arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

all database lines have been adjusted across all files

Browse Source
This commit is contained in:
Muad Sakah 2025-02-05 06:06:13 +00:00
parent 888d350ddc
commit a5739a3d90
37 changed files with 881 additions and 718 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
admin/award_awardcreatedivisional.php
View File

@ -130,23 +130,25 @@ if ($r->num) {
echo '  ' . i18n('Prizes: ');
foreach ($prizes AS $prize) {
$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,value,prize,number,`order`,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,year) VALUES (
'$award_awards_id',
'{$prize['cash']}',
'{$prize['scholarship']}',
'{$prize['value']}',
'{$prize['prize']}',
'{$prize['number']}',
'{$prize['order']}',
'{$prize['excludefromac']}',
'{$prize['trophystudentkeeper']}',
'{$prize['trophystudentreturn']}',
'{$prize['trophyschoolkeeper']}',
'{$prize['trophyschoolreturn']}',
'{$config['FAIRYEAR']}'
)");
$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id, cash, scholarship, value, prize, number, `order`, excludefromac, trophystudentkeeper, trophystudentreturn, trophyschoolkeeper, trophyschoolreturn, year)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$q->execute([
$award_awards_id,
$prize['cash'],
$prize['scholarship'],
$prize['value'],
$prize['prize'],
$prize['number'],
$prize['order'],
$prize['excludefromac'],
$prize['trophystudentkeeper'],
$prize['trophystudentreturn'],
$prize['trophyschoolkeeper'],
$prize['trophyschoolreturn'],
$config['FAIRYEAR']
]);
$q->execute();
echo $prize['prize'] . ',';
}

87
admin/award_download.php
View File

@ -159,21 +159,33 @@ switch (get_value_from_array($_GET, 'action')) {
$self_nominate = ($award['self_nominate'] == 'yes') ? 'yes' : 'no';
$schedule_judges = ($award['schedule_judges'] == 'yes') ? 'yes' : 'no';
$q = $pdo->prepare("UPDATE award_awards SET
sponsors_id='$sponsor_id',
name='" . $award['name_en'] . "',
criteria='" . $award['criteria_en'] . "',
external_postback='" . $postback . "',
external_register_winners='" . (($award['external_register_winners'] == 1) ? 1 : 0) . "',
external_additional_materials='" . (($award['external_additional_materials'] == 1) ? 1 : 0) . "',
self_nominate='$self_nominate',
schedule_judges='$schedule_judges'
WHERE
id='$award_id'
AND external_identifier='" . $identifier . "'
AND year='$year'
");
$q->execute();
$q = $pdo->prepare("UPDATE award_awards SET
sponsors_id = ?,
name = ?,
criteria = ?,
external_postback = ?,
external_register_winners = ?,
external_additional_materials = ?,
self_nominate = ?,
schedule_judges = ?
WHERE id = ?
AND external_identifier = ?
AND year = ?");
$q->execute([
$sponsor_id,
$award['name_en'],
$award['criteria_en'],
$postback,
($award['external_register_winners'] == 1) ? 1 : 0,
($award['external_additional_materials'] == 1) ? 1 : 0,
$self_nominate,
$schedule_judges,
$award_id,
$identifier,
$year
]);
show_pdo_errors_if_any($pdo);
// update the prizes
@ -218,22 +230,35 @@ switch (get_value_from_array($_GET, 'action')) {
if (!array_key_exists('identifier', $prize))
$prize['identifier'] = $prize['prize_en'];
$q = $pdo->prepare("UPDATE award_prizes SET
cash='" . intval($prize['cash']) . "',
scholarship='" . intval($prize['scholarship']) . "',
value='" . intval($prize['value']) . "',
prize='" . $prize['prize_en'] . "',
number='" . intval($prize['number']) . "',
`order`='" . intval($prize['ord']) . "',
external_identifier='" . stripslashes($prize['identifier']) . "',
trophystudentkeeper='" . intval($prize['trophystudentkeeper']) . "',
trophystudentreturn='" . intval($prize['trophystudentreturn']) . "',
trophyschoolkeeper='" . intval($prize['trophyschoolkeeper ']) . "',
trophyschoolreturn='" . intval($prize['trophyschoolreturn']) . "'
WHERE
id='$prize_id'");
$q->execute([]);
$q = $pdo->prepare("UPDATE award_prizes SET
cash = ?,
scholarship = ?,
value = ?,
prize = ?,
number = ?,
`order` = ?,
external_identifier = ?,
trophystudentkeeper = ?,
trophystudentreturn = ?,
trophyschoolkeeper = ?,
trophyschoolreturn = ?
WHERE id = ?");
$q->execute([
intval($prize['cash']),
intval($prize['scholarship']),
intval($prize['value']),
$prize['prize_en'],
intval($prize['number']),
intval($prize['ord']),
stripslashes($prize['identifier']),
intval($prize['trophystudentkeeper']),
intval($prize['trophystudentreturn']),
intval($prize['trophyschoolkeeper']),
intval($prize['trophyschoolreturn']),
$prize_id
]);
show_pdo_errors_if_any($pdo);
// FIXME: update the translations

92
admin/communication.php
View File

@ -701,21 +701,22 @@ if (get_value_from_array($_GET, 'action') == 'sendqueue') {
$numtotal = $recipq->rowCount();
$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
'" . $email->val . "',
'" . $email->name . "',
'" . $_SESSION['users_uid'] . "',
'" . $email->from . "',
'" . $email->subject . "',
'" . $email->body . "',
'" . $email->bodyhtml . "',
'" . $email->type . "',
$fcid,
NOW(),
NULL,
$numtotal,
0)");
$q->execute();
$q = $pdo->prepare("INSERT INTO emailqueue (val, name, users_uid, `from`, subject, body, bodyhtml, `type`, fundraising_campaigns_id, started, finished, numtotal, numsent)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NULL, ?, 0)");
$q->execute([
$email->val,
$email->name,
$_SESSION['users_uid'],
$email->from,
$email->subject,
$email->body,
$email->bodyhtml,
$email->type,
$fcid,
$numtotal
]);
$emailqueueid = $pdo->lastInsertId();
show_pdo_errors_if_any($pdo);
@ -746,13 +747,15 @@ if (get_value_from_array($_GET, 'action') == 'sendqueue') {
);
if ($u['email'] && $u['email'][0] != '*') {
$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
'$emailqueueid',
'" . $pdo->quote($u['email']) . "',
'" . $pdo->quote($u['name']) . "',
'" . $pdo->quote(json_encode($replacements) . "',
NULL)"));
$q->execute();
$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id, toemail, toname, replacements, sent) VALUES (?, ?, ?, ?, NULL)");
$q->execute([
$emailqueueid,
$u['email'],
$u['name'],
json_encode($replacements)
]);
show_pdo_errors_if_any($pdo);
}
$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id=?");
@ -870,21 +873,20 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
}
$numtotal = $recipq->rowCount();
$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
'" . $pdo->quote($email->val) . "',
'" . $pdo->quote($email->name) . "',
'" . $pdo->quote($_SESSION['users_uid']) . "',
'" . $pdo->quote($email->from) . "',
'" . $pdo->quote($email->subject) . "',
'" . $pdo->quote($email->body) . "',
'" . $pdo->quote($email->bodyhtml) . "',
'" . $pdo->quote($email->type) . "',
NULL,
NOW(),
NULL,
$numtotal,
0)");
$q->execute();
$q = $pdo->prepare("INSERT INTO emailqueue (val, name, users_uid, `from`, subject, body, bodyhtml, `type`, fundraising_campaigns_id, started, finished, numtotal, numsent) VALUES (?, ?, ?, ?, ?, ?, ?, ?, NULL, NOW(), NULL, ?, 0)");
$q->execute([
$email->val,
$email->name,
$_SESSION['users_uid'],
$email->from,
$email->subject,
$email->body,
$email->bodyhtml,
$email->type,
$numtotal
]);
$emailqueueid = lastInsertId();
show_pdo_errors_if_any($pdo);
@ -939,13 +941,15 @@ if (get_value_from_array($_GET, 'action') == 'send' && get_value_from_array($_GE
}
if ($toemail) {
$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
'$emailqueueid',
'" . $toemail . "',
'" . $toname . "',
'" . json_encode($replacements) . "',
NULL)");
$q->execute();
$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id, toemail, toname, replacements, sent) VALUES (?, ?, ?, ?, NULL)");
$q->execute([
$emailqueueid,
$toemail,
$toname,
json_encode($replacements)
]);
show_pdo_errors_if_any($pdo);
}

59
admin/donors.php
View File

@ -54,26 +54,31 @@ switch (get_value_from_array($_GET, 'action')) {
if ($id) {
$exec = 'UPDATE sponsors SET '
. "donortype='" . stripslashes($_POST['donortype']) . "', "
. "organization='" . stripslashes($_POST['organization']) . "', "
. "address='" . stripslashes($_POST['address']) . "', "
. "address2='" . stripslashes($_POST['address2']) . "', "
. "city='" . stripslashes($_POST['city']) . "', "
. "province_code='" . stripslashes($_POST['province_code']) . "', "
. "postalcode='" . stripslashes($_POST['postalcode']) . "', "
. "phone='" . stripslashes($_POST['phone']) . "', "
. "tollfree='" . stripslashes($_POST['tollfree']) . "', "
. "fax='" . stripslashes($_POST['fax']) . "', "
. "email='" . stripslashes($_POST['email']) . "', "
. "website='" . stripslashes($_POST['website']) . "', "
. "notes='" . stripslashes($_POST['notes']) . "', "
. "donationpolicyurl='" . stripslashes($_POST['donationpolicyurl']) . "', "
. "fundingselectiondate='" . stripslashes($_POST['fundingselectiondate']) . "', "
. "proposalsubmissiondate='" . stripslashes($_POST['proposalsubmissiondate']) . "', "
. "waiveraccepted='" . stripslashes($_POST['waiveraccepted']) . "' "
. "WHERE id='$id'";
. "donortype=?, "
. "organization=?, "
. "address=?, "
. "address2=?, "
. "city=?, "
. "province_code=?, "
. "postalcode=?, "
. "phone=?, "
. "tollfree=?, "
. "fax=?, "
. "email=?, "
. "website=?, "
. "notes=?, "
. "donationpolicyurl=?, "
. "fundingselectiondate=?, "
. "proposalsubmissiondate=?, "
. "waiveraccepted=? "
. "WHERE id=?";
$q = $pdo->prepare($exec);
$q->execute();
$q->execute([stripslashes($_POST['donortype']),stripslashes($_POST['organization']),stripslashes($_POST['address']),
stripslashes($_POST['address2']),stripslashes($_POST['city']),stripslashes($_POST['province_code']),
stripslashes($_POST['postalcode']),stripslashes($_POST['phone']),stripslashes($_POST['tollfree']),
stripslashes($_POST['fax']),stripslashes($_POST['email']),stripslashes($_POST['website']),
stripslashes($_POST['notes']),stripslashes($_POST['donationpolicyurl']),stripslashes($_POST['fundingselectiondate']),
stripslashes($_POST['proposalsubmissiondate']),stripslashes($_POST['waiveraccepted']),$id]);
echo $q->errorInfo();
// FIXME accept the logo
@ -422,18 +427,18 @@ switch (get_value_from_array($_GET, 'action')) {
if ($goal && $value && $supporttype) {
$q = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_goal,fundraising_campaigns_id,value,status,probability,fiscalyear,thanked,datereceived,supporttype) VALUES (
'$sponsorid',
'" . $goal . "',
'$campaignid',
'$value',
?,
?,
?,
?,
'received',
'100',
'{$config['FISCALYEAR']}',
?,
'no',
'" . $datereceived . "',
'" . $supporttype . "'
?,
?
)");
$q->execute();
$q->execute([$sponsorid,$goal,$campaignid,$value,$config['FISCALYEAR'],$datereceived,$supporttype]);
$id = $pdo->lastInsertId();
$logStr = getDonationString($id);
save_activityinfo("Added donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'], 'System');

42
admin/judges_teams_projects.php
View File

@ -81,20 +81,20 @@ if (get_value_from_array($_GET, 'judges_projects_list_eligible'))
$_SESSION['viewstate']['judges_projects_list_eligible'] = $_GET['judges_projects_list_eligible'];
if (get_value_from_array($_GET, 'action') == 'delete' && $_GET['delete'] && $_GET['edit']) {
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE id='" . $_GET['delete'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE id=?");
$stmt->execute([$_GET['delete']]);
echo happy(i18n('Judging team project successfully removed'));
$action = 'edit';
}
if (get_value_from_array($_POST, 'action') == 'assign' && $_POST['edit'] && $_POST['timeslot'] && $_POST['project_id']) {
$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES ('" . $_POST['edit'] . "','" . $_POST['timeslot'] . "','" . $_POST['project_id'] . "','" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES (?,?,?,?)");
$stmt->execute([$_POST['edit'],$_POST['timeslot'],$_POST['project_id'],$config['FAIRYEAR']]);
echo happy(i18n('Project assigned to team timeslot'));
}
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount() > 1)
$show_date = true;
else
@ -155,13 +155,13 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
judges_teams,
judges_teams_timeslots_link
WHERE
judges_teams.id='" . $team['id'] . "' AND
judges_teams.id=? AND
judges_teams.id=judges_teams_timeslots_link.judges_teams_id AND
judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
ORDER BY
date,starttime
");
$q->execute();
$q->execute([$team['id']]);
$numslots = $q - rowCount();
if ($numslots) {
@ -201,7 +201,7 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
projectnumber is not null
' . getJudgingEligibilityCode() . " AND
projects.registrations_id=registrations.id AND
projects.year='" . $config['FAIRYEAR'] . "'
projects.year=?
ORDER BY
projectnumber";
} else if ($_SESSION['viewstate']['judges_projects_list_show'] == 'unassigned') {
@ -219,13 +219,13 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
' . getJudgingEligibilityCode(). ' AND
projects.registrations_id=registrations.id AND
judges_teams_timeslots_projects_link.projects_id IS NULL AND
projects.year='" . $config['FAIRYEAR'] . "'
projects.year=?
ORDER BY
projectnumber";
}
$pq = $pdo->prepare($querystr);
$pq->execute();
$pq->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$eligibleprojects = getProjectsEligibleOrNominatedForAwards($award_ids);
@ -284,14 +284,14 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
projects,
judges_teams_timeslots_projects_link
WHERE
judges_teams_timeslots_projects_link.judges_timeslots_id='$r->id' AND
judges_teams_timeslots_projects_link.judges_teams_id='" . $team['id'] . "' AND
judges_teams_timeslots_projects_link.judges_timeslots_id=? AND
judges_teams_timeslots_projects_link.judges_teams_id=? AND
judges_teams_timeslots_projects_link.projects_id=projects.id AND
judges_teams_timeslots_projects_link.year='" . $config['FAIRYEAR'] . "'
judges_teams_timeslots_projects_link.year=?
ORDER BY
projectnumber
");
$projq->execute();
$projq->execute([$r->id,$team['id'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {
@ -357,13 +357,13 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
judges_teams,
judges_teams_timeslots_link
WHERE
judges_teams.id='" . $team['id'] . "' AND
judges_teams.id=? AND
judges_teams.id=judges_teams_timeslots_link.judges_teams_id AND
judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
ORDER BY
date,starttime
");
$q->execute();
$q->execute([$team['id']]);
$numslots = $q->rowCount();
echo '<a href="judges_teams_projects.php?action=edit&edit=' . $team['id'] . '">' . i18n('Edit team project assignments') . '</a>';
@ -391,14 +391,14 @@ if (($action == 'edit' || $action == 'assign') && $edit) {
projects,
judges_teams_timeslots_projects_link
WHERE
judges_teams_timeslots_projects_link.judges_timeslots_id='$r->id' AND
judges_teams_timeslots_projects_link.judges_teams_id='" . $team['id'] . "' AND
judges_teams_timeslots_projects_link.judges_timeslots_id=? AND
judges_teams_timeslots_projects_link.judges_teams_id=? AND
judges_teams_timeslots_projects_link.projects_id=projects.id AND
judges_teams_timeslots_projects_link.year='" . $config['FAIRYEAR'] . "'
judges_teams_timeslots_projects_link.year=?
ORDER BY
projectnumber
");
$projq->execute();
$projq->execute([$r->id,$team['id'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
while ($proj = $projq->fetch(PDO::FETCH_OBJ)) {

28
admin/judges_teams_timeslots.php
View File

@ -42,15 +42,15 @@ if (array_key_exists('action', $_POST))
if (get_value_from_array($_GET, 'action') && $action == 'delete') {
$id = intval($_GET['delete']);
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE id=?");
$stmt->execute([$id]);
message_push(happy(i18n('Judging team timeslot successfully removed')));
}
if (array_key_exists('empty', $_GET) && $action == 'empty') {
$id = intval($_GET['empty']);
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=?");
$stmt->execute([$id]);
message_push(happy(i18n('Judging team timeslots successfully removed')));
}
@ -61,8 +61,8 @@ if ($action == 'assign') {
foreach ($_POST['teams'] AS $tm) {
foreach ($_POST['timeslots'] AS $ts) {
$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link (judges_teams_id,judges_timeslots_id,year)
VALUES ('$tm','$ts','{$config['FAIRYEAR']}')");
$stmt->execute();
VALUES (?,?,?)");
$stmt->execute([$tm,$ts,$config['FAIRYEAR']]);
}
}
message_push(happy(i18n('%1 Timeslots assigned to %2 teams', array(count($_POST['timeslots']), count($_POST['teams'])))));
@ -126,8 +126,8 @@ echo '<a href="" onclick="return checknone(\'timeslots\')">select none</a>';
echo '&nbsp;|&nbsp';
echo '<a href="" onclick="return checkinvert(\'timeslots\')">invert selection</a>';
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year=?");
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount() > 1)
$show_date = true;
else
@ -143,16 +143,16 @@ echo '<th>' . i18n('End Time') . '</th>';
echo "</tr>\n";
$q = $pdo->prepare("SELECT * FROM judges_timeslots
WHERE year='{$config['FAIRYEAR']}'
WHERE year=?
AND round_id='0' ORDER BY date,starttime");
$q->execute();
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo '<tr>';
$span = $show_date ? 4 : 3;
echo "<td colspan=\"$span\">{$r->name} (" . $round_str[$r->type] . ')</td>';
$qq = $pdo->prepare("SELECT * FROM judges_timeslots
WHERE round_id='{$r->id}' ORDER BY date,starttime");
$qq->execute();
WHERE round_id=? ORDER BY date,starttime");
$qq->execute([$r->id]);
while ($rr = $qq->fetch(PDO::FETCH_OBJ)) {
echo '<tr>';
echo "<td><input type=\"checkbox\" name=\"timeslots[]\" value=\"{$rr->id}\" /></td>";
@ -213,13 +213,13 @@ foreach ($teams AS $team) {
judges_teams,
judges_teams_timeslots_link
WHERE
judges_teams.id='" . $team['id'] . "' AND
judges_teams.id=? AND
judges_teams.id=judges_teams_timeslots_link.judges_teams_id AND
judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
ORDER BY
date,starttime
");
$q->execute();
$q->execute([$team['id']]);
$numslots = $q->rowCount();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {

14
admin/judges_timeslots.php
View File

@ -188,9 +188,9 @@ if ($action == 'savemultiple') {
$tt = $duration + $break;
for ($x = 0; $x < $addnum; $x++) {
$q = $pdo->prepare("SELECT \tDATE_ADD('$date $hr:$min:00', INTERVAL $duration MINUTE) AS endtime,
DATE_ADD('$date $hr:$min:00', INTERVAL $tt MINUTE) AS startnext ");
$q->execute();
$q = $pdo->prepare("SELECT \tDATE_ADD(? ?:?:00', INTERVAL ? MINUTE) AS endtime,
DATE_ADD(? ?:?:00', INTERVAL ? MINUTE) AS startnext ");
$q->execute([$date,$hr,$min,$duration,$date,$hr,$min,$tt]);
show_pdo_errors_if_any($pdo);
$r = $q->fetch(PDO::FETCH_OBJ);
list($ed, $et) = split(' ', $r->endtime);
@ -199,10 +199,10 @@ if ($action == 'savemultiple') {
$starttime = sprintf('%02d:%02d:00', $hr, $min);
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (date,type,round_id,starttime,endtime,year) VALUES (
'$date','timeslot','{$round_data['id']}',
'$starttime', '$et',
'{$config['FAIRYEAR']}')");
$stmt->execute();
?,'timeslot',?,
?,?,
?)");
$stmt->execute([$date,$round_data['id'],$starttime,$et,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$date = $nd;
list($s_h, $s_m, $s_s) = split(':', $nt);

29
admin/project_editor.php
View File

@ -139,20 +139,21 @@ function project_save()
$title = stripslashes($_POST['title']);
$stmt = $pdo->prepare('UPDATE projects SET '
. "title='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $title) . "', "
. "projectdivisions_id='" . intval($_POST['projectdivisions_id'] . "', "
. "projecttype='" . stripslashes($_POST['projecttype']) . "', "
. "language='" . stripslashes($_POST['language']) . "', "
. "req_table='" . stripslashes($_POST['req_table']) . "', "
. "req_electricity='" . stripslashes($_POST['req_electricity']) . "', "
. "req_special='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['req_special'])) . "', "
. "human_participants='" . stripslashes($_POST['human_participants']) . "', "
. "animal_participants='" . stripslashes($_POST['animal_participants']) . "', "
. "summary='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['summary'])) . "', "
. "summarycountok='$summarycountok',"
. "feedback='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['feedback'])) . "', "
. "projectsort='" . stripslashes($_POST['projectsort']) . "'"
. "WHERE id='" . intval($_POST['id'])) . "'");
. "title='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT','?') . "', "
. "projectdivisions_id=?, "
. "projecttype=?, "
. "language=?, "
. "req_table=?, "
. "req_electricity=?, "
. "req_special=?, "
. "human_participants=?, "
. "animal_participants=?, "
. "summary=?, "
. "summarycountok=?,"
. "feedback=?, "
. "projectsort=?"
. "WHERE id=?");
$stmt->execute([$title,intval($_POST['projectdivisions_id'],stripslashes($_POST['projecttype']),stripslashes($_POST['language']),stripslashes($_POST['req_table']),stripslashes($_POST['req_electricity']),stripslashes($_POST['human_participants']),stripslashes($_POST['animal_participants']),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['summary'])),$summarycountok,iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['feedback'])),stripslashes($_POST['projectsort']),intval($_POST['id']))]);
show_pdo_errors_if_any($pdo);
happy_('Project information successfully updated');

45
admin/rerollprizes.php
View File

@ -113,18 +113,18 @@ if ($config['FAIRYEAR'] == 2008) {
show_pdo_errors_if_any($pdo);
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
'" . $award_awards_id . "',
'" . $r2->cash . "',
'" . $r2->scholarship . "',
'" . $r2->value . "',
'" . $r2->prize . "',
'" . $r2->number . "',
'" . $r2->order . "',
'" . $newfairyear . "',
'" . $r2->excludefromac . "')");
?,
?,
?,
?,
?,
?,
?,
?,
?)");
}
}
$q2->execute([$award_awards_id,$r2->cash,$r2->scholarship,$r2->value,$r2->prize,$r2->number,$r2->order,$newfairyear,$r2->excludefromac]);
echo i18n('Rolling award contacts') . '<br />';
// award contacts
$q = $pdo->prepare("SELECT * FROM award_contacts WHERE year=?");
@ -132,19 +132,20 @@ if ($config['FAIRYEAR'] == 2008) {
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
'" . $r->award_sponsors_id . "',
'" . $r->salutation . "',
'" . $r->firstname . "',
'" . $r->lastname . "',
'" . $r->position . "',
'" . $r->email . "',
'" . $r->phonehome . "',
'" . $r->phonework . "',
'" . $r->phonecell . "',
'" . $r->fax . "',
'" . $r->notes . "',
'" . $newfairyear . "')");
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?)");
$stmt->execute([$r->award_sponsors_id,$r->salutation,$r->firstname,$r->lastname,$r->position,$r->email,$r->phonehome,$r->phonework,$r->phonecell,$r->fax,$r->notes,$newfairyear]);
echo i18n('Rolling award types') . '<br />';
// award types
$q = $pdo->prepare("SELECT * FROM award_types WHERE year=?");

50
admin/schools.php
View File

@ -155,29 +155,35 @@ if (get_value_from_array($_POST, 'save') == 'edit' || get_value_from_array($_POS
}
$exec = 'UPDATE schools SET '
. "school='" . get_value_from_array($_POST, 'school') . "', "
. "schoollang='" . get_value_from_array($_POST, 'schoollang') . "', "
. "designate='" . get_value_from_array($_POST, 'schooldesignate') . "', "
. "schoollevel='" . get_value_from_array($_POST, 'schoollevel') . "', "
. "school='" . get_value_from_array($_POST, 'school') . "', "
. "board='" . get_value_from_array($_POST, 'board') . "', "
. "district='" . get_value_from_array($_POST, 'district') . "', "
. "address='" . get_value_from_array($_POST, 'address') . "', "
. "city='" . get_value_from_array($_POST, 'city') . "', "
. "province_code='" . get_value_from_array($_POST, 'province_code') . "', "
. "postalcode='" . get_value_from_array($_POST, 'postalcode') . "', "
. "schoolemail='" . get_value_from_array($_POST, 'schoolemail') . "', "
. "phone='" . get_value_from_array($_POST, 'phone') . "', "
. "fax='" . get_value_from_array($_POST, 'fax') . "', "
. "registration_password='" . get_value_from_array($_POST, 'registration_password') . "', "
. "projectlimit='" . get_value_from_array($_POST, 'projectlimit') . "', "
. "projectlimitper='" . get_value_from_array($_POST, 'projectlimitper') . "', "
. "accesscode='" . get_value_from_array($_POST, 'accesscode') . "', "
. $sciencehead_update . $principal_update
. "atrisk='$atrisk' "
. "WHERE id='$id'";
. "school=?, "
. "schoollang=?, "
. "designate=?, "
. "schoollevel=?, "
. "school=?, "
. "board=?, "
. "district=?, "
. "address=?, "
. "city=?, "
. "province_code=?, "
. "postalcode=?, "
. "schoolemail=?, "
. "phone=?, "
. "fax=?, "
. "registration_password=?, "
. "projectlimit=?, "
. "projectlimitper=?, "
. "accesscode=?, "
. "? ?"
. "atrisk=?"
. "WHERE id=?";
$stmt = $pdo->prepare($exec);
$stmt->execute();
$stmt->execute([get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'schoollang'),get_value_from_array($_POST, 'schooldesignate'),get_value_from_array($_POST, 'schoollevel'),
get_value_from_array($_POST, 'school'),get_value_from_array($_POST, 'board'),get_value_from_array($_POST, 'district'),
get_value_from_array($_POST, 'address'),get_value_from_array($_POST, 'city'),get_value_from_array($_POST, 'province_code'),
get_value_from_array($_POST, 'postalcode'),get_value_from_array($_POST, 'schoolemail'),get_value_from_array($_POST, 'phone'),
get_value_from_array($_POST, 'fax'),get_value_from_array($_POST, 'registration_password'),get_value_from_array($_POST, 'projectlimit'),
get_value_from_array($_POST, 'projectlimitper'),get_value_from_array($_POST, 'accesscode'),$sciencehead_update,$principal_update,
$atrisk,$id]);
show_pdo_errors_if_any($pdo);
if (get_value_from_array($_POST, 'save') == 'add')

43
admin/schoolsimport.php
View File

@ -87,26 +87,29 @@ if (get_value_from_array($_POST, 'action') == 'import') {
user_save($principal);
}
$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
'" . stripslashes($row[0]) . "',
'" . stripslashes($row[1]) . "',
'" . stripslashes($row[2]) . "',
'" . stripslashes($row[3]) . "',
'" . stripslashes($row[4]) . "',
'" . stripslashes($row[5]) . "',
'" . stripslashes($row[6]) . "',
'" . stripslashes($row[7]) . "',
'" . stripslashes($row[8]) . "',
'" . stripslashes($row[9]) . "',
'" . stripslashes($row[10]) . "',
'" . stripslashes($row[14]) . "',
'" . stripslashes($row[18]) . "',
'" . stripslashes($row[19]) . "',
'" . stripslashes($row[20]) . "',
'" . stripslashes($row[21]) . "',
'" . $config['FAIRYEAR'] . "',
'" . $principal['uid'] . "',
'" . $scienceHead['uid'] . "')");
$stmt->execute();
'?,
'?,
'?,
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?',
'?,
'?,
'?)");
$stmt->execute([stripslashes($row[0]),stripslashes($row[1],stripslashes($row[2]),stripslashes($row[3])),
stripslashes($row[4]),stripslashes($row[5]),stripslashes($row[6]),stripslashes($row[7]),stripslashes($row[8]),
stripslashes($row[9]),stripslashes($row[10]),stripslashes($row[14]),stripslashes($row[18]),stripslashes($row[19]),
stripslashes($row[20]),stripslashes($row[21]),$config['FAIRYEAR'],$principal['uid'],$scienceHead['uid']]);
if (!$pdo->errorInfo())
$loaded++;
else

95
admin/student_editor.php
View File

@ -152,25 +152,33 @@ function students_save()
// INSERT new record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
. "'" . $registrations_id . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])) . "', "
. "'" . stripslashes($_POST['sex'][$x]) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])) . "', "
. "'" . stripslashes($_POST['postalcode'][$x]) . "', "
. "'" . stripslashes($_POST['phone'][$x]) . "', "
. "'$dob', "
. "'" . stripslashes($_POST['grade'][$x]) . "', "
. $schoolvalue
. "'" . stripslashes($_POST['tshirt'][$x]) . "', "
. "'" . stripslashes($_POST['medicalalert'][$x]) . "', "
. "'" . stripslashes($_POST['foodreq'][$x]) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])) . "', "
. "'" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])) . "', "
. "'" . $config['FAIRYEAR'] . "')");
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?"
. "?, "
. "?, "
. "?, "
. "?, "
. "?, "
. "?)");
$stmt->execute([$registrations_id,iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])),stripslashes($_POST['sex'][$x]),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])),
stripslashes($_POST['postalcode'][$x]),stripslashes($_POST['phone'][$x]),$dob,stripslashes($_POST['grade'][$x]),
$schoolvalue,stripslashes($_POST['tshirt'][$x]),stripslashes($_POST['medicalalert'][$x]),stripslashes($_POST['foodreq'][$x]),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])),
$config['FAIRYEAR']]);
happy_('%1 %2 successfully added', array($_POST['firstname'][$x], $_POST['lastname'][$x]));
} else {
@ -185,25 +193,36 @@ function students_save()
// UPDATE existing record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('UPDATE students SET '
. "firstname='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])) . "', "
. "lastname='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])) . "', "
. "sex='" . stripslashes($_POST['sex'][$x]) . "', "
. "email='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])) . "', "
. "address='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])) . "', "
. "city='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])) . "', "
. "province='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])) . "', "
. "postalcode='" . stripslashes($_POST['postalcode'][$x]) . "', "
. "phone='" . stripslashes($_POST['phone'][$x]) . "', "
. "dateofbirth='$dob', "
. "grade='" . stripslashes($_POST['grade'][$x]) . "', "
. $schoolquery
. "medicalalert='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['medicalalert'][$x])) . "', "
. "foodreq='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['foodreq'][$x])) . "', "
. "teachername='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])) . "', "
. "teacheremail='" . iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])) . "', "
. "tshirt='" . stripslashes($_POST['tshirt'][$x]) . "' "
. "WHERE id='" . $_POST['id'][$x] . "'");
$stmt->execute();
. "firstname=?, "
. "lastname=?, "
. "sex=/, "
. "email=?, "
. "address=?, "
. "city=?, "
. "province=?, "
. "postalcode=?, "
. "phone=?, "
. "dateofbirth=?, "
. "grade=?, "
. "?"
. "medicalalert=?, "
. "foodreq=?, "
. "teachername=?, "
. "teacheremail=?, "
. "tshirt=/ "
. "WHERE id=?");
$stmt->execute([iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['firstname'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['lastname'][$x])),
stripslashes($_POST['sex'][$x]),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['email'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['address'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['city'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['province'][$x])),
stripslashes($_POST['postalcode'][$x]),stripslashes($_POST['phone'][$x]),
$dob,stripslashes($_POST['grade'][$x]),iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $schoolquery,stripslashes($_POST['medicalalert'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['foodreq'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teachername'][$x])),
iconv('UTF-8', 'ISO-8859-1//TRANSLIT', stripslashes($_POST['teacheremail'][$x])),
stripslashes($_POST['tshirt'][$x]),$_POST['id'][$x]]);
happy_('%1 %2 successfully updated', array(iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $_POST['firstname'][$x]), iconv('UTF-8', 'ISO-8859-1//TRANSLIT', $_POST['lastname'][$x])));
}
$x++;

6
admin/tours_sa.php
View File

@ -304,10 +304,10 @@ foreach ($tours as $x => $t) {
(`students_id`,`registrations_id`,
`tour_id`,`year`,`rank`)
VALUES (
'$sid', '{$s['registrations_id']}',
'{$t['id']}', '{$config['FAIRYEAR']}',
'?', '?',
'?', '?',
'0')");
$stmt->execute();
$stmt->execute([$sid,$s['registrations_id'],$t['id'],$config['FAIRYEAR']]);
}
}

3
admin/translations.php
View File

@ -65,7 +65,8 @@ if (get_value_from_array($_POST, 'action') == 'save') {
if ($_POST['changedFields']) {
$changed = split(',', $_POST['changedFields']);
foreach ($changed AS $ch) {
$stmt = $pdo->prepare("UPDATE translations SET val='" . stripslashes($_POST['val'][$ch]) . "' WHERE strmd5='" . $ch . "' AND lang='" . $_SESSION['translang'] . "'");
$stmt = $pdo->prepare("UPDATE translations SET val=? WHERE strmd5=? AND lang=?");
$stmt->execute([stripslashes($_POST['val'][$ch]),$ch ,$_SESSION['translang']]);
}
echo happy(i18n('Translation(s) saved'));
}

17
config/categories.php
View File

@ -71,14 +71,15 @@ if (get_value_from_array($_POST, 'action') == 'new') {
if ($q->rowCount()) {
echo error(i18n('Category ID %1 already exists', array($_POST['id']), array('category ID')));
} else {
$stmt = $pdo->prepare('INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( '
. "'" . $_POST['id'] . "', "
. "'" . stripslashes($_POST['category']) . "', "
. "'" . stripslashes($_POST['category_shortform']) . "', "
. "'" . $_POST['mingrade'] . "', "
. "'" . $_POST['maxgrade'] . "', "
. "'" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
?,
?,
?,
?,
?,
?)');
$stmt->execute([$_POST['id'],stripslashes($_POST['category']),stripslashes($_POST['category_shortform']),
$_POST['mingrade'],$_POST['maxgrade'],$config['FAIRYEAR']]);
echo happy(i18n('Category successfully added'));
}
} else {

57
config/divisions.php
View File

@ -63,11 +63,8 @@ if (get_value_from_array($_POST, 'action') == 'edit') {
$stmt->execute([ $_POST['saveid'],$config['FAIRYEAR']]);
if (is_array($_POST['divcat'])) {
foreach ($_POST['divcat'] as $tempcat) {
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( '
. "'" . $_POST['id'] . "', "
. "'" . $tempcat . "', "
. "'" . $config['FAIRYEAR'] . "') ");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (?,?,?)');
$stmt->execute([$_POST['id'],$tempcat,$config['FAIRYEAR']]);
}
}
}
@ -82,25 +79,19 @@ if (get_value_from_array($_POST, 'action') == 'edit') {
if (get_value_from_array($_POST, 'action') == 'new') {
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division')) {
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id=? AND year=?");
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
if ($q->rowCount()) {
echo error(i18n('Division ID %1 already exists', array($_POST['id']), array('division ID')));
} else {
$stmt = $pdo->prepare('INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( '
. "'" . $_POST['id'] . "', "
. "'" . stripslashes($_POST['division']) . "', "
. "'" . stripslashes($_POST['division_shortform']) . "', "
. "'" . $config['FAIRYEAR'] . "') ");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES (?,?,?,?)');
$stmt->execute([$_POST['id'],stripslashes($_POST['division']),stripslashes($_POST['division_shortform']),$config['FAIRYEAR']]);
// ###### Feature Specific - filtering divisions by category
if ($config['filterdivisionbycategory'] == 'yes') {
foreach ($_POST['divcat'] as $tempcat) {
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( '
. "'" . $tempcat . "', "
. "'" . $config['FAIRYEAR'] . "') ");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (?,?)');
$stmt->execute([$tempcat,$conference['id']]);
}
}
// #######
@ -114,10 +105,10 @@ if (get_value_from_array($_POST, 'action') == 'new') {
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
// ###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
// for this division exist they should be deleted
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id=? AND year=?");
$stmt->execute([$_GET['remove'], $config['FAIRYEAR']]);
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id=? AND year=?");
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
echo happy(i18n('Division successfully removed'));
}
@ -142,8 +133,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
echo '<input type="hidden" name="action" value="' . get_value_from_array($_GET, 'action') . "\">\n";
if (get_value_from_array($_GET, 'action') == 'edit') {
echo '<input type="hidden" name="saveid" value="' . get_value_from_array($_GET, 'edit') . "\">\n";
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE id='" . get_value_from_array($_GET, 'edit') . "' AND year='" . $config['FAIRYEAR'] . "'");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE id=? AND year=?");
$q->execute([get_value_from_array($_GET, 'edit'),$config['FAIRYEAR']]);
$divisionr = $q->fetch(PDO::FETCH_OBJ);
$buttontext = 'Save';
@ -158,12 +149,12 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
// ###### Feature Specific - filtering divisions by category
if ($config['filterdivisionbycategory'] == 'yes') {
echo ' <td>';
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY mingrade");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY mingrade");
$q->execute([$config['FAIRYEAR']]);
while ($categoryr = $q->fetch(PDO::FETCH_OBJ)) {
$query = 'SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=' . $divisionr->id . ' AND projectcategories_id=' . $categoryr->id . " AND year='" . $config['FAIRYEAR'] . "'";
$query = 'SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=? AND projectcategories_id=? AND year=?';
$t = $pdo->prepare($query);
$t->execute();
$t->execute([$divisionr->id,$categoryr->id,$config['FAIRYEAR']]);
if ($t && $t->rowCount() > 0)
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
else
@ -175,8 +166,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
echo ' <td><input type="submit" value="' . i18n($buttontext) . '" /></td>';
echo '</tr>';
} else {
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
$q->execute();
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
$q->execute([$config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
echo '<tr>';
echo " <td>$r->id</td>";
@ -186,11 +177,11 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
if ($config['filterdivisionbycategory'] == 'yes') {
$c = $pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories
WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
AND projectdivisions_id='$r->id'
AND projectcategoriesdivisions_link.year='" . $config['FAIRYEAR'] . "'
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
AND projectdivisions_id=?
AND projectcategoriesdivisions_link.year=?
AND projectcategories.year=?
ORDER BY projectcategories.mingrade");
$c->execute();
$c->execute([$r->id,$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if (!$c) {
$tempcat = '&nbsp;';

23
config/pagetexts.php
View File

@ -48,13 +48,14 @@
if ($q_current->rowCount() == 0) {
$q1 = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
".$pdo->quote($r->textname).",
".$pdo->quote($r->textdescription).",
".$pdo->quote($r->text).",
".$pdo->quote($config['FAIRYEAR']).",
".$pdo->quote($lang).")");
?,
?,
?,
?,
?)");
$q1->execute();
$q1->execute([$pdo->quote($r->textname),$pdo->quote($r->textdescription),$pdo->quote($r->text),
$pdo->quote($config['FAIRYEAR']),$pdo->quote($lang)]);
}
}
}
@ -69,12 +70,12 @@
$stmt = $pdo->prepare("UPDATE pagetext
SET
lastupdate=NOW(),
text=$text
text=?
WHERE
textname=".$pdo->quote($_POST['textname'])."
AND year='".$config['FAIRYEAR']."'
AND lang='$lang'");
$stmt->execute();
textname=?
AND year=?
AND lang=?");
$stmt->execute([$text,$pdo->quote($_POST['textname']),$config['FAIRYEAR'],$lang]);
}
echo happy(i18n("Page texts successfully saved"));

166
config/rollover.php
View File

@ -139,11 +139,11 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'" . $r->newdate . "',
'" . $r->name . "',
'" . $r->description . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?)");
$stmt->execute([$r->newdate,$r->name,$r->description,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -154,13 +154,13 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'" . $r->textname . "',
'" . $r->textdescription . "',
'" . $r->text . "',
'" . $r->lastupdate . "',
'" . $newfairyear . "',
'" . $r->lang . "')");
$stmt->execute();
?,
?,
?,
?,
?,
?)");
$stmt->execute([$r->textname,$r->textdescription,$r->text,$r->lastupdate,$newfairyear,$r->lang]);
show_pdo_errors_if_any($pdo);
}
@ -171,13 +171,13 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'" . $r->id . "',
'" . $r->category . "',
'" . $r->category_shortform . "',
'" . $r->mingrade . "',
'" . $r->maxgrade . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?,
?,
?)");
$stmt->execute([$r->id,$r->category,$r->category_shortform,$r->mingrade,$r->maxgrade,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -188,12 +188,12 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'" . $r->id . "',
'" . $r->division . "',
'" . $r->division_shortform . "',
'" . $r->cwsfdivisionid . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?,
?)");
$stmt->execute([$r->id,$r->division,$r->division_shortform,$r->cwsfdivisionid,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -204,10 +204,10 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'" . $r->projectdivisions_id . "',
'" . $r->projectcategories_id . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?)");
$stmt->execute([$r->projectdivisions_id,$r->projectcategories_id ,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -218,11 +218,11 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'" . $r->id . "',
'" . $r->projectsubdivisions_id . "',
'" . $r->subdivision . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?)");
$stmt->execute([$r->id,$r->projectsubdivisions_id,$r->subdivision,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -233,12 +233,12 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'" . $r->question . "',
'" . $r->type . "',
'" . $r->required . "',
'" . $r->ord . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?,
?");
$stmt->execute([$r->question,$r->type,$r->required ,$r->ord,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -270,11 +270,11 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'" . $r->id . "',
'" . $r->type . "',
'" . $r->order . "',
'" . $newfairyear . "')");
$stmt->execute();
?,
?,
?,
?)");
$stmt->execute([$r->id,$r->type,$r->order,$newfairyear]);
show_pdo_errors_if_any($pdo);
}
@ -288,28 +288,33 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'" . intval($r->sciencehead_uid) . "'");
$stmt = $pdo->prepare('INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
' . $pdo->quote($r->school) . ',
' . $pdo->quote($r->schoollang) . ',
' . $pdo->quote($r->schoollevel) . ',
' . $pdo->quote($r->board) . ',
' . $pdo->quote($r->district) . ',
' . $pdo->quote($r->phone) . ',
' . $pdo->quote($r->fax) . ',
' . $pdo->quote($r->address) . ',
' . $pdo->quote($r->city) . ',
' . $pdo->quote($r->province_code) . ',
' . $pdo->quote($r->postalcode) . ",$puid,
" . $pdo->quote($r->schoolemail) . ",$shuid,
" . $pdo->quote($r->accesscode) . ',
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,
?,?,
?,?,
?,
NULL,
' . $pdo->quote($r->junior) . ',
' . $pdo->quote($r->intermediate) . ',
' . $pdo->quote($r->senior) . ',
' . $pdo->quote($r->registration_password) . ',
' . $pdo->quote($r->projectlimit) . ',
' . $pdo->quote($r->projectlimitper) . ',
' . $newfairyear . ')');
$stmt->execute();
?,
?,
?,
?,
?,
?,
?)');
$stmt->execute([$pdo->quote($r->school),$pdo->quote($r->schoollang),$pdo->quote($r->schoollevel),
$pdo->quote($r->board),$pdo->quote($r->district),$pdo->quote($r->phone),$pdo->quote($r->fax),
$pdo->quote($r->address),$pdo->quote($r->city),$pdo->quote($r->province_code),$pdo->quote($r->postalcode),$puid,
$pdo->quote($r->schoolemail),$shuid,$pdo->quote($r->accesscode),$pdo->quote($r->junior),$pdo->quote($r->intermediate),
$pdo->quote($r->senior),$pdo->quote($r->registration_password),$pdo->quote($r->projectlimit),$pdo->quote($r->projectlimitper),
$newfairyear ]);
show_pdo_errors_if_any($pdo);
}
@ -320,14 +325,15 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'',
'$newfairyear',
" . $pdo->quote($r->section) . ',
' . $pdo->quote($r->db_heading) . ',
' . $pdo->quote($r->question) . ',
' . $pdo->quote($r->type) . ',
' . $pdo->quote($r->required) . ',
' . $pdo->quote($r->ord) . ')');
$stmt->execute();
?,
?,
?,
?,
?,
?,
?)");
$stmt->execute([$newfairyear,$pdo->quote($r->section),$pdo->quote($r->db_heading),$pdo->quote($r->question),
$pdo->quote($r->type),$pdo->quote($r->required),$pdo->quote($r->ord)]);
show_pdo_errors_if_any($pdo);
}
@ -347,9 +353,9 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear;
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
$stmt->execute();
VALUES (?,'0',?,DATE_ADD(?, INTERVAL ? YEAR),
?,?,?)");
$stmt->execute([$newfairyear,$r['type'],$r['date'],$d,$r['starttime'],$r['endtime'],$r['name']]);
show_pdo_errors_if_any($pdo);
$round_id = $pdo->lastInsertId();
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=?");
@ -357,9 +363,9 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
show_pdo_errors_if_any($pdo);
while ($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
VALUES (?,?,'timeslot',DATE_ADD(?, INTERVAL ? YEAR),
?,?)");
$stmt->execute([$newfairyear,$round_id,$rr['date'],$d,$rr['starttime'],$rr['endtime']]);
show_pdo_errors_if_any($pdo);
}
}

26
config/safetyquestions.php
View File

@ -36,12 +36,13 @@ if (get_value_from_array($_POST, 'action') == 'save' && get_value_from_array($_P
echo notice(i18n('Defaulting non-numeric order value %1 to 0', array($_POST['ord'])));
$stmt = $pdo->prepare("UPDATE safetyquestions SET
question='" . stripslashes($_POST['question']) . "',
`type`='" . stripslashes($_POST['type']) . "',
`required`='" . stripslashes($_POST['required']) . "',
ord='" . stripslashes($_POST['ord']) . "'
WHERE id='" . $_POST['save'] . "' AND year='" . $config['FAIRYEAR'] . "'");
$stmt->execute();
question=?,
`type`=?,
`required`=?,
ord=?
WHERE id=? AND year=?");
$stmt->execute([stripslashes($_POST['question']),stripslashes($_POST['type']),stripslashes($_POST['required']),
stripslashes($_POST['ord']),$_POST['save'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
echo happy(i18n('Safety question successfully saved'));
@ -52,13 +53,14 @@ if (get_value_from_array($_POST, 'action') == 'save' && get_value_from_array($_P
if (get_value_from_array($_POST, 'action') == 'new') {
if ($_POST['question']) {
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'" . stripslashes($_POST['question']) . "',
'" . stripslashes($_POST['type']) . "',
'" . stripslashes($_POST['required']) . "',
'" . stripslashes($_POST['ord']) . "',
'" . $config['FAIRYEAR'] . "'
?,
?,
?,
?,
?
)");
$stmt->execute();
$stmt->execute([stripslashes($_POST['question']),stripslashes($_POST['type']),stripslashes($_POST['required']),
stripslashes($_POST['ord']),$config['FAIRYEAR'] ]);
show_pdo_errors_if_any($pdo);
echo happy(i18n('Safety question successfully added'));

10
config/subdivisions.php
View File

@ -75,11 +75,11 @@ if (get_value_from_array($_POST, 'action') == 'new') {
echo error(i18n('Sub-Division ID %1 already exists', array($newid)));
} else {
$stmt = $pdo->prepare('INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( '
. "'$newid', "
. "'" . $_POST['projectdivisions_id'] . "', "
. "'" . stripslashes($_POST['subdivision']) . "', "
. "'" . $config['FAIRYEAR'] . "') ");
$stmt->execute();
. "?, "
. "?, "
. "?, "
. "?) ");
$stmt->execute([$newid,$_POST['projectdivisions_id'],stripslashes($_POST['subdivision']),$config['FAIRYEAR']]);
echo happy(i18n('Sub-Division successfully added'));
}
} else {

17
config/variables.php
View File

@ -32,14 +32,15 @@ $q = $pdo->prepare("SELECT * FROM config WHERE year='-1'");
$q->execute();
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$q = $pdo->prepare("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'" . $r->var . "',
'" . $r->val . "',
'" . $r->category . "',
'" . $r->type . "',
'" . $r->type_values . "',
'" . $r->ord . "',
'" . $r->description . "',
'" . $config['FAIRYEAR'] . "')");
?,
?,
?,
?,
?,
?,
?,
?)");
$q->execute([$r->var,$r->val,$r->category,$r->type,$r->type_values,$r->ord,$r->description,$config['FAIRYEAR']]);
}
// for the Special category

6
db/db.update.118.php
View File

@ -58,14 +58,14 @@ function db_update_118_post()
$password .= $available[rand(0, $availlen)];
// set passwordset to 0000-00-00 to force it to expire on next login
$sql = 'INSERT INTO users (`types`,`username`,`created`,`password`,`passwordset`,`' . implode('`,`', $userfields) . '`,`year`) VALUES (';
$sql .= "'sponsor','" . $username . "',NOW(),'$password','0000-00-00'";
$sql = 'INSERT INTO users (`types`,`username`,`created`,`password`,`passwordset`,`' . implode('`,`','?') . '`,`year`) VALUES (';
$sql .= "'sponsor',?,NOW(),?,'0000-00-00'";
foreach ($userfields AS $f) {
$sql .= ",'" . $r->$f . "'";
}
$sql .= ",'" . $r->year . "')";
$stmt = $pdo->prepare($sql);
$stmt->execute();
$stmt->execute([$userfields,$username,$password]);
show_pdo_errors_if_any($pdo);
$user_id = $pdo->lastInsertId();

42
db/db.update.62.php
View File

@ -48,19 +48,19 @@ function db_update_62_post()
(`types`,`firstname`,`lastname`,`username`,`password`,`passwordexpiry`,
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username',
'" . $c['password'] . "',
$passwordexpiry,
'{$c['email']}',
'{$c['phonehome']}',
'{$c['phonework']}',
'{$c['phonecell']}',
'{$c['fax']}',
'" . $c['organization'] . "',
VALUES ('committee',?,?,?,
?,
?,
?,
?,
?,
?,
?,
?,
NOW(),
'$deleted')";
?)";
$stmt = $pdo->prepare($q);
$stmt->execute();
$stmt->execute([$fn,$ln,$username,$c['password'],$passwordexpiry,$c['email'],$c['phonehome'],$c['phonework'],$c['phonecell'],$c['fax'],$c['organization'],$deleted]);
echo "$q\n";
$id = $pdo->lastInsertId();
@ -71,22 +71,22 @@ function db_update_62_post()
$q = "INSERT INTO users_committee(`users_id`,`emailprivate`,
`ord`,`displayemail`,`access_admin`,`access_config`,
`access_super`) VALUES (
'$id', '{$c['emailprivate']}',
'{$c['ord']}',
'$displayemail',
'$access_admin',
'$access_config',
'$access_super')";
?,?,
?,
?,
?,
?,
?)";
$stmt = $pdo->prepare($q);
$stmt->execute();
$stmt->execute([$id,$c['emailprivate'],$c['ord'],$displayemail,$access_admin,$access_config,$access_super]);
echo "$q\n";
show_pdo_errors_if_any($pdo);
/* Update committee links */
$q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'";
$q = "UPDATE committees_link SET users_id=?
WHERE committees_members_id=?";
$stmt = $pdo->prepare($q);
$stmt->execute();
$stmt->execute([$id,$c['id']]);
echo "$q\n";
}
}

16
questions.inc.php
View File

@ -194,14 +194,14 @@ function questions_save_new_question($qs, $year)
{
global $pdo;
$stmt = $pdo->prepare('INSERT INTO questions '
. '(question,type,section,db_heading,required,ord,year) VALUES ('
?,"
?,"
?,"
?,"
?,"
?,"
?")");
. '(question,type,section,db_heading,required,ord,year) VALUES (
?,
?,
?,
?,
?,
?,
?)');
$stmt->execute([$qs['question'],$qs['type'],$qs['section'],$qs['db_heading'],$qs['required'],$year]);
show_pdo_errors_if_any($pdo);
}

68
register_participants.php
View File

@ -33,14 +33,14 @@ $q = $pdo->query("SELECT (NOW()>'" . $config['dates']['regopen'] . "' AND NOW()<
$datecheck = $q->fetch(PDO::FETCH_OBJ);
if (get_value_from_array($_POST, 'action') == 'new') {
$q = $pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email=? AND num=? AND year=?");
$q->execute([$_SESSION['email'],$_POST['regnum'],$config['FAIRYEAR']]);
$q = $pdo->prepare('SELECT email,num,id,schools_id FROM registrations WHERE email=? AND num=? AND year=?');
$q->execute([$_SESSION['email'], $_POST['regnum'], $config['FAIRYEAR']]);
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number'] = $r->num;
$_SESSION['registration_id'] = $r->id;
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES (?,?,?,?)");
$stmt->execute([$r->id,$_SESSION['email'],$r->schools_id,$config['FAIRYEAR']]);
$stmt = $pdo->prepare('INSERT INTO students (registrations_id,email,schools_id,year) VALUES (?,?,?,?)');
$stmt->execute([$r->id, $_SESSION['email'], $r->schools_id, $config['FAIRYEAR']]);
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id=?");
$stmt->execute([$r->id]);
@ -56,13 +56,24 @@ if (get_value_from_array($_POST, 'action') == 'new') {
if (get_value_from_array($_POST, 'email'))
$_SESSION['email'] = stripslashes($_POST['email']);
$q = $pdo->prepare('SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . intval($_POST['regnum']) . "' "
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
$q = $pdo->prepare('SELECT
registrations.id AS regid,
registrations.num AS regnum,
students.id AS studentid,
students.firstname
FROM registrations
JOIN students ON students.registrations_id = registrations.id
WHERE students.email = ?
AND registrations.num = ?
AND registrations.year = ?
AND students.year = ?');
$q->execute([
$_SESSION['email'],
intval($_POST['regnum']),
$config['FAIRYEAR'],
$config['FAIRYEAR']
]);
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
@ -78,24 +89,24 @@ if (get_value_from_array($_POST, 'action') == 'new') {
}
} else if (get_value_from_array($_GET, 'action') == 'resend' && get_value_from_array($_SESSION, 'email')) {
// first see if the email matches directly from the registrations table
$q = $pdo->prepare("SELECT registrations.num FROM
$q = $pdo->prepare('SELECT registrations.num FROM
registrations
WHERE
registrations.email=?
AND registrations.year=?");
AND registrations.year=?');
$q->execute([$_SESSION['email'], $config['FAIRYEAR']]);
if ($q->rowCount())
$r = $q->fetch(PDO::FETCH_OBJ);
else {
// no match from registrations, so lets see if it matches from the students table
$q = $pdo->prepare("SELECT registrations.num FROM
$q = $pdo->prepare('SELECT registrations.num FROM
registrations,
students
WHERE
students.email=?
AND students.registrations_id=registrations.id
AND registrations.year=?");
$q->execute([$_SESSION['email'],$config['FAIRYEAR']]);
AND registrations.year=?');
$q->execute([$_SESSION['email'], $config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
}
@ -214,7 +225,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
} else if ($config['participant_registration_type'] == 'schoolpassword') {
$showschoolpasswordform = true;
if ($_POST['schoolpassword'] && $_POST['schoolid']) {
$q = $pdo->prepare("SELECT registration_password FROM schools WHERE id=? AND year=?");
$q = $pdo->prepare('SELECT registration_password FROM schools WHERE id=? AND year=?');
$q->execute([$_POST['schoolid'], $config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
@ -237,7 +248,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
echo '<input type="hidden" name="action" value="login">';
echo i18n('Email Address:') . ' ' . $_SESSION['email'] . '<br />';
echo i18n('School: ');
$q = $pdo->prepare("SELECT id,school FROM schools WHERE year=? ORDER BY school");
$q = $pdo->prepare('SELECT id,school FROM schools WHERE year=? ORDER BY school');
$q->execute([$config['FAIRYEAR']]);
echo '<select name="schoolid">';
echo '<option value="">' . i18n('Choose your school') . "</option>\n";
@ -283,7 +294,7 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
// random number between
// 100000 and 999999 (six digit integer)
$regnum = rand(100000, 999999);
$q = $pdo->prepare("SELECT * FROM registrations WHERE num=? AND year=?");
$q = $pdo->prepare('SELECT * FROM registrations WHERE num=? AND year=?');
$q->execute([$regnum, $config['FAIRYEAR']]);
} while ($q->rowCount() > 0);
@ -291,15 +302,16 @@ if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($
$schoolidquery = 'null';
// actually insert it
$stmt = $pdo->prepare('INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES ('
. "'$regnum',"
. "'" . $_SESSION['email'] . "',"
. 'NOW(),'
. "'new',"
. $schoolidquery . ','
. $config['FAIRYEAR']
. ')');
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO registrations (num, email, start, status, schools_id, year)
VALUES (?, ?, NOW(), ?, ?, ?)');
$stmt->execute([
$regnum,
$_SESSION['email'],
'new',
$schoolidquery, // Ensure $schoolidquery contains a valid integer
$config['FAIRYEAR']
]);
email_send('new_participant', $_SESSION['email'], array(), array('REGNUM' => $regnum, 'EMAIL' => $_SESSION['email']));

12
register_participants_main.php
View File

@ -41,13 +41,13 @@ if (!($_SESSION['registration_number'] && $_SESSION['registration_id'])) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {

58
register_participants_mentor.php
View File

@ -39,13 +39,13 @@ if (!($_SESSION['registration_number'] && $_SESSION['registration_id'])) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
@ -72,33 +72,37 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// only insert if we have a name
if ($_POST['lastname'][$x]) {
// INSERT new record
$stmt = $pdo->prepare('INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES ('
. "'" . $_SESSION['registration_id'] . "', "
. "'" . stripslashes($_POST['firstname'][$x]) . "', "
. "'" . stripslashes($_POST['lastname'][$x]) . "', "
. "'" . stripslashes($_POST['email'][$x]) . "', "
. "'" . stripslashes($_POST['phone'][$x]) . "', "
. "'" . stripslashes($_POST['organization'][$x]) . "', "
. "'" . stripslashes($_POST['position'][$x]) . "', "
. "'" . stripslashes($_POST['description'][$x]) . "', "
. "'" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (
?,
?,
?,
?,
?,
?,
?,
?,
?)');
$stmt->execute([$_SESSION['registration_id'],stripslashes($_POST['firstname'][$x]),stripslashes($_POST['lastname'][$x]),
stripslashes($_POST['email'][$x]),stripslashes($_POST['phone'][$x]),stripslashes($_POST['organization'][$x]),stripslashes($_POST['position'][$x]),
stripslashes($_POST['description'][$x]),$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
echo notice(i18n('%1 %2 successfully added', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
}
} else {
// UPDATE existing record
$stmt = $pdo->prepare('UPDATE mentors SET '
. "firstname='" . stripslashes($_POST['firstname'][$x]) . "', "
. "lastname='" . stripslashes($_POST['lastname'][$x]) . "', "
. "email='" . stripslashes($_POST['email'][$x]) . "', "
. "phone='" . stripslashes($_POST['phone'][$x]) . "', "
. "organization='" . stripslashes($_POST['organization'][$x]) . "', "
. "position='" . stripslashes($_POST['position'][$x]) . "', "
. "description='" . stripslashes($_POST['description'][$x]) . "' "
. "WHERE id='" . $_POST['id'][$x] . "'");
$stmt->execute();
$stmt = $pdo->prepare('UPDATE mentors SET
?,
?,
?,
?,
. "organization=?,"
. "position=?",
. "description=?"
. "WHERE id=?"');
$stmt->execute([stripslashes($_POST['firstname'][$x]),stripslashes($_POST['lastname'][$x]),stripslashes($_POST['email'][$x]),
stripslashes($_POST['phone'][$x]),stripslashes($_POST['organization'][$x]),stripslashes($_POST['position'][$x]),
stripslashes($_POST['description'][$x]),$_POST['id'][$x]]);
echo notice(i18n('%1 %2 successfully updated', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
}
$x++;

43
register_participants_project.php
View File

@ -43,13 +43,13 @@ if (!$_SESSION['registration_number']) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
@ -105,20 +105,23 @@ if (get_value_from_array($_POST, 'action') == 'save') {
$shorttitle = stripslashes($_POST['shorttitle']);
$stmt = $pdo->prepare('UPDATE projects SET '
. "title='" . $title . "', "
. "shorttitle='" . $shorttitle . "', "
. "projectdivisions_id='" . intval($_POST['projectdivisions_id']) . "', "
. "projecttype='" . stripslashes($_POST['projecttype']) . "', "
. "language='" . stripslashes($_POST['language']) . "', "
. "req_table='" . stripslashes($_POST['req_table']) . "', "
. "req_electricity='" . stripslashes($_POST['req_electricity']) . "', "
. "req_special='" . stripslashes($_POST['req_special']) . "', "
. "human_participants='" . stripslashes($_POST['human_participants']) . "', "
. "animal_participants='" . stripslashes($_POST['animal_participants']) . "', "
. "summary='" . stripslashes($_POST['summary']) . "', "
. "summarycountok='$summarycountok'"
. "WHERE id='" . $_POST['id'] . "'");
$stmt->execute();
. "title=?, "
. "shorttitle=?, "
. "projectdivisions_id=?, "
. "projecttype=?, "
. "language=?, "
. "req_table=?, "
. "req_electricity=?, "
. "req_special=?, "
. "human_participants=?, "
. "animal_participants=?, "
. "summary=?, "
. "summarycountok=?"
. "WHERE id=?");
$stmt->execute([$title,$shorttitle,intval($_POST['projectdivisions_id']),stripslashes($_POST['projecttype']),
stripslashes($_POST['language']),stripslashes($_POST['req_table']),stripslashes($_POST['req_electricity']),
stripslashes($_POST['req_special']),stripslashes($_POST['human_participants']),stripslashes($_POST['animal_participants']),
stripslashes($_POST['summary']),$summarycountok,$_POST['id']]);
show_pdo_errors_if_any($pdo);
echo notice(i18n('Project information successfully updated'));
} else {

12
register_participants_project_divisionselector.php
View File

@ -39,13 +39,13 @@ if (!$_SESSION['registration_number']) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {

12
register_participants_safety.php
View File

@ -40,13 +40,13 @@ if (!$_SESSION['registration_number']) {
global $pdo;
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. "WHERE students.email=?"
. "AND registrations.num=?"
. "AND registrations.id=?"
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
. 'AND registrations.year=?'
. 'AND students.year=?');
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {

38
register_participants_signature.php
View File

@ -45,17 +45,25 @@ if ($_GET['sample']) {
exit;
}
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q = $pdo->prepare('SELECT
registrations.id AS regid,
students.id AS studentid,
students.firstname
FROM registrations
JOIN students ON students.registrations_id = registrations.id
WHERE students.email = ?
AND registrations.num = ?
AND registrations.id = ?
AND registrations.year = ?
AND students.year = ?');
$registration_number = $_SESSION['registration_number'];
$registration_id = $_SESSION['registration_id'];
$q->execute();
$q->execute([
$_SESSION['email'],
$_SESSION['registration_number'],
$_SESSION['registration_id'],
$config['FAIRYEAR'],
$config['FAIRYEAR']
]);
show_pdo_errors_if_any($pdo);
@ -100,7 +108,7 @@ if ($_GET['sample']) {
$rr->school = 'SampleSchool';
} else {
// grab the project info
$q = $pdo->prepare("SELECT projects.*,
$q = $pdo->prepare('SELECT projects.*,
projectcategories.category,
projectdivisions.division
FROM projects
@ -110,11 +118,11 @@ if ($_GET['sample']) {
AND projects.year=?
AND projectdivisions.year=?
AND projectcategories.year=?
");
$q->execute([$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR'], $config['FAIRYEAR'], $config['FAIRYEAR']]);
$projectinfo = $q->fetch(PDO::FETCH_OBJ);
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?");
$q = $pdo->prepare('SELECT * FROM students WHERE registrations_id=? AND year=?');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
while ($si = $q->fetch(PDO::FETCH_OBJ))
$studentinfoarray[] = $si;
@ -136,7 +144,7 @@ $pdf->addTextX("Exhibitor$plural: ", 0.75);
foreach ($studentinfoarray AS $studentinfo) {
if (!$_GET['sample']) {
$qq = $pdo->prepare("SELECT school FROM schools WHERE id=?");
$qq = $pdo->prepare('SELECT school FROM schools WHERE id=?');
$qq->execute([$studentinfo->schools_id]);
$rr = $qq->fetch(PDO::FETCH_OBJ);
}

15
register_participants_signature_tcpdf.php
View File

@ -45,15 +45,16 @@ if (get_value_from_array($_GET, 'sample')) {
$q = $pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
\t \t\t\tFROM registrations,students
\t \t\tWHERE students.email='{$_SESSION['email']}'
AND registrations.num='{$_SESSION['registration_number']}'
AND registrations.id='{$_SESSION['registration_id']}'
\t \t\tWHERE students.email=?
AND registrations.num=?
AND registrations.id=?
AND students.registrations_id=registrations.id
AND registrations.year={$config['FAIRYEAR']}
AND students.year={$config['FAIRYEAR']}");
$registration_number = $_SESSION['registration_number'];
AND registrations.year=?
AND students.year=?");
'?=?' ;
$registration_id = $_SESSION['registration_id'];
$q->execute();
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],
$config['FAIRYEAR'],$registration_number,$_SESSION['registration_number']]);
show_pdo_errors_if_any($pdo);

10
register_participants_spawards.php
View File

@ -127,11 +127,11 @@ if ($_POST['action'] == 'save') {
$stmt->execute([$project->id, $config['FAIRYEAR']]);
foreach ($splist AS $spaward) {
$s = ($spaward == -1) ? 'NULL' : "'$spaward'";
$stmt = $pdo->prepare('INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES ('
. "$s, "
. "'$project->id', "
. "'" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (
?,
?,
?)');
$stmt->execute([$s,$project->id,$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
}
if ($num) {

177
register_participants_students.php
View File

@ -41,14 +41,26 @@ if (!($_SESSION['registration_number'] && $_SESSION['registration_id'])) {
}
$fairyear = intval($config['FAIRYEAR']);
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $fairyear . ' '
. 'AND students.year=' . $fairyear);
$q->execute();
$q = $pdo->prepare('SELECT
registrations.id AS regid,
students.id AS studentid,
students.firstname
FROM registrations
JOIN students ON students.registrations_id = registrations.id
WHERE students.email = ?
AND registrations.num = ?
AND registrations.id = ?
AND registrations.year = ?
AND students.year = ?');
$q->execute([
$_SESSION['email'],
$_SESSION['registration_number'],
$_SESSION['registration_id'],
$fairyear,
$fairyear
]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
@ -82,7 +94,7 @@ if (get_value_from_array($_POST, 'action') == 'save') {
if ($students_id == 0) {
// if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
if ($config['participant_registration_type'] == 'schoolpassword' || $config['participant_registration_type'] == 'invite') {
$q = $pdo->prepare("SELECT schools_id FROM registrations WHERE id=? AND YEAR=?");
$q = $pdo->prepare('SELECT schools_id FROM registrations WHERE id=? AND YEAR=?');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
$r = $q->fetch(PDO::FETCH_OBJ);
$schools_id = $r->schools_id;
@ -93,28 +105,38 @@ if (get_value_from_array($_POST, 'action') == 'save') {
}
// INSERT new record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES ('
. "'" . $_SESSION['registration_id'] . "', "
. "'" . stripslashes($_POST['firstname'][$x]) . "', "
. "'" . stripslashes($_POST['lastname'][$x]) . "', "
. "'" . stripslashes($_POST['pronunciation'][$x]) . "', "
. "'" . stripslashes($_POST['sex'][$x]) . "', "
. "'" . stripslashes($_POST['email'][$x]) . "', "
. "'" . stripslashes($_POST['address'][$x]) . "', "
. "'" . stripslashes($_POST['city'][$x]) . "', "
. "'" . stripslashes($_POST['county'][$x]) . "', "
. "'" . stripslashes($_POST['province'][$x]) . "', "
. "'" . stripslashes($_POST['postalcode'][$x]) . "', "
. "'" . stripslashes($_POST['phone'][$x]) . "', "
. "'$dob', "
. "'" . stripslashes($_POST['grade'][$x]) . "', "
. $schoolvalue
. "'" . stripslashes($_POST['tshirt'][$x]) . "', "
. "'" . stripslashes($_POST['medicalalert'][$x]) . "', "
. "'" . stripslashes($_POST['foodreq'][$x]) . "', "
. "'" . stripslashes($_POST['teachername'][$x]) . "', "
. "'" . stripslashes($_POST['teacheremail'][$x]) . "', "
. "'" . $config['FAIRYEAR'] . "')");
$stmt = $pdo->prepare('INSERT INTO students
(registrations_id, firstname, lastname, pronunciation, sex, email, address, city, county, province,
postalcode, phone, dateofbirth, grade, schools_id, tshirt, medicalalert, foodreq,
teachername, teacheremail, year)
VALUES ('
. '?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '
. '?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->execute([
$_SESSION['registration_id'],
stripslashes($_POST['firstname'][$x]),
stripslashes($_POST['lastname'][$x]),
stripslashes($_POST['pronunciation'][$x]),
stripslashes($_POST['sex'][$x]),
stripslashes($_POST['email'][$x]),
stripslashes($_POST['address'][$x]),
stripslashes($_POST['city'][$x]),
stripslashes($_POST['county'][$x]),
stripslashes($_POST['province'][$x]),
stripslashes($_POST['postalcode'][$x]),
stripslashes($_POST['phone'][$x]),
$dob,
stripslashes($_POST['grade'][$x]),
$schoolvalue,
stripslashes($_POST['tshirt'][$x]),
stripslashes($_POST['medicalalert'][$x]),
stripslashes($_POST['foodreq'][$x]),
stripslashes($_POST['teachername'][$x]),
stripslashes($_POST['teacheremail'][$x]),
$config['FAIRYEAR']
]);
$students_id = $pdo->lastInsertId();
echo notice(i18n('%1 %2 successfully added', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
@ -129,38 +151,61 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// UPDATE existing record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('UPDATE students SET '
. "firstname='" . stripslashes($_POST['firstname'][$x]) . "', "
. "lastname='" . stripslashes($_POST['lastname'][$x]) . "', "
. "pronunciation='" . stripslashes($_POST['pronunciation'][$x]) . "', "
. "sex='" . stripslashes($_POST['sex'][$x]) . "', "
. "email='" . stripslashes($_POST['email'][$x]) . "', "
. "address='" . stripslashes($_POST['address'][$x]) . "', "
. "city='" . stripslashes($_POST['city'][$x]) . "', "
. "county='" . stripslashes($_POST['county'][$x]) . "', "
. "province='" . stripslashes($_POST['province'][$x]) . "', "
. "postalcode='" . stripslashes($_POST['postalcode'][$x]) . "', "
. "phone='" . stripslashes($_POST['phone'][$x]) . "', "
. "dateofbirth='$dob', "
. "grade='" . stripslashes($_POST['grade'][$x]) . "', "
. 'firstname = ?, '
. 'lastname = ?, '
. 'pronunciation = ?, '
. 'sex = ?, '
. 'email = ?, '
. 'address = ?, '
. 'city = ?, '
. 'county = ?, '
. 'province = ?, '
. 'postalcode = ?, '
. 'phone = ?, '
. 'dateofbirth = ?, '
. 'grade = ?, '
. $schoolquery
. "medicalalert='" . stripslashes($_POST['medicalalert'][$x]) . "', "
. "foodreq='" . stripslashes($_POST['foodreq'][$x]) . "', "
. "teachername='" . stripslashes($_POST['teachername'][$x]) . "', "
. "teacheremail='" . stripslashes($_POST['teacheremail'][$x]) . "', "
. "tshirt='" . stripslashes($_POST['tshirt'][$x]) . "' "
. "WHERE id='$students_id'");
. 'medicalalert = ?, '
. 'foodreq = ?, '
. 'teachername = ?, '
. 'teacheremail = ?, '
. 'tshirt = ? '
. 'WHERE id = ?');
$stmt->execute([
stripslashes($_POST['firstname'][$x]),
stripslashes($_POST['lastname'][$x]),
stripslashes($_POST['pronunciation'][$x]),
stripslashes($_POST['sex'][$x]),
stripslashes($_POST['email'][$x]),
stripslashes($_POST['address'][$x]),
stripslashes($_POST['city'][$x]),
stripslashes($_POST['county'][$x]),
stripslashes($_POST['province'][$x]),
stripslashes($_POST['postalcode'][$x]),
stripslashes($_POST['phone'][$x]),
$dob,
stripslashes($_POST['grade'][$x]),
stripslashes($_POST['medicalalert'][$x]),
stripslashes($_POST['foodreq'][$x]),
stripslashes($_POST['teachername'][$x]),
stripslashes($_POST['teacheremail'][$x]),
stripslashes($_POST['tshirt'][$x]),
$students_id
]);
echo notice(i18n('%1 %2 successfully updated', array($_POST['firstname'][$x], $_POST['lastname'][$x])));
}
/* Update the regfee items link */
if ($config['participant_regfee_items_enable'] == 'yes') {
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id=?");
$stmt = $pdo->prepare('DELETE FROM regfee_items_link WHERE students_id=?');
$stmt->execute([$students_id]);
if (is_array($_POST['regfee_item'][$x])) {
foreach ($_POST['regfee_item'][$x] as $id => $enabled) {
$stmt = $pdo->prepare("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
VALUES (?,?) ");
$stmt->execute([$students_id,$id]);
$stmt = $pdo->prepare('INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
VALUES (?,?) ');
$stmt->execute([$students_id, $id]);
}
}
}
@ -175,20 +220,20 @@ if (get_value_from_array($_GET, 'action') == 'removestudent') {
} else {
$students_id = intval($_GET['removestudent']);
// first make sure this is one belonging to this registration id
$q = $pdo->prepare("SELECT id FROM students WHERE id=? AND registrations_id=/");
$q = $pdo->prepare('SELECT id FROM students WHERE id=? AND registrations_id=/');
$q->execute([$students_id, $_SESSION['registration_id']]);
if ($q->rowCount() == 1) {
$stmt = $pdo->prepare("DELETE FROM students WHERE id=? AND registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM students WHERE id=? AND registrations_id=?');
$stmt->execute([$students_id, $_SESSION['registration_id']]);
// now see if they have an emergency contact that also needs to be removed
$q = $pdo->prepare("SELECT id FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$q = $pdo->prepare('SELECT id FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?');
$q->execute([$students_id, $_SESSION['registration_id'], $config['FAIRYEAR']]);
// no need to error message if this doesnt exist
if ($q->rowCount() == 1)
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?");
$stmt = $pdo->prepare('DELETE FROM emergencycontact WHERE students_id=? AND registrations_id=? AND year=?');
$stmt->execute([$students_id, $_SESSION['registration_id'], $config['FAIRYEAR']]);
$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id=?");
$stmt = $pdo->prepare('DELETE FROM regfee_items_link WHERE students_id=?');
$stmt->execute([$students_id]);
echo notice(i18n('Student successfully removed'));
} else {
@ -207,14 +252,14 @@ if ($newstatus != 'complete') {
// now query and display
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?");
$q = $pdo->prepare('SELECT * FROM students WHERE registrations_id=? AND year=?');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
if ($q->rowCount() == 0) {
// uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
// although... this can never really happen, since the above queries only allow the page to view if the student
// is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES (?,?,?)");
$stmt->execute([$_SESSION['registration_id'], $_SESSION['email'],$config['FAIRYEAR']]);
$stmt = $pdo->prepare('INSERT INTO students (registrations_id,email,year) VALUES (?,?,?)');
$stmt->execute([$_SESSION['registration_id'], $_SESSION['email'], $config['FAIRYEAR']]);
// if we just inserted it, then we will obviously find 1
$numfound = 1;
} else {
@ -437,7 +482,7 @@ for ($x = 1; $x <= $numtoshow; $x++) {
echo "<tr>\n";
echo ' <td>' . i18n('School') . '</td><td colspan="3">';
if ($config['participant_registration_type'] == 'open' || $config['participant_registration_type'] == 'singlepassword' || $config['participant_registration_type'] == 'openorinvite' || ($studentinfo && !$studentinfo->schools_id)) {
$schoolq = $pdo->prepare("SELECT id,school,city FROM schools WHERE year=? ORDER by city,school");
$schoolq = $pdo->prepare('SELECT id,school,city FROM schools WHERE year=? ORDER by city,school');
$schoolq->execute([$config['FAIRYEAR']]);
echo "<select name=\"schools_id[$x]\">\n";
echo '<option value="">' . i18n('Choose School') . "</option>\n";
@ -450,7 +495,7 @@ for ($x = 1; $x <= $numtoshow; $x++) {
}
echo '</select>' . REQUIREDFIELD;
} else {
$schoolq = $pdo->prepare("SELECT id,school FROM schools WHERE year=? AND id=?");
$schoolq = $pdo->prepare('SELECT id,school FROM schools WHERE year=? AND id=?');
$schoolq->execute([$config['FAIRYEAR'], $studentinfo->schools_id]);
$r = $schoolq->fetch(PDO::FETCH_OBJ);
echo $r->school;
@ -465,8 +510,8 @@ for ($x = 1; $x <= $numtoshow; $x++) {
echo "</tr>\n";
if ($config['participant_regfee_items_enable'] == 'yes') {
$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
WHERE students_id=?");
$sel_q = $pdo->prepare('SELECT * FROM regfee_items_link
WHERE students_id=?');
$sel_q->execute([$id]);
$sel = array();
while ($info_q = $sel_q->fetch(PDO::FETCH_ASSOC)) {

56
register_participants_tours.php
View File

@ -38,14 +38,23 @@ if (!$_SESSION['registration_number']) {
exit;
}
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students '
. "WHERE students.email='" . $_SESSION['email'] . "' "
. "AND registrations.num='" . $_SESSION['registration_number'] . "' "
. "AND registrations.id='" . $_SESSION['registration_id'] . "' "
. 'AND students.registrations_id=registrations.id '
. 'AND registrations.year=' . $config['FAIRYEAR'] . ' '
. 'AND students.year=' . $config['FAIRYEAR']);
$q->execute();
$q = $pdo->prepare('SELECT registrations.id AS regid, students.id AS studentid, students.firstname
FROM registrations
JOIN students ON students.registrations_id = registrations.id
WHERE students.email = ?
AND registrations.num = ?
AND registrations.id = ?
AND registrations.year = ?
AND students.year = ?');
$q->execute([
$_SESSION['email'],
$_SESSION['registration_number'],
$_SESSION['registration_id'],
$config['FAIRYEAR'],
$config['FAIRYEAR']
]);
show_pdo_errors_if_any($pdo);
if ($q->rowCount() == 0) {
@ -74,7 +83,7 @@ if ($_POST['action'] == 'save') {
WHERE registrations_id=?
AND year=?
AND rank!='0'");
$stmt->execute([$_SESSION['registration_id'],$config['FAIRYEAR']]);
$stmt->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
if (is_array($_POST['toursel'])) {
foreach ($_POST['toursel'] AS $students_id => $ts) {
$selarray = array();
@ -94,13 +103,18 @@ if ($_POST['action'] == 'save') {
/* Remember this choice in a format that is easily searchable */
$selarray[] = $x;
$stmt = $pdo->prepare('INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES ('
. "'" . $_SESSION['registration_id'] . "', "
. "'" . intval($students_id) . "', "
. "'" . intval($tid) . "', "
. "'" . $config['FAIRYEAR'] . "', "
. "'$rank')");
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO tours_choice
(registrations_id, students_id, tour_id, year, rank)
VALUES (?, ?, ?, ?, ?)');
$stmt->execute([
$_SESSION['registration_id'],
intval($students_id),
intval($tid),
$config['FAIRYEAR'],
$rank
]);
show_pdo_errors_if_any($pdo);
}
}
@ -131,8 +145,8 @@ if ($newstatus != 'complete') {
}
$assigned_tour = array();
$q = $pdo->prepare("SELECT * FROM tours_choice WHERE registrations_id=? AND year=?");
$q->execute([$_SESSION['registration_id'],$config['FAIRYEAR']]);
$q = $pdo->prepare('SELECT * FROM tours_choice WHERE registrations_id=? AND year=?');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
if ($r->rank == 0)
$assigned_tour[$r->students_id] = $r->tour_id;
@ -140,7 +154,7 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
}
$tours = array();
$q = $pdo->prepare("SELECT * FROM tours WHERE year=? ORDER BY id");
$q = $pdo->prepare('SELECT * FROM tours WHERE year=? ORDER BY id');
$q->execute([$config['FAIRYEAR']]);
if ($q->rowCount() == 0) {
echo notice(i18n('There is not tour information'));
@ -163,8 +177,8 @@ $max = $config['tours_choices_max'];
echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q = $pdo->prepare("SELECT * FROM students WHERE registrations_id=? AND year=?");
$q->execute([$_SESSION['registration_id'],$config['FAIRYEAR']]);
$q = $pdo->prepare('SELECT * FROM students WHERE registrations_id=? AND year=?');
$q->execute([$_SESSION['registration_id'], $config['FAIRYEAR']]);
$num_found = $q->rowCount();
$print_submit = false;

15
remote.php
View File

@ -274,8 +274,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
} while ($q->rowCount() > 0);
// actually insert it
$stmt = $pdo->prepare('INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES ('
?,?,NOW(),'open',NULL,?')');
$stmt = $pdo->prepare('INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (
?,?,NOW(),open,NULL,?)');
$stmt->execute([$regnum,$regnum,$year]);
$registrations_id = $pdo->lastInsertId();
/* We'll fill in the email address later */
@ -295,12 +295,13 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
$registration = $q->fetch(PDO::FETCH_ASSOC);
/* Update the project in case anythign changed */
$stmt = $pdo->prepare("UPDATE projects SET title='" . $project['title'] . "',
$stmt = $pdo->prepare("UPDATE projects SET title=?,
summary='" . $project['abstract'] . "',
projectcategories_id='" . intval($project['projectcategories_id']) . "',
projectdivisions_id='" . intval($project['projectdivisions_id']) . "'
WHERE id='$pid'");
$stmt->execute();
projectcategories_id=?,
projectdivisions_id=?
WHERE id=?");
$stmt->execute([$project['title'],intval($project['projectcategories_id']),
intval($project['projectdivisions_id']),$pid]);
/* Record the winner */
$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)

76
schoolinvite.php
View File

@ -8,7 +8,7 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
echo '<a href="schoolaccess.php">&lt;&lt; ' . i18n('Return to school access main page') . '</a><br />';
echo '<br />';
$q = $pdo->prepare("SELECT * FROM schools WHERE id=? AND accesscode=? AND year=?");
$q = $pdo->prepare('SELECT * FROM schools WHERE id=? AND accesscode=? AND year=?');
$q->execute([$_SESSION['schoolid'], $_SESSION['schoolaccesscode'], $config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$school = $q->fetch(PDO::FETCH_OBJ);
@ -17,7 +17,7 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
if ($_POST['action'] == 'invite') {
if ($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade']) {
// make sure they arent already invited!
$q = $pdo->prepare("SELECT firstname, lastname FROM students WHERE year=? AND email=?");
$q = $pdo->prepare('SELECT firstname, lastname FROM students WHERE year=? AND email=?');
$q->execute([$config['FAIRYEAR'], $_POST['email']]);
if ($q->rowCount()) {
echo error(i18n('That students email address has already been invited'));
@ -28,31 +28,37 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
// random number between
// 100000 and 999999 (six digit integer)
$regnum = rand(100000, 999999);
$q = $pdo->prepare("SELECT * FROM registrations WHERE num? AND year=?");
$q = $pdo->prepare('SELECT * FROM registrations WHERE num? AND year=?');
$q->execute([$regnum, $config['FAIRYEAR']]);
} while ($q->rowCount() > 0);
// actually insert it
$stmt = $pdo->prepare('INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES ('
. "'$regnum',"
. "'" . $_POST['email'] . "',"
. "'" . $_POST['emailcontact'] . "',"
. 'NOW(),'
. "'open',"
. $config['FAIRYEAR']
. ')');
$stmt->execute();
$stmt = $pdo->prepare('INSERT INTO registrations (num, email, emailcontact, start, status, year)
VALUES (?, ?, ?, NOW(), ?, ?)');
$stmt->execute([
$regnum,
$_POST['email'],
$_POST['emailcontact'],
'open',
$config['FAIRYEAR']
]);
$regid = $pdo->lastInsertId();
$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
'$regid',
'" . $_POST['email'] . "',
'" . $_POST['firstname'] . "',
'" . $_POST['lastname'] . "',
'" . $_SESSION['schoolid'] . "',
'" . $_POST['grade'] . "',
'" . $config['FAIRYEAR'] . "')");
$stmt->execute();
$stmt = $pdo->prepare("INSERT INTO students (registrations_id, email, firstname, lastname, schools_id, grade, year)
VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([
$regid,
$_POST['email'],
$_POST['firstname'],
$_POST['lastname'],
$_SESSION['schoolid'],
$_POST['grade'],
$config['FAIRYEAR']
]);
email_send('new_participant', $_POST['email'], array(), array('REGNUM' => $regnum, 'EMAIL' => $_POST['email']));
if ($_POST['emailcontact'])
@ -65,24 +71,24 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
if ($_GET['action'] == 'uninvite') {
// first, make sure that this is really their student, and it sfor this year.
$q = $pdo->prepare("SELECT * FROM students WHERE id=? AND year=? AND schools_id=?");
$q = $pdo->prepare('SELECT * FROM students WHERE id=? AND year=? AND schools_id=?');
$q->execute([$_GET['uninvite'], $config['FAIRYEAR'], $_SESSION['schoolid']]);
if ($q->rowCount()) {
$r = $q->fetch(PDO::FETCH_OBJ);
$registrations_id = $r->registrations_id;
if ($registrations_id) // just to be safe!
{
$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM students WHERE registrations_id=?');
$stmt->execute([$registrations_id]);
$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM projects WHERE registrations_id=?');
$stmt->execute([$registrations_id]);
$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM mentors WHERE registrations_id=?');
$stmt->execute([$registrations_id]);
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM safety WHERE registrations_id=?');
$stmt->execute([$registrations_id]);
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id=?");
$stmt = $pdo->prepare('DELETE FROM emergencycontact WHERE registrations_id=?');
$stmt->execute([$registrations_id]);
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id=?");
$stmt = $pdo->prepare('DELETE FROM registrations WHERE id=?');
$stmt->execute([$registrations_id]);
echo happy(i18n('Student successfully uninvited'));
@ -91,8 +97,8 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
echo error(i18n('Invalid student to uninvite'));
}
$q = $pdo->prepare("SELECT (NOW()>? AND NOW()<?) AS datecheck");
$q->execute([$config['dates']['regopen'],$config['dates']['regclose']]);
$q = $pdo->prepare('SELECT (NOW()>? AND NOW()<?) AS datecheck');
$q->execute([$config['dates']['regopen'], $config['dates']['regclose']]);
$datecheck = $q->fetch(PDO::FETCH_OBJ);
$q = $pdo->prepare("SELECT \t
@ -110,7 +116,7 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
ORDER BY
lastname,
firstname");
$q->execute([$school->id,$config['FAIRYEAR']]);
$q->execute([$school->id, $config['FAIRYEAR']]);
$currentinvited = $q->rowCount();
if ($datecheck != 0) {
@ -135,10 +141,10 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
}
} else if ($school->projectlimitper == 'agecategory') {
echo '<br />';
$catq = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
$catq = $pdo->prepare('SELECT * FROM projectcategories WHERE year=? ORDER BY id');
$catq->execute([$config['FAIRYEAR']]);
while ($catr = $catq->fetch(PDO::FETCH_OBJ)) {
$q2 = $pdo->prepare("SELECT COUNT(students.id) AS num
$q2 = $pdo->prepare('SELECT COUNT(students.id) AS num
FROM
students,
registrations
@ -149,8 +155,8 @@ if ($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
AND students.year=?
AND students.registrations_id=registrations.id
GROUP BY registrations.num
");
$q2->execute([$school->id,$catr->mingrade,$catr->maxgrade,$config['FAIRYEAR']]);
');
$q2->execute([$school->id, $catr->mingrade, $catr->maxgrade, $config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo);
$r2 = $q2->fetch(PDO::FETCH_OBJ);
$currentinvited = $r2->num;