From ba6e7156cb55bc61d773bf7dd3cdadfb1739e17d Mon Sep 17 00:00:00 2001
From: Armanveer Gill <contact@science-ation.ca>
Date: Thu, 2 Jan 2025 10:54:18 -0500
Subject: [PATCH] Fixed the sql error on signature page. Used bind params to
 assign variables into the query. Did some other changes to other files as
 well, my bad. But the sql error is the big change.

---
 admin/award_awards.php                  |  3 ++-
 admin/reports.inc.php                   |  2 +-
 admin/reports.php                       |  1 +
 admin/reports_judges.php                | 10 +++++-----
 admin/reports_judges_allyears.php       |  6 +++---
 admin/reports_judges_teams_projects.php |  6 +++---
 admin/winners.php                       | 25 +++++++++++++------------
 common.inc.php                          |  6 +++++-
 config/signaturepage.php                | 18 ++++++++++++------
 lcsv.php                                |  7 ++++++-
 lpdf.php                                |  5 ++++-
 tableeditor.class.php                   |  3 ++-
 12 files changed, 57 insertions(+), 35 deletions(-)

diff --git a/admin/award_awards.php b/admin/award_awards.php
index 7b5fca89..19cca880 100644
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@@ -208,6 +208,7 @@
 	}
 
 	$q = $pdo->prepare("INSERT INTO award_prizes(award_awards_id,year) VALUES ('$aaid','$year');");
+	$q->execute();
 	$ret = array('id' => $pdo->lastInsertId() );
 	echo json_encode($ret);
 	exit;
@@ -1050,7 +1051,7 @@ if(!$orderby) $orderby="order";
 	
 	$q->execute();
 
-show_do_errros_if_any($pdo);
+show_do_erros_if_any($pdo);
 print_r($q->rowCount());
 if($q->rowCount())
 		{
diff --git a/admin/reports.inc.php b/admin/reports.inc.php
index d9279cfb..d7b9bbda 100644
--- a/admin/reports.inc.php
+++ b/admin/reports.inc.php
@@ -384,7 +384,7 @@ foreach($report_stock as $n=>$v) {
 			VALUES $q");
 
 	$stmt->execute();
-	echo $pdo->erroInfo();
+	show_pdo_errors_if_any($pdo);
 	
  }
 	
diff --git a/admin/reports.php b/admin/reports.php
index 730cda96..ec4b3f93 100644
--- a/admin/reports.php
+++ b/admin/reports.php
@@ -240,6 +240,7 @@ $(document).ready(function() {
 </script>
 <?
 
+global $edit_mode;
  /* Load all the users reports */
  $q = $pdo->prepare("SELECT reports_committee.*,reports.name
  			FROM reports_committee 
diff --git a/admin/reports_judges.php b/admin/reports_judges.php
index 673ba592..173965b5 100644
--- a/admin/reports_judges.php
+++ b/admin/reports_judges.php
@@ -150,7 +150,7 @@ $q=$pdo->prepare("SELECT
 				lastname,
 				firstname");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$u=user_load($r->id);
 
@@ -198,13 +198,13 @@ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	}
 
 	foreach($times as $x=>$t) {
-		if($sel[$x]==true) {
+		if(get_value_from_array($sel, $x)==true) {
 			$timedata[]="yes";
 		} else {
 			$timedata[]="no";
 		}
 	}
-		
+	
 	$tmp=array(
 		$r->id,
 		$r->uid,
@@ -213,7 +213,7 @@ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$r->email,
 		$r->phonehome,
 		$r->phonework,
-		$r->phoneworkext,
+		get_value_property_or_default($r, 'phoneworkext'),
 		$r->phonecell,
 		$languages,
 		$r->organization,
@@ -223,7 +223,7 @@ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$r->province,
 		$r->postalcode,
 		$r->highest_psd,
-		$r->professional_quals,
+		get_value_property_or_default($r, 'professional_quals'),
 		$expertise_other
 		);
 	$tmp = array_merge($tmp, $qarray);
diff --git a/admin/reports_judges_allyears.php b/admin/reports_judges_allyears.php
index 19e13fdc..087b7297 100644
--- a/admin/reports_judges_allyears.php
+++ b/admin/reports_judges_allyears.php
@@ -121,7 +121,7 @@ $q=$pdo->prepare("SELECT
 				firstname,
 				year");
 $q->execute();
-echo $pdo->errorInfo();
+show_pdo_errors_if_any($pdo);
 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$u=user_load($r->id);
 
@@ -163,7 +163,7 @@ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$r->email,
 		$r->phonehome,
 		$r->phonework,
-		$r->phoneworkext,
+		get_value_property_or_default($r, 'phoneworkext'),
 		$r->phonecell,
 		$languages,
 		$r->organization,
@@ -173,7 +173,7 @@ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$r->province,
 		$r->postalcode,
 		$r->highest_psd,
-		$r->professional_quals,
+		get_value_property_or_default($r, 'professional_quals'),
 		$expertise_other
 		);
 	$tmp = array_merge($tmp, $qarray);
diff --git a/admin/reports_judges_teams_projects.php b/admin/reports_judges_teams_projects.php
index 82167222..235c85b4 100644
--- a/admin/reports_judges_teams_projects.php
+++ b/admin/reports_judges_teams_projects.php
@@ -70,7 +70,7 @@
 		$rep->heading($team['name']." (".$team['num'].")");
 
 		$memberlist="";
-		if(count($team['members']))
+		if(count(get_value_from_array($team,'members', [])))
 		{
 			foreach($team['members'] AS $member)
 			{
@@ -94,7 +94,7 @@
 				//get category eligibility
 				$q=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
 				$q->execute();
-				echo $pdo->erroInfo();
+				show_pdo_errors_if_any($pdo);
 				$cats="";
 				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
@@ -107,7 +107,7 @@
 				//get division eligibility
 				$q=$pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
 				$q->execute();
-				echo $pdo->erroInfo();
+				show_pdo_errors_if_any($pdo);
 				$divs="";
 				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
diff --git a/admin/winners.php b/admin/winners.php
index af84fdc6..803351f6 100644
--- a/admin/winners.php
+++ b/admin/winners.php
@@ -52,22 +52,22 @@ case 'addwinner':
 	}
 	
 	//first check how many we are allowed to have
-	$q=pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
+	$q=$pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
 	$q->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	$r=$q->fetch(PDO::FETCH_ASSOC);
 	$number=$r['number'];
 
 	/* Get the award info */
 	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
 	$q->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	$a=$q->fetch(PDO::FETCH_ASSOC);
 
 	/* Get the project */
 	$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
 	$q->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	$p=$q->fetch(PDO::FETCH_ASSOC);
 	$fairs_id = $p['fairs_id'];
 
@@ -86,14 +86,14 @@ case 'addwinner':
 						projects.fairs_id='$fairs_id'
 						awards_prizes_id='$prize_id'");
 		$q->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	} else {
 		/* Count is the total number assigned */
 		$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
 		$q->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	}
@@ -141,7 +141,7 @@ case 'award_load':
 			");
 	$q->execute();
 
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 
 	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to load $award_awards_id");
@@ -178,7 +178,7 @@ case 'edit_load':
 			");
 	$q->execute();
 
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 
 	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to edit $award_awards_id");
@@ -418,9 +418,10 @@ $q = $pdo->prepare("SELECT
 			AND	award_awards.sponsors_id=sponsors.id
 			$fair_where
 		ORDER BY awards_order");
+$q->execute();
 
-// FIXME 
-//echo $pdo->errorInfo();
+ 
+show_pdo_errors_if_any($pdo);
 
 if($q->rowCount() == 0) {
 	echo i18n('No awards to display.');
@@ -498,7 +499,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 			ORDER BY 
 				`order`");
 	$q->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	
 	echo "<table width=\"100%\"><tr><td>";
 	$has_winners = false;
@@ -532,7 +533,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 					winners.awards_prizes_id='{$pr->id}'
 					$fairs_where ");
 		$cq->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 		$count = $cq->rowCount();
 //		echo "winners=$count";
 
diff --git a/common.inc.php b/common.inc.php
index a9221286..99e896e9 100644
--- a/common.inc.php
+++ b/common.inc.php
@@ -845,18 +845,22 @@ function emit_time_selector($name,$selected="")
 function emit_province_selector($name,$selected="",$extra="")
 {
 	global $config;
+	
 	global $pdo;
 	$q=$pdo->prepare("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
 	$q->execute();
+	
 	if($q->rowCount()==1)
 	{
 		$r = $q->fetch();
-		echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
+		
+		echo "<input type=\"hidden\" name=\"$name\" value=\"$r->code\">";
 		echo i18n($r->province);
 	}
 	else
 	{
 		echo "<select name=\"$name\" $extra>\n";
+		
 		echo "<option value=\"\">".i18n("Select a {$config['provincestate']}")."</option>\n";
 		while($r = $q->fetch())
 		{
diff --git a/config/signaturepage.php b/config/signaturepage.php
index 1e9c32a8..52c95ca8 100644
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@@ -40,12 +40,18 @@
  	if(get_value_from_array($_POST,'usepostamble')) $usepa="1"; else $usepa="0";
  	if(get_value_from_array($_POST, 'useregfee')) $userf="1"; else $userf="0";
 
- 	$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".get_value_from_array($_POST,'exhibitordeclaration')."' WHERE name='exhibitordeclaration'");
- 	$stmt->execute();
-    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".get_value_from_array($_POST, 'parentdeclaration')."' WHERE name='parentdeclaration'");
- 	$stmt->execute();
-    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".get_value_from_array($_POST, 'teacherdeclaration')."' WHERE name='teacherdeclaration'");
- 	$stmt->execute();
+$val = get_value_from_array($_POST, 'exhibitordeclaration');
+$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :useex, `text` = :text WHERE name = 'exhibitordeclaration'");
+$stmt->bindParam(':useex', $useex);
+$stmt->bindParam(':text', $val);
+$stmt->execute();
+
+$val = get_value_from_array($_POST, 'exhibitordeclaration');
+$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :usepg, `text` = :text WHERE name = 'parentdeclaration'");
+$stmt->bindParam(':usepg', $usepg);
+$stmt->bindParam(':text', $val);
+$stmt->execute();
+
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".get_value_from_array($_POST,'postamble')."' WHERE name='postamble'");
  	$stmt->execute();
     $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
diff --git a/lcsv.php b/lcsv.php
index d968fee4..f6183eff 100644
--- a/lcsv.php
+++ b/lcsv.php
@@ -73,7 +73,12 @@ class lcsv
 			foreach($table['data'] AS $dataline) {
 				for($c=0;$c<$table_cols;$c++) {
 					//escape a single " with ""
-					$dataline_c=str_replace('"','""',$dataline[$c]);
+					$returned_value = get_value_from_array($dataline, $c, '');
+					if(is_object($returned_value) === false)
+					{	echo is_object($returned_value);
+						$dataline_c=str_replace('"','""',get_value_from_array($dataline, $c, ''));
+					}
+					
 
 					//lets always quote it
 					$this->csvdata.="\"".$dataline_c."\"";
diff --git a/lpdf.php b/lpdf.php
index 5cffcedf..c0c2d2dd 100644
--- a/lpdf.php
+++ b/lpdf.php
@@ -64,6 +64,8 @@ class lpdf
 	var $normalfont;
 	var $boldfont;
 
+	var $content_width ;
+
 	function loc($inch)
 	{
 		return $inch*72;
@@ -121,7 +123,8 @@ class lpdf
 	}
 
 	function newPage($width="",$height="",$pagenumber=0)
-	{
+	{	
+		
 		if($width && $height)
 		{
 			$this->page_width=$width;
diff --git a/tableeditor.class.php b/tableeditor.class.php
index b9b899b1..b64f3e18 100644
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@@ -1013,9 +1013,10 @@ class TableEditor
 			list($sel, $from, $where) = $this->defaultGetList();
 		}
 
-		foreach($sel as $s) $query .= ",$s";
+		foreach($sel as $s) $query .= ", $s";
 		$query .= " FROM ";
 		foreach($from as $f) $query .= "$f ";
+		print("sfs $f");
 		$query .= " WHERE 1 ";
 
 		if(is_array($where)) {