From b99f730a718e7ec88ebf4012773a297d0f1c6b9c Mon Sep 17 00:00:00 2001
From: james <james>
Date: Wed, 3 Mar 2010 20:13:46 +0000
Subject: [PATCH] Fix character encoding problems in student editor and project
 editor

---
 admin/project_editor.php |  6 +++---
 admin/student_editor.php | 38 +++++++++++++++++++-------------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/admin/project_editor.php b/admin/project_editor.php
index 995c58f..0283778 100644
--- a/admin/project_editor.php
+++ b/admin/project_editor.php
@@ -113,13 +113,13 @@ function project_save()
 		$title=stripslashes($_POST['title']);
 
 	mysql_query("UPDATE projects SET ".
-			"title='".mysql_escape_string($title)."', ".
+			"title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",$title))."', ".
 			"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
 			"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
 			"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
 			"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
-			"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ".
-			"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ".
+			"req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['req_special'])))."', ".
+			"summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['summary'])))."', ".
 			"summarycountok='$summarycountok',".
 			"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
 			"WHERE id='".$_POST['id']."'");
diff --git a/admin/student_editor.php b/admin/student_editor.php
index 38784bf..29d0e42 100644
--- a/admin/student_editor.php
+++ b/admin/student_editor.php
@@ -116,13 +116,13 @@ function students_save()
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
 			mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
 					"'".$registrations_id."', ".
-					"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['firstname'][$x])))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['lastname'][$x])))."', ".
 					"'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['address'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['city'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['province'][$x]))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['email'][$x])))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['address'][$x])))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['city'][$x])))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['province'][$x])))."', ".
 					"'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
 					"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
 					"'$dob', ".
@@ -131,8 +131,8 @@ function students_save()
 					"'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
 					"'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
 					"'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teachername'][$x])))."', ".
+					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teacheremail'][$x])))."', ".
 					"'".$config['FAIRYEAR']."')");
 
 			happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
@@ -151,25 +151,25 @@ function students_save()
 			//UPDATE existing record
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
 			mysql_query("UPDATE students SET ".
-					"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-					"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
+					"firstname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['firstname'][$x])))."', ".
+					"lastname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['lastname'][$x])))."', ".
 					"sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-					"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
-					"address='".mysql_escape_string(stripslashes($_POST['address'][$x]))."', ".
-					"city='".mysql_escape_string(stripslashes($_POST['city'][$x]))."', ".
-					"province='".mysql_escape_string(stripslashes($_POST['province'][$x]))."', ".
+					"email='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['email'][$x])))."', ".
+					"address='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['address'][$x])))."', ".
+					"city='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['city'][$x])))."', ".
+					"province='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['province'][$x])))."', ".
 					"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
 					"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
 					"dateofbirth='$dob', ".
 					"grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
 					$schoolquery.
-					"medicalalert='".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
-					"foodreq='".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
-					"teachername='".mysql_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
-					"teacheremail='".mysql_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
+					"medicalalert='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['medicalalert'][$x])))."', ".
+					"foodreq='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['foodreq'][$x])))."', ".
+					"teachername='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teachername'][$x])))."', ".
+					"teacheremail='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teacheremail'][$x])))."', ".
 					"tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
 					"WHERE id='".$_POST['id'][$x]."'");
-			happy_("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
+			happy_("%1 %2 successfully updated",array(iconv("UTF-8","ISO-8859-1",$_POST['firstname'][$x]),iconv("UTF-8","ISO-8859-1",$_POST['lastname'][$x])));
 		}
 		$x++;	
 	}