forked from science-ation/science-ation
use prepare statements for these 2 files under the admin folder (award files) where possible
This commit is contained in:
Muad Sakah
parent
843aa38ce6
commit
ae40c90d07
@ -133,7 +133,7 @@ switch ($_GET['action']) {
|
|||||||
$q->bindParam(':c', $c, PDO::PARAM_INT);
|
$q->bindParam(':c', $c, PDO::PARAM_INT);
|
||||||
$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);
|
$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);
|
||||||
|
|
||||||
$q->execute([]);
|
$q->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
// wipe out any old award-divisions links
|
// wipe out any old award-divisions links
|
||||||
@ -376,7 +376,7 @@ switch ($_GET['action']) {
|
|||||||
external_register_winners=?,
|
external_register_winners=?,
|
||||||
per_fair=?
|
per_fair=?
|
||||||
WHERE id=?");
|
WHERE id=?");
|
||||||
$q->execute([$ident, $mat,$w],$per_fair,$id);
|
$q->execute([[$ident, $mat,$w],$per_fair,$id]);
|
||||||
|
|
||||||
happy_('Feeder Fair information saved');
|
happy_('Feeder Fair information saved');
|
||||||
exit;
|
exit;
|
||||||
@ -1111,13 +1111,13 @@ LEFT JOIN sponsors ON sponsors.id = award_awards.sponsors_id
|
|||||||
LEFT JOIN award_types ON award_types.id = award_awards.award_types_id
|
LEFT JOIN award_types ON award_types.id = award_awards.award_types_id
|
||||||
WHERE
|
WHERE
|
||||||
award_awards.year=?
|
award_awards.year=?
|
||||||
?
|
$where_asi
|
||||||
?
|
$where_ati
|
||||||
AND \taward_types.year=?
|
AND \taward_types.year=?
|
||||||
?
|
$orderby
|
||||||
");
|
");
|
||||||
|
|
||||||
$q->execute([$config['FAIRYEAR'],$where_asi,$where_ati,$config['FAIRYEAR'],$orderby]);
|
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||||
|
|
||||||
show_pdo_errors_if_any($pdo);
|
show_pdo_errors_if_any($pdo);
|
||||||
|
|
||||||
|
|||||||
@ -150,7 +150,7 @@ switch (get_value_from_array($_GET, 'action')) {
|
|||||||
$sponsor_id = $sponsorr->id;
|
$sponsor_id = $sponsorr->id;
|
||||||
} else {
|
} else {
|
||||||
$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes)
|
$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes)
|
||||||
VALUES (?,?,'" . "Imported from external source: ?" . "')");
|
VALUES (?,?, Imported from external source: ?)");
|
||||||
$q->execute([$sponsor_str,$year,$r->name]);
|
$q->execute([$sponsor_str,$year,$r->name]);
|
||||||
show_pdo_errors_if_any($pdo);
|
show_pdo_errors_if_any($pdo);
|
||||||
$sponsor_id = $pdo->lastInsertId();
|
$sponsor_id = $pdo->lastInsertId();
|
||||||
@ -231,17 +231,17 @@ switch (get_value_from_array($_GET, 'action')) {
|
|||||||
$prize['identifier'] = $prize['prize_en'];
|
$prize['identifier'] = $prize['prize_en'];
|
||||||
|
|
||||||
$q = $pdo->prepare("UPDATE award_prizes SET
|
$q = $pdo->prepare("UPDATE award_prizes SET
|
||||||
cash = ?,
|
cash =?,
|
||||||
scholarship = ?,
|
scholarship =?,
|
||||||
value = ?,
|
value =?,
|
||||||
prize = ?,
|
prize =?,
|
||||||
number = ?,
|
number =?,
|
||||||
`order` = ?,
|
`order` =?,
|
||||||
external_identifier = ?,
|
external_identifier =?,
|
||||||
trophystudentkeeper = ?,
|
trophystudentkeeper =?,
|
||||||
trophystudentreturn = ?,
|
trophystudentreturn =?,
|
||||||
trophyschoolkeeper = ?,
|
trophyschoolkeeper =?,
|
||||||
trophyschoolreturn = ?
|
trophyschoolreturn =?
|
||||||
WHERE id = ?");
|
WHERE id = ?");
|
||||||
|
|
||||||
$q->execute([
|
$q->execute([
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user