use prepare statements for these 2 files under the admin folder (award files) where possible

admin/award_awards.php

@@ -133,7 +133,7 @@ switch ($_GET['action']) {
 			$q->bindParam(':c', $c, PDO::PARAM_INT);
 			$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);
 
-			$q->execute([]);
+			$q->execute();
 		}
 
 		// wipe out any old award-divisions links
@@ -376,7 +376,7 @@ switch ($_GET['action']) {
 							external_register_winners=?,
 							per_fair=?
 						WHERE id=?");
-		$q->execute([$ident, $mat,$w],$per_fair,$id);
+		$q->execute([[$ident, $mat,$w],$per_fair,$id]);
 
 		happy_('Feeder Fair information saved');
 		exit;
@@ -1111,13 +1111,13 @@ LEFT JOIN sponsors ON sponsors.id = award_awards.sponsors_id
 LEFT JOIN award_types ON award_types.id = award_awards.award_types_id
 WHERE 
 				award_awards.year=?
-				?
-				?
+				$where_asi
+				$where_ati
 			AND \taward_types.year=?
-		?
+		$orderby
 ");
 
-$q->execute([$config['FAIRYEAR'],$where_asi,$where_ati,$config['FAIRYEAR'],$orderby]);
+$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
 
 show_pdo_errors_if_any($pdo);
 

admin/award_download.php

@@ -150,7 +150,7 @@ switch (get_value_from_array($_GET, 'action')) {
 				$sponsor_id = $sponsorr->id;
 			} else {
 				$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes) 
-				VALUES (?,?,'" . "Imported from external source: ?" . "')");
+				VALUES (?,?, Imported from external source: ?)");
 				$q->execute([$sponsor_str,$year,$r->name]);
 				show_pdo_errors_if_any($pdo);
 				$sponsor_id = $pdo->lastInsertId();