentfairyear]);
 		show_pdo_errors_if_any($pdo);
 		while ($r = $q->fetch(PDO::FETCH_OBJ)) {
-			$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
-				'',
-				?,
-				?,
-				?,
-				?,
-				?,
-				?,
-				?)");
-			$stmt->execute([$newfairyear,$pdo->quote($r->section),$pdo->quote($r->db_heading),$pdo->quote($r->question),
-			$pdo->quote($r->type),$pdo->quote($r->required),$pdo->quote($r->ord)]);
+			$stmt = $pdo->prepare("INSERT INTO questions (id, year, section, db_heading, question, type, required, ord) VALUES ('', ?, ?, ?, ?, ?, ?, ?)");
+			$stmt->execute([$newfairyear, $r->section, $r->db_heading, $r->question, $r->type, $r->required, $r->ord]);
+
 			show_pdo_errors_if_any($pdo);
 		}
 
diff --git a/config/rolloverfiscal.php b/config/rolloverfiscal.php
index 03eda941..8d5401e6 100644
--- a/config/rolloverfiscal.php
+++ b/config/rolloverfiscal.php
@@ -100,9 +100,9 @@ function rolloverfiscalyear($newYear)
 		foreach ($values as $idx => $val) {
 			$values[$idx] = $val;
 		}
-		$query = 'INSERT INTO fundraising_campaigns (?) VALUES(?)';
+		$query = 'INSERT INTO fundraising_campaigns (`' . implode('`,`', $fields) . "`) VALUES(?)";
 		$stmt = $pdo->prepare($query);
-		$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
+		$stmt->execute([implode("','", $values)]);
 	}
 
 	// next we'll hit findraising_donor_levels
@@ -117,9 +117,9 @@ function rolloverfiscalyear($newYear)
 		foreach ($values as $idx => $val) {
 			$values[$idx] = $val;
 		}
-		$query = 'INSERT INTO fundraising_donor_levels (?) VALUES(?)';
+		$query = 'INSERT INTO fundraising_donor_levels (`' . implode('`,`', $fields) . "`) VALUES(?)";
 		$stmt = $pdo->prepare($query);
-		$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
+		$stmt->execute([implode("','", $values)]);
 	}
 
 	// and now we'll do findraising_goals
@@ -142,9 +142,9 @@ function rolloverfiscalyear($newYear)
 		foreach ($values as $idx => $val) {
 			$values[$idx] = $val;
 		}
-		$query = 'INSERT INTO fundraising_goals (?) VALUES(?)';
+		$query = 'INSERT INTO fundraising_goals (`' . implode('`,`', $fields) . "`) VALUES(?)";
 		$stmt = $pdo->prepare($query);
-		$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
+		$stmt->execute([implode("','", $values)]);
 	}
 
 	// finally, let's update the fiscal year itself:
diff --git a/config/signaturepage.php b/config/signaturepage.php
index 2f130f41..1b70d811 100644
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@@ -56,15 +56,15 @@ if (get_value_from_array($_POST, 'action') == 'save') {
 
     $val = get_value_from_array($_POST, 'exhibitordeclaration');
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :useex, `text` = :text WHERE name = 'exhibitordeclaration'");
-    $stmt->bindParam(':useex', '?');
-    $stmt->bindParam(':text', '?');
-    $stmt->execute([$useex,$val]);
+    $stmt->bindParam(':useex', $useex);
+    $stmt->bindParam(':text', $val);
+    $stmt->execute();
 
     $val = get_value_from_array($_POST, 'exhibitordeclaration');
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :usepg, `text` = :text WHERE name = 'parentdeclaration'");
-    $stmt->bindParam(':usepg', '?');
-    $stmt->bindParam(':text', '?');
-    $stmt->execute([$usepg,$val]);
+    $stmt->bindParam(':usepg', $usepg);
+    $stmt->bindParam(':text', $val);
+    $stmt->execute();
 
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use`=?, `text`=? WHERE name='postamble'");
     $stmt->execute([$usepa,get_value_from_array($_POST, 'postamble')]);
diff --git a/config/subdivisions.php b/config/subdivisions.php
index 279615ed..c59f3f14 100644
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@@ -74,11 +74,7 @@ if (get_value_from_array($_POST, 'action') == 'new') {
 		if ($q->rowCount()) {
 			echo error(i18n('Sub-Division ID %1 already exists', array($newid)));
 		} else {
-			$stmt = $pdo->prepare('INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( '
-				. "?, "
-				. "?, "
-				. "?, "
-				. "?) ");
+			$stmt = $pdo->prepare('INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (?,?,?,?) ');
 			$stmt->execute([$newid,$_POST['projectdivisions_id'],stripslashes($_POST['subdivision']),$config['FAIRYEAR']]);
 			echo happy(i18n('Sub-Division successfully added'));
 		}