diff --git a/admin/fundraising_campaigns.php b/admin/fundraising_campaigns.php index bc3e9a0..53719d7 100644 --- a/admin/fundraising_campaigns.php +++ b/admin/fundraising_campaigns.php @@ -225,8 +225,9 @@ $q->execute(); AND status='received' ORDER BY datereceived DESC"); while($r=$q->fetch(PDO::FETCH_OBJ)) { $goal=getGoal($r->fundraising_goal); - $sq=mysql_query("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'"); - $sponsor=mysql_fetch_object($sq); + $sq=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'"); + $sq->execute(); + $sponsor=$sq->fetch(PDO::FETCH_OBJ); echo "".format_date($r->datereceived)."\n"; echo " ".$sponsor->organization."\n"; echo " ".$goal->name."\n"; @@ -256,8 +257,9 @@ $q->execute(); "mentor"=>"Mentor (not implemented)", ); $campaign_id=intval($_GET['id']); - $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'"); - $campaign=$q->fetch(PDO::FETCH_OBJ); + $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'"); + $q->execute(); + $campaign=$q->fetch(PDO::FETCH_OBJ); if($campaign->filterparameters) { echo "

".i18n("User List")."

\n"; $params=unserialize($campaign->filterparameters); @@ -304,8 +306,9 @@ $q->execute(); echo "
"; echo "
\n"; echo "\n"; - $q=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'"); - while($r=$q->fetch(PDO::FETCH_OBJ)) { + $q=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'"); + $q->execute(); + while($r=$q->fetch(PDO::FETCH_OBJ)) { $u=user_load_by_uid($r->users_uid); //hopefully this never returns false, but who knows.. if($u) { @@ -355,7 +358,8 @@ $q->execute(); : prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min"); + $q->execute(); while($r=$q->fetch(PDO::FETCH_OBJ)) { echo "
\n"; } @@ -404,8 +408,8 @@ $q->execute(); case "manage_tab_communications": $campaign_id=intval($_GET['id']); - $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'"); - + $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'"); + $q->execute(); if($r=$q->fetch(PDO::FETCH_OBJ)) { } @@ -415,8 +419,9 @@ $q->execute(); foreach($communications as $key=>$name) { echo "

".i18n($name)."

\n"; //check if they have one in the emails database - $q=mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'"); - if($email=$q->fetch(PDO::FETCH_OBJ)) { + $q=$pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'"); + $q->execute(); + if($email=$q->fetch(PDO::FETCH_OBJ)) { echo "
"; echo "id,$campaign_id)\">"; echo "  "; @@ -465,15 +470,18 @@ $q->execute(); if(is_array($_POST['prospectremovefromlist'])) { $uidlist=implode(",",$_POST['prospectremovefromlist']); $query="DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid' AND users_uid IN ($uidlist)"; - mysql_query($query); + $stmt = $pdo->prepare($query); + $stmt->execute(); echo $pdo->errorInfo(); } //if theres nobody left in the list we need to reset the filter params as well - $q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'"); - $r=$q->fetch(PDO::FETCH_OBJ); + $q=$pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'"); + $q->execute(); + $r=$q->fetch(PDO::FETCH_OBJ); if($r->num==0) { - mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'"); - } + $stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'"); + $stmt->execute(); + } happy_("Selected users removed from list"); exit; @@ -481,22 +489,26 @@ $q->execute(); case "prospect_removeall": $campaignid=intval($_POST['fundraising_campaigns_id']); - mysql_query("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'"); - mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'"); - happy_("All users removed from list"); + $stmt = $pdo->prepare("DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'"); + $stmt->execute(); + $stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'"); + $stmt->execute(); + happy_("All users removed from list"); exit; break; case "communication_remove": $emails_id=$_POST['id']; //check if its been sent, if so, it cannot be deleted, sorry! - $q=mysql_query("SELECT * FROM emails WHERE id='$emails_id'"); + $q=$pdo->prepare("SELECT * FROM emails WHERE id='$emails_id'"); + $q->execute(); $e=$q->fetch(PDO::FETCH_OBJ); if($e->lastsent) { error_("Cannot remove an email that has already been sent"); } else { - mysql_query("DELETE FROM emails WHERE id='$emails_id'"); + $stmt = $pdo->prepare("DELETE FROM emails WHERE id='$emails_id'"); + $stmt->execute(); happy_("Communicaton removed"); } @@ -515,22 +527,23 @@ function save_campaign_info(){ if(!$_GET['id']) { $query = "INSERT INTO fundraising_campaigns (name,fiscalyear) VALUES ( - '".mysql_real_escape_string(stripslashes($_POST['name']))."','{$config['FISCALYEAR']}')"; - mysql_query($query); - $id = mysql_insert_id(); + '".stripslashes($_POST['name'])."','{$config['FISCALYEAR']}')"; + $stmt = $pdo->prepare($query); + $stmt->execute(); + $id = $pdo->lastInsertId(); happy_("Appeal Created"); }else{ $id = $_GET["id"]; happy_("Appeal Saved"); } - mysql_query("UPDATE fundraising_campaigns SET - name='".mysql_real_escape_string(stripslashes($_POST['name']))."', - `type`='".mysql_real_escape_string($_POST['type'])."', - startdate='".mysql_real_escape_string($startdate)."', - followupdate='".mysql_real_escape_string($_POST['followupdate'])."', - enddate='".mysql_real_escape_string($_POST['enddate'])."', - target='".mysql_real_escape_string($_POST['target'])."', - fundraising_goal='".mysql_real_escape_string($_POST['fundraising_goal'])."' + $stmt = $pdo->prepare("UPDATE fundraising_campaigns SET + name='".stripslashes($_POST['name'])."', + `type`='".$_POST['type']."', + startdate='".$startdate."', + followupdate='".$_POST['followupdate']."', + enddate='".$_POST['enddate']."', + target='".$_POST['target']."', + fundraising_goal='".$_POST['fundraising_goal']."' WHERE id='$id'"); } @@ -771,10 +784,11 @@ function display_campaign_form($r=null) { $ prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name"); + $fgq->execute(); echo "