diff --git a/committees.php b/committees.php
index b70aa5d..6211f08 100644
--- a/committees.php
+++ b/committees.php
@@ -39,7 +39,7 @@
 							GROUP BY users.uid ORDER BY ord,users.lastname ");
 			
 		//if there's nobody in this committee, then just skip it and go on to the next one.
-		if(mysql_num_rows($q2)==0)
+		if($q2->rowCount()==0)
 			continue;
 
 		echo "<tr>";
diff --git a/common.inc.php b/common.inc.php
index 63180fa..04a4a9b 100644
--- a/common.inc.php
+++ b/common.inc.php
@@ -842,8 +842,8 @@ function emit_time_selector($name,$selected="")
 function emit_province_selector($name,$selected="",$extra="")
 {
 	global $config;
-	$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province");
-	if(mysql_num_rows($q)==1)
+	$q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
+	if($q->rowCount()==1)
 	{
 		$r = $q->fetch();
 		echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
@@ -1184,7 +1184,7 @@ function committee_warnings()
 						AND award_awards.award_source_fairs_id IS NOT NULL
 						AND fairs.type='ysc' ");
 						echo pdo->errorInfo();
-			if(mysql_num_rows($qq) > 0) {
+			if($qq->rowCount() > 0) {
 				$warn;
 				
 				break;
diff --git a/contact.php b/contact.php
index 536e7df..2d0d2b3 100644
--- a/contact.php
+++ b/contact.php
@@ -103,7 +103,7 @@ function tochange() {
 		//if there's nobody in this committee, then just skip it and go on to the next one.
 
 		// FIX ME !!!!!
-		if(mysql_num_rows($q2)==0)
+		if($q2->rowCount()==0)
 			continue;
 
 		echo "<option value=\"\">{$r->name}</option>\n";
diff --git a/fair_additional_materials.inc.php b/fair_additional_materials.inc.php
index 09ba3d6..79434c2 100644
--- a/fair_additional_materials.inc.php
+++ b/fair_additional_materials.inc.php
@@ -37,10 +37,11 @@ function fair_additional_materials($fair, $award, $year)
 			$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif");
 	
 	/* Grab a list of winners */
-	$q = mysql_query("SELECT * FROM award_prizes
+	$q = $pdo->prepare("SELECT * FROM award_prizes
 				LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 			WHERE winners.year='$year' 
 				AND winners.fairs_id='{$fair['id']}'");
+	$q2->execute();
 	while($r = $q->fetch()) {
 		$pid = $r['projects_id'];
 		$rep->newPage("","",1);
diff --git a/fair_info.php b/fair_info.php
index fd03900..3c2145a 100644
--- a/fair_info.php
+++ b/fair_info.php
@@ -136,7 +136,7 @@ function fairinfo_save()
  $q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
 
  ######## FIX ME!!!!!
- if(mysql_num_rows($q)) {
+ if($q2->rowCount()) {
 	 $f = $q->fetch;
  } else {
 	 $f = array();
diff --git a/fair_stats.php b/fair_stats.php
index 00b7e80..87d427d 100644
--- a/fair_stats.php
+++ b/fair_stats.php
@@ -49,7 +49,7 @@ case 'save':
 	$year = intval($_POST['year']);
 
 	foreach($stats as $k=>$v) {
-		$stats[$k] = mysql_escape_string($stats[$k]);
+		$stats[$k] = $stats[$k];
 	}
 
 	//  $str = join(',',$stats);
@@ -61,7 +61,8 @@ case 'save':
     ':year' => $year
 ]);
 	echo pdo->errorInfo();
-	mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
+	$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
+	$stmt->execute();
 	echo pdo->errorInfo();
 
 	happy_("Fair Information Saved.");
diff --git a/judge_availability.php b/judge_availability.php
index c21876c..1449092 100644
--- a/judge_availability.php
+++ b/judge_availability.php
@@ -46,9 +46,10 @@ $u = user_load($eid);
 $times = array();
 
 /* Load the judging rounds */
-$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+$q2->execute();
 $x = 0;
-while($r = mysql_fetch_object($q)) {
+while($r = $q->fetch(PDO::FETCH_OBJ)) {
 	$found = false;
 	foreach($times as $xx => $t) {
 		if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
@@ -68,16 +69,18 @@ while($r = mysql_fetch_object($q)) {
 
 switch($_GET['action']) {
 case 'save':
-	mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
+	$stmt = $pdo->prepare("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
+	$stmt->execute();
 
 	if(is_array($_POST['time']) ) {	
 		foreach($_POST['time'] as $x) {
 			if(trim($times[$x]['starttime']) == '') continue;
 
-			mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`) 
+			$stmt = $pdo->prepare("INSERT INTO judges_availability (users_id, `date`,`start`,`end`) 
 					VALUES ('{$u['id']}',
 					'{$times[$x]['date']}',
 					'{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
+			$stmt->execute();
 		}
 	}
 	happy_("Time Availability preferences successfully saved");
@@ -124,10 +127,10 @@ if($_SESSION['embed'] != true) {
 <table>
 <?
 /* Get all their available times */
-$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
-
+$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
+$q->execute();
 $sel = array();
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	foreach($times as $x=>$t) {
 		if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) {
 			$sel[$x] = true;
diff --git a/judge_expertise.php b/judge_expertise.php
index b5c0855..3a90169 100644
--- a/judge_expertise.php
+++ b/judge_expertise.php
@@ -131,10 +131,11 @@ echo "<div id=\"expertise_info_status\"></div>\n";
 echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n";
 echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
 
- $q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+ $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+ $q->execute();
  echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>";
  echo "<table class=\"editor\" style=\"width: 300px;\" >";
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
 	echo "<tr><td class=\"label\" >";
 	echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade));
@@ -171,9 +172,10 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
  echo "<table>\n";
 
  //query all of the categories
- $q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
+ $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
+ $q->execute();
  $first = true;
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
 	$trclass = ($trclass == 'odd') ? 'even' : 'odd';
  	if($first == true) {
@@ -198,8 +200,9 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
 	//only show the sub-divisions if the 'main' division is scored >=3
 	if($u['div_prefs'][$r->id]>=3) {
 
-		$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
-		while($subr=mysql_fetch_object($subq)) {
+		$subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
+		$subq->execute();
+		while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 			echo "<td>&nbsp;</td>";
 			$ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : '';
diff --git a/judge_main.php b/judge_main.php
index 6fe35ea..5fd91d6 100644
--- a/judge_main.php
+++ b/judge_main.php
@@ -49,8 +49,9 @@
 
  $scheduleok=false;
  if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
-	$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$scheduleok=$r->test;
  }
  else {
@@ -61,9 +62,10 @@
 	 /* Check for any judging team assignment this year for this judge, 
 	  * if there is one, print the judge scheule link in an obvious place, 
 	  * it's less obvious below */
-	 $q = mysql_query("SELECT id FROM judges_teams_link WHERE
+	 $q = $pdo->prepare("SELECT id FROM judges_teams_link WHERE
 				users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'");
-	 if(mysql_num_rows($q) > 0) {
+	$q2->execute();
+	 if($q2->rowCount() > 0) {
 		echo '<span style="font-size: 1.2em; font-weight: bold;">';
 		echo i18n("You have been assigned to a judging team.  %1Click here%2 to view the judging schedule",
 			array("<a href=\"judge_schedule.php\">","</a>"));
diff --git a/judge_other.php b/judge_other.php
index 4ab87df..3aa60d3 100644
--- a/judge_other.php
+++ b/judge_other.php
@@ -62,7 +62,7 @@ case 'save':
 	$u['years_regional'] = intval($_POST['years_regional']);
 	$u['years_national'] = intval($_POST['years_national']);
 	$u['highest_psd'] = stripslashes($_POST['highest_psd']);
-	$u['private_info'] = mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info'])));
+	$u['private_info'] = iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info']));
 
 	//check if judge has been flagged then update them
 
@@ -130,9 +130,10 @@ echo "<div id=\"other_info_status\"></div>\n";
 	<td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td>
 	<td>
 <?
-$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
-echo mysql_error();
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
+$q->execute();
+echo $pdo->errorInfo();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : '';
 	echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />";
diff --git a/judge_project_summary.php b/judge_project_summary.php
index e8f07d9..4fafa63 100644
--- a/judge_project_summary.php
+++ b/judge_project_summary.php
@@ -27,29 +27,31 @@ require_once('user.inc.php');
 
 user_auth_required(array('judge', 'committee'));
 
-$pn = mysql_escape_string(stripslashes($_GET['pn']));
+$pn = stripslashes($_GET['pn']);
 
  
 
-$q=mysql_query("SELECT * FROM projects WHERE 
+$q=$pdo->prepare("SELECT * FROM projects WHERE 
 			projectnumber='$pn'
 			AND year='{$config['FAIRYEAR']}'");
-if(mysql_num_rows($q)==0) {
+$q->execute();
+if($q->rowCount()==0) {
 	echo "not found";
 	exit;
 }
-$pi = mysql_fetch_object($q);
+$pi = $q->fetch(PDO::FETCH_OBJ);
 
 
 
-$sq = mysql_query("SELECT firstname,lastname,school FROM students 
+$sq = $pdo->prepare("SELECT firstname,lastname,school FROM students 
 		LEFT JOIN schools ON schools.id = students.schools_id
 		WHERE
 		registrations_id='{$pi->registrations_id}'
 		AND students.year='{$config['FAIRYEAR']}'");
+$sq->execute();
 
 $student = array();
-while($si = mysql_fetch_object($sq)) {
+while($si = $sq->fetch(PDO;;FETCH_OBJ)) {
 	$student[] = $si->firstname.' '.$si->lastname;
 	$school = $si->school;
 }
diff --git a/judge_schedule.php b/judge_schedule.php
index d11bf13..e33abd0 100644
--- a/judge_schedule.php
+++ b/judge_schedule.php
@@ -54,8 +54,9 @@ $u = user_load($eid);
 
  $scheduleok=false;
  if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
-	$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$scheduleok=$r->test;
  }
  else {
@@ -72,46 +73,51 @@ if(!$scheduleok) {
 
 
 /* Find all judging teams this judge is on */
-$q = mysql_query("SELECT * FROM judges_teams_link
+$q = $pdo->prepare("SELECT * FROM judges_teams_link
 			LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id
 			WHERE judges_teams_link.users_id='{$u['id']}'
 			AND judges_teams_link.year='{$config['FAIRYEAR']}'");
+$q->execute();
 $teams = array();
-while($t = mysql_fetch_assoc($q)) {
+while($t = $q->fetch(PDO::FETCH_ASSOC)) {
 	/* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */
-	$qq = mysql_query("SELECT T.* FROM judges_teams_timeslots_link
+	$qq = $pdo->prepare("SELECT T.* FROM judges_teams_timeslots_link
 				LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
 				LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id
 				WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}");
-	$tt = mysql_fetch_assoc($qq);
-	echo mysql_error();
+	$qq->execute();
+	$tt = $qq->fetch(PDO::FETCH_ASSOC);
+	echo $pdo->errorInfo();
 	$t['timeslot'] = $tt;
 
 	/* Load award */
-	$qq = mysql_query("SELECT award_awards.*,T.type FROM judges_teams_awards_link
+	$qq = $pdo->prepare("SELECT award_awards.*,T.type FROM judges_teams_awards_link
 				LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id
 				LEFT JOIN award_types as T ON T.id=award_awards.award_types_id
 				WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}");
-	echo mysql_error();
-	$aa = mysql_fetch_assoc($qq);
+	$qq->execute();
+	echo $pdo->errorInfo();
+	$aa = $qq->fetch(PDO::FETCH_ASSOC);
 	$t['award'] = $aa;
 
 	/* Load team members */
-	$qq = mysql_query("SELECT * FROM judges_teams_link 
+	$qq = $pdo->prepare("SELECT * FROM judges_teams_link 
 				LEFT JOIN users ON users.id=judges_teams_link.users_id
 				WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']}
 				ORDER BY judges_teams_link.captain,users.lastname,users.firstname");
+	$qq->execute();
 	$t['members'] = array();
-	while(($mm = mysql_fetch_assoc($qq))) {
+	while(($mm = $qq->fetch(PDO::FETCH_ASSOC)) {
 		$t['members'][] = $mm;
 	}
 
 	/* Load projects */
-	$qq = mysql_query("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
+	$qq = $do->prepare("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
 				LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id
 				WHERE judges_teams_id={$t['judges_teams_id']}");
+	$qq->execute();
 	$p = array();
-	while(($pp = mysql_fetch_assoc($qq)))
+	while(($pp = $qq->fetch(PDO::FETCH_ASSOC)))
 		$p[] = $pp;
 	/* If no project and it's a special award, get all nominated */
 	if(count($p) == 0 && $aa['type'] == 'Special') {
diff --git a/judge_special_awards.php b/judge_special_awards.php
index 66032ee..d3ab6fb 100644
--- a/judge_special_awards.php
+++ b/judge_special_awards.php
@@ -45,12 +45,14 @@ $u = user_load($eid);
 switch($_GET['action']) {
 case 'save':
  	//first delete all their old associations for this year..
-	mysql_query("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
+	$stmt = $pdo->prepare("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
+	$stmt->execute();
 	
 	if(array_key_exists('spaward', $_POST)) {
 	 	foreach($_POST['spaward'] AS $aid) {
-			mysql_query("INSERT INTO judges_specialaward_sel (users_id, award_awards_id) 
+			$stmt = $pdo->prepare("INSERT INTO judges_specialaward_sel (users_id, award_awards_id) 
 					VALUES ('{$u['id']}','$aid')");
+			$stmt->execute();
 		}
 	}
 	happy_("Special Award preferences successfully saved");
@@ -104,15 +106,16 @@ if($_SESSION['embed'] != true) {
  echo "<br />";
  echo "<br />";
 
- $q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
+ $q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
+ $q->execute();
  $spawards = array();
- while($r=mysql_fetch_object($q)) $spawards[] = $r->award_awards_id;
+ while($r=$q->fetch(PDO::FETCH_OBJ)) $spawards[] = $r->award_awards_id;
 
  echo "<table>\n";
 
 
  //query all of the awards
- $q=mysql_query("SELECT award_awards.id,
+ $q=$pdo->prepare("SELECT award_awards.id,
 			award_awards.name,
                         award_awards.criteria,
 			sponsors.organization
@@ -128,8 +131,9 @@ if($_SESSION['embed'] != true) {
 			AND award_types.year='{$config['FAIRYEAR']}' 
 		ORDER BY 
 			name");
- echo mysql_error();
- while($r=mysql_fetch_object($q))
+$q->execute();
+ echo $pdo->errorInfo();
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
  	?>
  	<tr><td rowspan="2">
diff --git a/projects.inc.php b/projects.inc.php
index 3149270..5c0bd63 100644
--- a/projects.inc.php
+++ b/projects.inc.php
@@ -26,7 +26,7 @@ function getProjectsEligibleForAward($award_id)
 {
 	global $config;
 
-	$prjq=mysql_query("SELECT
+	$prjq=$pdo->prepare("SELECT
 				award_awards.id,
 				award_awards_projectcategories.projectcategories_id, 
 				award_awards_projectdivisions.projectdivisions_id,
@@ -50,8 +50,9 @@ function getProjectsEligibleForAward($award_id)
 			ORDER BY
 				projectsort
 				");
+	$prjq->execute();
 	$projects=array();
-	while($prjr=mysql_fetch_object($prjq))
+	while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
 	{
 		$projects[$prjr->projectnumber]=array(
 					"id"=>$prjr->projects_id,
@@ -67,7 +68,7 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
 {
 	global $config;
 
-	$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language
+	$prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
 			FROM
 				award_awards,
 				award_awards_projectcategories,
@@ -84,8 +85,9 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
 			ORDER BY
 				language
 				");
+	$prjq->execute();
 	$languages=array();
-	while($r=mysql_fetch_object($prjq)) {
+	while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
 		if($r->language) 
 			$languages[]=$r->language;
 	}
@@ -97,8 +99,9 @@ function getProjectsEligibleOrNominatedForAwards($awards_ids_array)
 	$projects=array();
 	foreach($awards_ids_array AS $award_id)
 	{
-		$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 		$awardprojects=array();
 
@@ -123,7 +126,7 @@ function getSpecialAwardsEligibleForProject($projectid)
 {
 	global $config;
 
-	$awardsq=mysql_query("SELECT
+	$awardsq=$pdo->prepare("SELECT
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -142,7 +145,7 @@ function getSpecialAwardsEligibleForProject($projectid)
 				AND award_types.id=award_awards.award_types_id
 				AND award_awards.id=award_awards_projectcategories.award_awards_id
 				AND award_awards.id=award_awards_projectdivisions.award_awards_id
-				AND projects.projectcategories_id=award_awards_projectcategories.projectcategories_id
+				AND projects.projectcategories_ipreparequeryd=award_awards_projectcategories.projectcategories_id
 				AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
 				AND award_awards.id is not null
 				AND projects.year='".$config['FAIRYEAR']."'
@@ -152,9 +155,10 @@ function getSpecialAwardsEligibleForProject($projectid)
 			ORDER BY
 				award_awards.name
 				");
+		$awardsq->execute();
 	$awards=array();
-	 echo mysql_error();
-	while($r=mysql_fetch_object($awardsq))
+	 echo $pdo->errorInfo();
+	while($r=$awardsq->fetch(PDO::FETCH_OBJ))
 	{
 		$awards[$r->id]=array(
 					"id"=>$r->id,
@@ -170,7 +174,7 @@ function getSpecialAwardsNominatedForProject($projectid)
 {
 	global $config;
 
-	$awardsq=mysql_query("SELECT
+	$awardsq=$pdo->prepare("SELECT
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -188,9 +192,10 @@ function getSpecialAwardsNominatedForProject($projectid)
 			ORDER BY
 				award_awards.name
 				");
+	$awardsq->execute();
 	$awards=array();
-	 echo mysql_error();
-	while($r=mysql_fetch_object($awardsq))
+	 echo $pdo->errorInfo();
+	while($r=$awardsq->fetch(PDO::FETCH_OBJ))
 	{
 		$awards[$r->id]=array(
 					"id"=>$r->id,
@@ -205,7 +210,7 @@ function getSpecialAwardsNominatedForProject($projectid)
 function getNominatedForNoSpecialAwardsForProject($projectid)
 {
 	global $config;
-	$awardsq=mysql_query("SELECT
+	$awardsq=$pdo->prepare("SELECT
 				projects.id AS projects_id
 			FROM
 				project_specialawards_link,
@@ -216,7 +221,8 @@ function getNominatedForNoSpecialAwardsForProject($projectid)
 				AND projects.id='$projectid'
 				AND project_specialawards_link.award_awards_id IS NULL
 				");
-	if(mysql_num_rows($awardsq) == 1) return true;
+	$awardsq->execute();
+	if($awardsq->rowCount() == 1) return true;
 	return false;	
 }
 
@@ -228,7 +234,7 @@ function getProjectsNominatedForSpecialAward($award_id)
 	//are eligible for the award, instead of nominated for it.
 	if($config['specialawardnomination']!="none")
 	{
-		$prjq=mysql_query("SELECT
+		$prjq=$pdo->prepare("SELECT
 					projects.projectnumber,
 					projects.title,
 					projects.language,
@@ -244,8 +250,9 @@ function getProjectsNominatedForSpecialAward($award_id)
 				ORDER BY
 					projectsort
 					");
+		$prjq->execute();
 		$projects=array();
-		while($prjr=mysql_fetch_object($prjq))
+		while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
 		{
 			$projects[$prjr->projectnumber]=array(
 						"id"=>$prjr->projects_id,
@@ -271,7 +278,7 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
 	//if they dont use special award nominations, then we will instead get all of the projects that
 	//are eligible for the award, instead of nominated for it.
 	if($config['specialawardnomination']!="none") {
-		$prjq=mysql_query("SELECT  DISTINCT(projects.language) AS language
+		$prjq=$pdo->prepare("SELECT  DISTINCT(projects.language) AS language
 				FROM
 					project_specialawards_link,
 					projects
@@ -282,8 +289,9 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
 					AND projects.year='".$config['FAIRYEAR']."'
 					ORDER BY language
 					");
+		$prjq->execute();
 		$languages=array();
-		while($r=mysql_fetch_object($prjq)) {
+		while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
 			//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
 			if($r->langauge) {
 				$languages[]=$r->language;
@@ -302,7 +310,7 @@ function getSpecialAwardsNominatedByRegistrationID($id)
 {
 	global $config;
 
-	$awardq=mysql_query("SELECT
+	$awardq=$pdo->prepare("SELECT
 				award_awards.id,
 				award_awards.name,
 				award_awards_projectcategories.projectcategories_id, 
@@ -324,8 +332,9 @@ function getSpecialAwardsNominatedByRegistrationID($id)
 			ORDER BY
 				projectsort
 				");
+	$awardq->execute();
 	$projects=array();
-	while($prjr=mysql_fetch_object($prjq))
+	while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
 	{
 		$projects[$prjr->projectnumber]=array(
 					"id"=>$prjr->projects_id,
@@ -340,15 +349,17 @@ function getSpecialAwardsNominatedByRegistrationID($id)
 function project_load($pid)
 {
 	/* Load this project */
-	$q = mysql_query("SELECT * FROM projects WHERE id='$pid'");
-	$proj = mysql_fetch_array($q);
+	$q = $pdo->prepare("SELECT * FROM projects WHERE id='$pid'");
+	$q->execute();
+	$proj = $q->fetch();
 
 	/* Load the students */
-	$q = mysql_query("SELECT students.*,schools.school FROM students 
+	$q = $pdo->prepare("SELECT students.*,schools.school FROM students 
 		LEFT JOIN schools ON schools.id=students.schools_id
 		WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id");
+	$q->execute();
 	$proj['num_students'] = 0;
-	while($s = mysql_fetch_assoc($q)) {
+	while($s = $q->fetch(PDO::FETCH_OBJ)) {
 		$proj['num_students']++;
 		$proj['student'][] = $s;
 	}
diff --git a/questions.inc.php b/questions.inc.php
index 72b1375..5fd98d6 100644
--- a/questions.inc.php
+++ b/questions.inc.php
@@ -27,13 +27,15 @@
 function questions_load_answers($section, $users_id)
 {
 	global $config;
-	$yearq=mysql_query("SELECT `year` FROM users WHERE id='$users_id'");
-	$yearr=mysql_fetch_object($yearq);
+	$yearq=$pdo->prepare("SELECT `year` FROM users WHERE id='$users_id'");
+	$yearq->execute();
+	$yearr=$yearq->fetch(PDO::FETCH_OBJ);
 	$ans=array();
 	$qs=questions_load_questions($section,$yearr->year);
 	foreach($qs AS $id=>$question) {
-		$q=mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$ans[$id]=$r->answer;
 	}
 	return $ans;
@@ -67,29 +69,33 @@ function questions_save_answers($section, $id, $answers)
    global $config;
 	$qs = questions_load_questions($section,$config['FAIRYEAR']);
 	$keys = array_keys($answers);
-    $q=mysql_query("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
-    while($r=mysql_fetch_object($q)) {
-        mysql_query("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
-        echo mysql_error();
+    $q=$pdo->prepare("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
+        $stmt = $pdo->prepare("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
+		$stmt->execute();
+        echo $pdo->errorInfo();
     }
 		
 	$keys = array_keys($answers);
 	foreach($keys as $qid) {
 		/* Poll key */
-		mysql_query("INSERT INTO question_answers
+		$stmt = $pdo->prepare("INSERT INTO question_answers
 				(users_id,questions_id,answer) VALUES(
 				'$id','$qid',
-				'".mysql_escape_string($answers[$qid])."')" );
+				'".$answers[$qid]."')" );
+		$stmt->execute();
 	}
 }
 
 function questions_find_question_id($section, $dbheading)
 {
-	$q = mysql_query("SELECT id FROM questions WHERE ".
+	$q = $pdo->prepare("SELECT id FROM questions WHERE ".
 				" section='$section' ".
 				" AND db_heading='$dbheading' ");
-	if(mysql_num_rows($q) == 1) {
-		$r = mysql_fetch_object($q);
+	$q->execute();
+	if($q->rowCount() == 1) {
+		$r = $q->fetch(PDO::FETCH_OBJ);
 		return $r->id;
 	}
 	return 0;
@@ -162,28 +168,30 @@ function questions_parse_from_http_headers($array_name)
 
 function questions_update_question($qs)
 {
-	mysql_query("UPDATE questions SET 
-			`question`='".mysql_escape_string($qs['question'])."',
-			`type`='".mysql_escape_string($qs['type'])."',
-			`db_heading`='".mysql_escape_string($qs['db_heading'])."',
-			`required`='".mysql_escape_string($qs['required'])."',
-			`ord`=".intval($qs['ord'])."
+	$stmt = $pdo->prepare("UPDATE questions SET 
+			`question`='".$qs['question']."',
+			`type`='".$qs['type']."',
+			`db_heading`='".$qs['db_heading']."',
+			`required`='".$qs['required']."',
+			`ord`=".intval($qs['ord']."
 			WHERE id='{$qs['id']}' ");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 function questions_save_new_question($qs, $year)
 {
-	mysql_query("INSERT INTO questions ".
+	$stmt = $pdo->prepare("INSERT INTO questions ".
 		"(question,type,section,db_heading,required,ord,year) VALUES (".
-			"'".mysql_escape_string($qs['question'])."',".
-			"'".mysql_escape_string($qs['type'])."',".
-			"'".mysql_escape_string($qs['section'])."',".
-			"'".mysql_escape_string($qs['db_heading'])."',".
-			"'".mysql_escape_string($qs['required'])."',".
-			"'".mysql_escape_string($qs['ord'])."',".
+			"'".$qs['question']."',".
+			"'".$qs['type']."',".
+			"'".$qs['section']."',".
+			"'".$qs['db_heading']."',".
+			"'".$qs['required']."',".
+			"'".$qs['ord']."',".
 			"'$year' )");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 
@@ -231,7 +239,8 @@ function questions_editor($section, $year, $array_name, $self)
 		$qs = questions_load_questions($section, $year);
 
 		/* Delete this question */
-		mysql_query("DELETE FROM questions WHERE id='$qid'");
+		$stmt = $pdo->prepare("DELETE FROM questions WHERE id='$qid'");
+		$stmt->execute();
 
 		/* Update the order of all questions after this one */
 		$keys = array_keys($qs);
@@ -239,7 +248,8 @@ function questions_editor($section, $year, $array_name, $self)
 			if($q == $qid) continue;
 			if($qs[$q]['ord'] > $qs[$qid]['ord']) {
 				$qs[$q]['ord']--;
-				mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt->execute();
 			}
 		}
 		echo happy(i18n("Question successfully removed"));
@@ -248,18 +258,20 @@ function questions_editor($section, $year, $array_name, $self)
 	if($_GET['action']=="import" && $_GET['impyear'])
 	{
 		$x=0;
-		$q = mysql_query("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
-                while($r=mysql_fetch_object($q)) {
+		$q = $pdo->prepare("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
+		$q->execute();
+                while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$x++;
-                        mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
+                        $stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
  VALUES (
                                 '', '$year',
-                                '".mysql_escape_string($r->section)."',
-                                '".mysql_escape_string($r->db_heading)."',
-                                '".mysql_escape_string($r->question)."',
-                                '".mysql_escape_string($r->type)."',
-                                '".mysql_escape_string($r->required)."',
-                                '".mysql_escape_string($r->ord)."')");
+                                '".$r->section."',
+                                '".$r->db_heading."',
+                                '".$r->question."',
+                                '".$r->type."',
+                                '".$r->required."',
+                                '".$r->ord)."')";
+						$stmt->execute();
 		}
 
 		echo happy(i18n("%1 question(s) successfully imported",
@@ -305,7 +317,8 @@ function questions_editor($section, $year, $array_name, $self)
 	if($qdir != 0) {
 		$qs[$qid]['ord'] += $qdir;
 		/* Update the db */
-		mysql_query("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
+		$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
+		$stmt->execute();
 		$keys = array_keys($qs);
 		$originalq = $qs[$qid];
 
@@ -314,10 +327,12 @@ function questions_editor($section, $year, $array_name, $self)
 			if($qs[$q]['ord'] != $qs[$qid]['ord']) continue;
 			if($qdir == 1) {
 				$qs[$q]['ord']--;
-				mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt->execute();
 			} else {
 				$qs[$q]['ord']++;
-				mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
+				$stmt->execute();
 			}
 			/* Swap them so we don' thave to reaload the questions
 			 * */
diff --git a/register_participants.inc.php b/register_participants.inc.php
index 7aefe90..0f3b613 100644
--- a/register_participants.inc.php
+++ b/register_participants.inc.php
@@ -26,8 +26,9 @@ function registrationFormsReceived($reg_id="")
 {
 	if($reg_id) $rid=$reg_id;
 	else $rid=$_SESSION['registration_id'];
-	$q=mysql_query("SELECT status FROM registrations WHERE id='$rid'");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT status FROM registrations WHERE id='$rid'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	if($r->status=="complete" || $r->status=="paymentpending")
 		return true;
 	else
@@ -37,8 +38,9 @@ function registrationFormsReceived($reg_id="")
 function registrationDeadlinePassed()
 {
 	global $config;
-	$q=mysql_query("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
-	$datecheck=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
+	$q->execute();
+	$datecheck=$q->fetch(PDO::FETCH_OBJ);
 	if($datecheck->datecheck==1)
 		return false;
 	else
@@ -60,13 +62,13 @@ function studentStatus($reg_id="")
 	if($reg_id) $rid=$reg_id;
 	else $rid=$_SESSION['registration_id'];
 
-	$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
-
+	$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
 	//if we dont have the minimum, return incomplete
-	if(mysql_num_rows($q)<$config['minstudentsperproject'])
+	if($q->rowCount()<$config['minstudentsperproject'])
 		return "incomplete";
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		foreach ($required_fields AS $req)
 		{
@@ -95,14 +97,15 @@ function emergencycontactStatus($reg_id="")
 	if($reg_id) $rid=$reg_id;
 	else $rid=$_SESSION['registration_id'];
 
-	$sq=mysql_query("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
-	$numstudents=mysql_num_rows($sq);
+	$sq=$pdo->prepare("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$sq->execute();
+	$numstudents=$sq->rowCount();
 
-	while($sr=mysql_fetch_object($sq))
+	while($sr=$sq->fetch(PDO::FETCH_OBJ))
 	{
-		$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
-
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 		foreach ($required_fields AS $req)
 		{
@@ -136,13 +139,13 @@ function projectStatus($reg_id="")
 	if($reg_id) $rid=$reg_id;
 	else $rid=$_SESSION['registration_id'];
 
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
-
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
 	//if we dont have a project entry yet, return empty
-	if(!mysql_num_rows($q))
+	if(!$q->rowCount())
 		return "empty";
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		foreach ($required_fields AS $req)
 		{
@@ -166,18 +169,20 @@ function mentorStatus($reg_id="")
 	else $rid=$_SESSION['registration_id'];
 
 	//first check the registrations table to see if 'nummentors' is set, or if its null
-	$q=mysql_query("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	if($r->nummentors==null)
 		return "incomplete";
 
-	$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+$q->execute();
 
 	//if we dont have the minimum, return incomplete
-	if(mysql_num_rows($q)<$config['minmentorserproject'])
+	if($q->rowCount()<$config['minmentorserproject'])
 		return "incomplete";
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		foreach ($required_fields AS $req)
 		{
@@ -201,15 +206,17 @@ function safetyStatus($reg_id="")
 	else $rid=$_SESSION['registration_id'];
 
 	//grab all of their answers
-	$q=mysql_query("SELECT * FROM safety WHERE registrations_id='$rid'");
-	while($r=mysql_fetch_object($q))
+	$q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='$rid'");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$safetyanswers[$r->safetyquestions_id]=$r->answer;
 	}
 
 	//now grab all the questions
-	$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
-	while($r=mysql_fetch_object($q))
+	$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($r->required=="yes" && !$safetyanswers[$r->id])
 		{
@@ -226,11 +233,12 @@ function spawardStatus($reg_id="")
 	if($reg_id) $rid=$reg_id;
 	else $rid=$_SESSION['registration_id'];
 
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid'");
-	$project=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid'");
+	$q->execute();
+	$project=$q->fetch(PDO::FETCH_OBJ);
 
 	/* We want this query to get any awards with a NULL award_awards_id */
-	$awardsq=mysql_query("SELECT
+	$awardsq=$pdo->prepare("SELECT
 				projects.id AS projects_id
 			FROM
 				project_specialawards_link,
@@ -239,8 +247,9 @@ function spawardStatus($reg_id="")
 				project_specialawards_link.projects_id='".$project->id."'
 				AND projects.year='".$config['FAIRYEAR']."'
 				");
+	$awardsq->execute();
 
-	if(mysql_num_rows($awardsq))
+	if($awardsq->rowCount())
 		return "complete";
 	else
 		return "incomplete";
@@ -254,19 +263,20 @@ function tourStatus($reg_id="")
 	else $rid=$_SESSION['registration_id'];
 
 	/* Get the students for this project */
-	$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
-	$num_found = mysql_num_rows($q);
+	$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	$num_found = $q->rowCount();
 
 	$ret = "complete";
-	while($s=mysql_fetch_object($q)) {
+	while($s=$q->fetch(PDO::FETCH_OBJ)) {
 		//grab all of their tour prefs
 		$sid = $s->id;
-		$qq=mysql_query("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
-
-		$n_tours = mysql_num_rows($qq);
+		$qq=$pdo->prepare("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
+		$qq->execute();
+		$n_tours = $qq->rowCount();
 		if($n_tours > 0) {
 			/* See if there's a rank 0 tour (rank 0 == their tour assignment) */
-			$i = mysql_fetch_object($qq);
+			$i = $qq->fetch(PDO::FETCH_OBJ);
 			if($i->rank == 0) {
 				/* Yes, there is, no matter what, this student's tour
 				 * selection is complete. */
@@ -289,16 +299,18 @@ function namecheckStatus($reg_id="")
 	global $config;
 
 	if($reg_id) {
-		$q=mysql_query("SELECT * FROM students WHERE 
+		$q=$pdo->prepare("SELECT * FROM students WHERE 
 				registrations_id='$reg_id' 
+		$q->execute();
 				AND year='".$config['FAIRYEAR']."'");
 	} else {
-		$q=mysql_query("SELECT * FROM students WHERE 
+		$q=$pdo->prepare("SELECT * FROM students WHERE 
 				id='{$_SESSION['students_id']}'");
-	}
+	$q->execute();	
+}
 
 	/* Get the students for this project */
-	while($s=mysql_fetch_object($q)) {
+	while($s=$q->fetch(PDO::FETCH_OBJ)) {
 		if($s->namecheck_complete == 'no') {
 			return 'incomplete';
 		}
@@ -313,7 +325,7 @@ function generateProjectNumber($registration_id)
 
 	$reg_id = $registration_id;
 	
-	$q=mysql_query("SELECT 	projects.projectcategories_id, 
+	$q=$pdo->prepare("SELECT 	projects.projectcategories_id, 
 				projects.projectdivisions_id,
 				projectcategories.category_shortform,
 				projectdivisions.division_shortform
@@ -328,8 +340,9 @@ function generateProjectNumber($registration_id)
 			AND	projectcategories.year='{$config['FAIRYEAR']}'
 			AND	projectdivisions.year='{$config['FAIRYEAR']}'
 				");
-				echo mysql_error();
-	$r=mysql_fetch_object($q);
+	$q->execute();
+				echo $pdo->errorInfo();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 
 	$p=array('number'=>array(), 'sort'=>array() );
 	$p['number']['str'] = $config['project_num_format'];
@@ -359,14 +372,15 @@ function generateProjectNumber($registration_id)
 	/* Build a total list of projects for finding a global number, and
 	 * while constructing the list, build a list for the division/cat 
 	 * sequence number */
-	$q = mysql_query("SELECT projectnumber_seq,projectsort_seq,
+	$q = $pdo->prepare("SELECT projectnumber_seq,projectsort_seq,
 				projectdivisions_id,projectcategories_id 
 			FROM projects 
 			WHERE year='{$config['FAIRYEAR']}'
 				AND projectnumber_seq!='0'
 				AND projectnumber IS NOT NULL");
-	echo mysql_error();
-	while($i = mysql_fetch_object($q)) {
+	$q->execute();
+	echo $pdo->errorInfo();
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		if( ($r->projectdivisions_id == $i->projectdivisions_id)
 		  &&($r->projectcategories_id == $i->projectcategories_id) ) {
 			$p['number']['n_used'][] = $i->projectnumber_seq;
@@ -439,23 +453,26 @@ function computeRegistrationFee($regid)
 	$ret = array();
 
 	$regfee_items = array();
-	$q = mysql_query("SELECT * FROM regfee_items
+	$q = $pdo->prepare("SELECT * FROM regfee_items
 				WHERE year='{$config['FAIRYEAR']}'");
-	while($i = mysql_fetch_assoc($q)) $regfee_items[] = $i;
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) $regfee_items[] = $i;
 
-	$q=mysql_query("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	$n_students = mysql_num_rows($q);
+	$q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	$n_students = $q->rowCount();
 	$n_tshirts = 0;
 	$sel = array();
-	while($s = mysql_fetch_object($q)) {
+	while($s = $q->fetch(PDO::FETCH_OBJ)) {
 		if($s->tshirt != 'none') $n_tshirts++;
 
 		/* Check their regfee items too */
 		if($config['participant_regfee_items_enable'] != 'yes') continue;
 
-		$sel_q = mysql_query("SELECT * FROM regfee_items_link 
+		$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link 
 					WHERE students_id={$s->id}");
-		while($info_q = mysql_fetch_assoc($sel_q)) {
+		$sel_q->execute();
+		while($info_q = $selq->fetch(PDO::FETCH_ASSOC)) {
 			$sel[] = $info_q['regfee_items_id'];
 		}
 	}
diff --git a/register_participants.php b/register_participants.php
index 2b83cd9..232c938 100644
--- a/register_participants.php
+++ b/register_participants.php
@@ -31,14 +31,19 @@
 	$datecheck = $q->fetch(PDO::FETCH_OBJ);
 
  if($_POST['action']=="new") {
- 	$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
-	if(mysql_num_rows($q)) {
-		$r=mysql_fetch_object($q);
+ 	$q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
+	$q->execute();
+	if($q->rowCount()) {
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$_SESSION['registration_number']=$r->num;
 		$_SESSION['registration_id']=$r->id;
-		mysql_query("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$r->schools_id."','".$config['FAIRYEAR']."')");
-		mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
+		$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".$_SESSION['email']."','".$r->schools_id."','".$config['FAIRYEAR']."')");
+		
+		$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->id'");
+$stmt->execute();
 
+
+		$stmt->execute();
 		header("Location: register_participants_main.php");
 		exit;
 
@@ -52,17 +57,18 @@
  }
  else if($_POST['action']=="continue") {
  	if($_POST['email'])
-	 	$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
+	 	$_SESSION['email']=stripslashes($_POST['email']);
 
-	 $q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
+	 $q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".intval($_POST['regnum'])."' ". 
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
+	$q->execute();
 
-	if(mysql_num_rows($q)) {
-		$r=mysql_fetch_object($q);
+	if($q->rowCount()) {
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$_SESSION['registration_number']=$r->regnum;
 		$_SESSION['registration_id']=$r->regid;
 		$_SESSION['students_id']=$r->studentid;
@@ -78,24 +84,26 @@
  }
  else if($_GET['action']=="resend" && $_SESSION['email']) {
  	//first see if the email matches directly from the registrations table
- 	$q=mysql_query("SELECT registrations.num FROM 
+ 	$q=$pdo->prepare("SELECT registrations.num FROM 
 				registrations
 			WHERE 
 				registrations.email='".$_SESSION['email']."' 
 				AND registrations.year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q))
-		$r=mysql_fetch_object($q);
+	$q->execute();
+	if($q->rowCount())
+		$r=$q->fetch(PDO::FETCH_OBJ);
 	else {
 
 		//no match from registrations, so lets see if it matches from the students table
-		$q=mysql_query("SELECT registrations.num FROM 
+		$q=$pdo->prepare("SELECT registrations.num FROM 
 					registrations, 
 					students 
 				WHERE 
 					students.email='".$_SESSION['email']."' 
 					AND students.registrations_id=registrations.id 
 					AND registrations.year='".$config['FAIRYEAR']."'");
-		$r=mysql_fetch_object($q);
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 	}
 
@@ -174,7 +182,7 @@ $q->execute();
 
 		
 		if($q->rowCount()>0) {
-			$r=mysql_fetch_object($q);
+			$r=$q->fetch(PDO::FETCH_OBJ);
 //			print_r($r);
 			echo i18n("Please enter your <b>registration number</b> in order to login");
 			echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
@@ -227,8 +235,9 @@ $q->execute();
 			else if($config['participant_registration_type']=="schoolpassword") {
 				$showschoolpasswordform=true;
 				if($_POST['schoolpassword'] && $_POST['schoolid']) {
-					$q=mysql_query("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
-					$r=mysql_fetch_object($q);
+					$q=$pdo->prepare("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
+					$q->execute();
+					$r=$q->fetch(PDO::FETCH_OBJ);
 
 					if($_POST['schoolpassword']==$r->registration_password) {
 						$allownew=true;
@@ -250,10 +259,11 @@ $q->execute();
 					echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
 					echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
 					echo i18n("School: ");
-					$q=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+					$q=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+					$q->execute();
 					echo "<select name=\"schoolid\">";
 					echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
-					while($r=mysql_fetch_object($q))
+					while($r=$q->fetch(PDO::FETCH_OBJ))
 						echo "<option value=\"$r->id\">$r->school</option>\n";
 					echo "</select>";
 					echo "<br />";
@@ -303,13 +313,14 @@ $q->execute();
 					//random number between
 					//100000 and 999999  (six digit integer)
 					$regnum=rand(100000,999999);
-					$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
-				}while(mysql_num_rows($q)>0);
+					$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
+					$q->execute();
+				}while($q->rowCount()>0);
 
 				if(!$schoolidquery) $schoolidquery="null";
 
 				//actually insert it
-				mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
+				$stmt = $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
 						"'$regnum',".
 						"'".$_SESSION['email']."',".
 						"NOW(),".
@@ -317,6 +328,7 @@ $q->execute();
 						$schoolidquery.",".
 						$config['FAIRYEAR'].
 						")");
+				$stmt->execute();
 
 				email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));
 
diff --git a/register_participants_emergencycontact.php b/register_participants_emergencycontact.php
index aaca19f..902b36e 100644
--- a/register_participants_emergencycontact.php
+++ b/register_participants_emergencycontact.php
@@ -38,22 +38,22 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //send the header
  send_header("Participant Registration - Emergency Contact Information");
@@ -82,8 +82,9 @@ echo mysql_error();
 		//first, lets make sure this emergency contact really does belong to them
 		foreach($_POST['ids'] AS $id)
 		{ 
-			$q=mysql_query("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-			if(mysql_num_rows($q)==1) {
+			$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+			$q->execute();
+			if($q->rowCount()==1) {
                 $e=stripslashes($_POST['email'][$id]);
                 if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
                    if($u=user_load_by_email($e)) {
@@ -106,17 +107,18 @@ echo mysql_error();
                    }
                 }
 
-				mysql_query("UPDATE emergencycontact SET ".
-						"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$id]))."', ".
-						"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$id]))."', ".
-						"relation='".mysql_escape_string(stripslashes($_POST['relation'][$id]))."', ".
-						"phone1='".mysql_escape_string(stripslashes($_POST['phone1'][$id]))."', ".
-						"phone2='".mysql_escape_string(stripslashes($_POST['phone2'][$id]))."', ".
-						"phone3='".mysql_escape_string(stripslashes($_POST['phone3'][$id]))."', ".
-						"phone4='".mysql_escape_string(stripslashes($_POST['phone4'][$id]))."', ".
-						"email='".mysql_escape_string(stripslashes($_POST['email'][$id]))."' ".
+				$stmt = $pdo->prepare("UPDATE emergencycontact SET ".
+						"firstname='".stripslashes($_POST['firstname'][$id])."', ".
+						"lastname='".stripslashes($_POST['lastname'][$id])."', ".
+						"relation='".stripslashes($_POST['relation'][$id])."', ".
+						"phone1='".stripslashes($_POST['phone1'][$id])."', ".
+						"phone2='".stripslashes($_POST['phone2'][$id])."', ".
+						"phone3='".stripslashes($_POST['phone3'][$id])."', ".
+						"phone4='".stripslashes($_POST['phone4'][$id])."', ".
+						"email='".stripslashes($_POST['email'][$id])."' ".
 						"WHERE id='$id'");
-						echo mysql_error();
+				$stmt->execute();
+						echo $pdo->errorInfo();
 				echo notice(i18n("Emergency contact information successfully updated"));
 			}
 			else
@@ -141,23 +143,25 @@ else if($newstatus=="complete")
 
 }
 
-$sq=mysql_query("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-$numstudents=mysql_num_rows($sq);
+$sq=$pdo->prepare("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+$sq->execute();
+$numstudents=$sq->rowCount();
 
 echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
 echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 
-while($sr=mysql_fetch_object($sq))
+while($sr=$sq->fetch(PDO::FETCH_OBJ))
 {
-	$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
-
-	if(mysql_num_rows($q)==0) {
-		mysql_query("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
-		$id=mysql_insert_id();
+	$q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
+	$q->execute();
+	if($q->rowCount()==0) {
+		$stmt = $pdo->prepare("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
+		$stmt->execute();
+		$id=$pdo->lastInsertId();
 		unset($r);
 	}
 	else {
-		$r=mysql_fetch_object($q);
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$id=$r->id;
 	}
 
diff --git a/register_participants_isefforms.php b/register_participants_isefforms.php
index 1133f81..44b7d80 100644
--- a/register_participants_isefforms.php
+++ b/register_participants_isefforms.php
@@ -36,22 +36,23 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //send the header
  send_header("Participant Registration - ISEF Forms");
@@ -70,12 +71,12 @@ echo mysql_error();
 				//because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything
 				//so removing it makes it go all red again so you are aware
 
-				mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
-
+				$stmt = $po->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
+				$stmt->execute();
 				//just look at hte first letter, since its either   "no:<id>" or "yes:<id>";
 				if($v[0]=="n")
 				{
-					mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
+					$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
 						
 						'$k',
 						'$r->id',
@@ -83,6 +84,7 @@ echo mysql_error();
 						NOW(),
 						'$CURRENT_FAIRYEAR'
 					)");
+					$stmt->execute();
 
 				}
 
@@ -125,12 +127,14 @@ echo mysql_error();
 						if($pgs) $p="'$pgs'";
 						else $p="null";
 
-						mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
-						mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
+						$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
+						$stmt->execute();
 							'$k',
 							'$r->id',
 							'1',
-							'".mysql_escape_string($_FILES['form']['name'][$k])."',
+							'".$_FILES['form']['name'][$k]."',
 							$p,
 							NOW(),
 							'$CURRENT_FAIRYEAR'
@@ -176,11 +180,13 @@ echo mysql_error();
 	if($_GET['action']=="delete" && $_GET['delete'])
 	{
 		//first we need to make sure that this is their own!
-		$chq=mysql_query("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
-		if($chr=mysql_fetch_object($chq))
+		$chq=$pdo->prepare("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
+		$chq->execute();
+		if($chr=$chq->fetch(PDO::FETCH_OBJ))
 		{
 			@unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf");
-			mysql_query("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
+			$stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
+			$stmt->execute();
 			$display_happy=i18n("Form successfully deleted");
 		}
 		else
@@ -245,7 +251,8 @@ function radiochange(o)
 	}
 	*/
 
-	$fq=mysql_query("SELECT * FROM isefforms ORDER BY name");
+	$fq=$pdo->prepare("SELECT * FROM isefforms ORDER BY name");
+	$fq->execute();
 
 	echo "<tr>";
 	echo "<th>".i18n("Form")."</th>";
@@ -254,7 +261,7 @@ function radiochange(o)
 	echo "<th>".i18n("Upload / File")."</th>";
 	echo "</tr>";
 
-	while($fr=mysql_fetch_object($fq))
+	while($fr=$fq-fetch(PDO::FETCH_OBJ))
 	{
 		echo "<tr>";
 		echo "<td valign=\"top\">";
diff --git a/register_participants_main.php b/register_participants_main.php
index 42efc2e..d0e7938 100644
--- a/register_participants_main.php
+++ b/register_participants_main.php
@@ -39,22 +39,23 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php?action=logout");
 	exit;
  
  }
- $r=mysql_fetch_object($q);
+ $r=$q->fetch(PDO::FETCH_OBJ);
  send_header("Participant Registration - Summary");
 
  //only display the named greeting if we have their name
@@ -69,8 +70,9 @@ echo mysql_error();
  {
 
 	 //now select their project number
-	 $q=mysql_query("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-	 $projectinfo=mysql_fetch_object($q);
+	 $q=$pdo->prepare("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+	 $q->execute();
+	 $projectinfo=$q->fetch(PDO::FETCH_OBJ);
 
  	if($r->status=="complete")
 	{
@@ -259,8 +261,9 @@ echo "<table><tr><td>";
 	{
 		if($config['specialawardnomination']=="date")
 		{
-			$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
-			$r=mysql_fetch_object($q);
+			$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
+			$q->execute();
+			$r=$q->fetch(PDO::FETCH_OBJ);
 			//this will return 1 if its between the dates, 0 otherwise.
 			if($r->datecheck==1)
 			{
@@ -281,8 +284,9 @@ echo "<table><tr><td>";
 			}
 		}
 
-		$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
-		$project=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		$project=$q->fetch(PDO::FETCH_OBJ);
 		$nominatedawards=getSpecialAwardsNominatedForProject($project->id);
 		$num=count($nominatedawards);
 		$noawards=getNominatedForNoSpecialAwardsForProject($project->id);
diff --git a/register_participants_mentor.php b/register_participants_mentor.php
index 885da5d..9393da8 100644
--- a/register_participants_mentor.php
+++ b/register_participants_mentor.php
@@ -37,22 +37,23 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $r=mysql_fetch_object($q);
+ $r=$q->fetch(PDO::FETCH_OBJ);
 
  send_header("Participant Registration - Mentor Information");
  echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
@@ -82,17 +83,18 @@ if($_POST['action']=="save")
 				if($_POST['lastname'][$x])
 				{
 					//INSERT new record
-					mysql_query("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
+					$stmt = $pdo->prepare("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
 							"'".$_SESSION['registration_id']."', ".
-							"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
-							"'".mysql_escape_string(stripslashes($_POST['description'][$x]))."', ".
+							"'".stripslashes($_POST['firstname'][$x])."', ".
+							"'".stripslashes($_POST['lastname'][$x])."', ".
+							"'".stripslashes($_POST['email'][$x])."', ".
+							"'".stripslashes($_POST['phone'][$x])."', ".
+							"'".stripslashes($_POST['organization'][$x])."', ".
+							"'".stripslashes($_POST['position'][$x])."', ".
+							"'".stripslashes($_POST['description'][$x])."', ".
 							"'".$config['FAIRYEAR']."')");
-					echo mysql_error();
+					$stmt->execute();
+					echo $pdo->errorInfo();
 
 					echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
 				}
@@ -101,15 +103,16 @@ if($_POST['action']=="save")
 			else
 			{
 				//UPDATE existing record
-				mysql_query("UPDATE mentors SET ".
-						"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-						"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
-						"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ".
-						"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
-						"organization='".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ".
-						"position='".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ".
-						"description='".mysql_escape_string(stripslashes($_POST['description'][$x]))."' ".
+				$stmt = $pdo->prepare("UPDATE mentors SET ".
+						"firstname='".stripslashes($_POST['firstname'][$x])."', ".
+						"lastname='".stripslashes($_POST['lastname'][$x])."', ".
+						"email='".stripslashes($_POST['email'][$x])."', ".
+						"phone='".stripslashes($_POST['phone'][$x])."', ".
+						"organization='".stripslashes($_POST['organization'][$x])."', ".
+						"position='".stripslashes($_POST['position'][$x])."', ".
+						"description='".stripslashes($_POST['description'][$x])."' ".
 						"WHERE id='".$_POST['id'][$x]."'");
+				$stmt->execute();
 				echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
 
 			}
@@ -128,10 +131,13 @@ if($_GET['action']=="removementor")
 	else
 	{
 		//first make sure this is one belonging to this registration id
-		$q=mysql_query("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
-		if(mysql_num_rows($q)==1)
+		$q=$pdo->prepare("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
+		$q->execute();
+		if($q->rowCount()==1)
 		{
-			mysql_query("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
+			
+			$stmt = $pdo->prepare("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
+			$stmt->execute();
 			echo notice(i18n("Mentor successfully removed"));
 		}
 		else
@@ -145,17 +151,19 @@ if($_GET['action']=="removementor")
 
 //now query and display
 
- $q=mysql_query("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  $registrations_nummentors=$r->nummentors;
 
- $q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-
- $numfound=mysql_num_rows($q);
+ $q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+$q->execute();
+ $numfound=$q->rowCount();
 
  if(isset($_GET['nummentors']))
  {
-	mysql_query("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
+	$stmt = $pdo->prepare("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
+	$stmt->execute();
 	$registrations_nummentors=$_GET['nummentors'];
  	$numtoshow=$_GET['nummentors'];
  }
@@ -198,7 +206,7 @@ else if($newstatus=="complete")
  echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
  for($x=1;$x<=$numtoshow;$x++)
  {
- 	$mentorinfo=mysql_fetch_object($q);
+ 	$mentorinfo=$q->fetch(PDO::FETCH_OBJ);
 	echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>";
 	//if we have a valid mentor, set their ID, so we can UPDATE when we submit
 	//if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit
diff --git a/register_participants_namecheck.php b/register_participants_namecheck.php
index 482c5f7..cbd438b 100644
--- a/register_participants_namecheck.php
+++ b/register_participants_namecheck.php
@@ -38,15 +38,15 @@
 	exit;
  }
 
- $q=mysql_query("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
- echo mysql_error();
+ $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
+ echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0) {
+ if($q->rowCount()==0) {
  	header("Location: register_participants.php");
 	exit;
  }
 
- while($s=mysql_fetch_object($q)) {
+ while($s=$q->fetch(PDO::FETCH_OBJ)) {
 	 $student_display_name[]="{$s->firstname} {$s->lastname}";
  }
 
@@ -66,9 +66,13 @@
 		$pu = ($_POST['punc'] == 'yes') ? true : false;
 
 		if($sp && $ca && $pu) {
-			$q=mysql_query("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
+			$q=$pdo->prepare("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
+		
+			$q->execute();
 		} else if($s->namecheck_complete!='no') {
-			$q=mysql_query("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
+			$q=$pdo->prepare("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
+			$q->execute();
+			
 		}
 	}
  }
diff --git a/register_participants_project.php b/register_participants_project.php
index 9f396a1..ac974b7 100644
--- a/register_participants_project.php
+++ b/register_participants_project.php
@@ -41,22 +41,23 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //send the header
  send_header("Participant Registration - Project Information");
@@ -86,8 +87,9 @@ echo mysql_error();
 	else
 	{
 		//first, lets make sure this project really does belong to them
-		$q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q)==1)
+		$q=$pdo->prepare("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		if($q->rowCount()==1)
 		{
 			$summarywords=preg_split("/[\s,]+/",$_POST['summary']);
 			$summarywordcount=count($summarywords);
@@ -114,21 +116,22 @@ echo mysql_error();
 			else
 				$shorttitle=stripslashes($_POST['shorttitle']);
 
-			mysql_query("UPDATE projects SET ".
-					"title='".mysql_escape_string($title)."', ".
-					"shorttitle='".mysql_escape_string($shorttitle)."', ".
-					"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
-					"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
-					"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
-					"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
-					"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
-					"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ".
-					"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
-					"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
-					"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ".
+			$stmt = $pdo->prepare("UPDATE projects SET ".
+					"title='".$title."', ".
+					"shorttitle='".$shorttitle."', ".
+					"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
+					"projecttype='".stripslashes($_POST['projecttype'])."', ".
+					"language='".stripslashes($_POST['language'])."', ".
+					"req_table='".stripslashes($_POST['req_table'])."', ".
+					"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
+					"req_special='".stripslashes($_POST['req_special'])."', ".
+					"human_participants='".stripslashes($_POST['human_participants'])."', ".
+					"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
+					"summary='".stripslashes($_POST['summary'])."', ".
 					"summarycountok='$summarycountok'".
 					"WHERE id='".$_POST['id']."'");
-					echo mysql_error();
+			$stmt->execute();
+					echo $pdo->errorInfo();
 			echo notice(i18n("Project information successfully updated"));
 		}
 		else
@@ -140,12 +143,14 @@ echo mysql_error();
 
 
  //now lets find out their MAX grade, so we can pre-set the Age Category
- $q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
- $gradeinfo=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
+ $q->execute();
+ $gradeinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //now lets grab all the age categories, so we can choose one based on the max grade
- $q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
- while($r=mysql_fetch_object($q))
+ $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
  	//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
 	$agecategories[$r->id]['category']=$r->category;
@@ -158,22 +163,27 @@ echo mysql_error();
 	}
  }
  //now select their project info
- $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- //check if it exists, if we didnt find any record, lets insert one
- if(mysql_num_rows($q)==0)
+ $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ /check if it exists, if we didnt find any record, lets insert one
+ if($q->rowCount()==0)
  {
- 	mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
+ 	$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
+	$stmt->execute();
 	//now query the one we just inserted
- 	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- }
- $projectinfo=mysql_fetch_object($q);
+ 	
+$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+$q->execute();
+}
+ $projectinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
  if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id)
  {
  	echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
-	mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
- }
+	$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
+	$stmt->execute();
+}
 
 
 
@@ -235,14 +245,16 @@ function countwords()
 
 //###### Feature Specific - filtering divisions by category
  if($config['filterdivisionbycategory']=="yes"){
-	$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
-	echo mysql_error();
+	$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
+	$q->execute();
+	echo $pdo->errorInfo();
 
 }else
- 	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
- echo "<select name=\"projectdivisions_id\">";
+ 	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+	$q->execute();
+	echo "<select name=\"projectdivisions_id\">";
  echo "<option value=\"\">".i18n("Select a division")."</option>\n";
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
  	if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
 	echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
@@ -268,12 +280,13 @@ function countwords()
  echo "</td></tr>";
 
 if($config['project_type'] == 'yes'){
- $q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
+ $q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
+ $q->execute();
  echo "<tr><td>".i18n("Project Type").": </td><td>";
  echo "<select name=\"projecttype\">\n";
  echo "<option value=\"\">".i18n("Select a project")."</option>\n";
  
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {	
  	if($r->type == $projectinfo->projecttype)
 	{
diff --git a/register_participants_project_divisionselector.php b/register_participants_project_divisionselector.php
index 07c2524..ee637f1 100644
--- a/register_participants_project_divisionselector.php
+++ b/register_participants_project_divisionselector.php
@@ -37,32 +37,33 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
 <head><title><?=i18n("Division Selector")?></title>
 <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
-</head>
+</head>testi-bg.jpg
 <body>
 <?
- echo "<div id=\"emptypopup\">";
+ echo "<div id=\"emptypopup\">";testi-bg.jpg
 
  if($_GET['division'])
  {
@@ -72,8 +73,9 @@ echo mysql_error();
 			opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?>
 		</script>
 	<?
- 	$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
-	$r=mysql_fetch_object($q);
+ 	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	echo "<h2>".i18n($r->division)."</h2>\n";
 	echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>";
 	echo "<br />";
@@ -87,8 +89,9 @@ echo mysql_error();
 		$id=1;
 	 else
 		$id=$_GET['id'];
-	 $q=mysql_query("SELECT * FROM projectdivisionsselector WHERE id='$id'");
-	 $r=mysql_fetch_object($q);
+	 $q=$pdo->prepare("SELECT * FROM projectdivisionsselector WHERE id='$id'");
+	 $q->execute();
+	 $r=$q->fetch(PDO::FETCH_OBJ);
 	 echo i18n($r->question);
 	 echo "<br />";
 	 echo "<br />";
diff --git a/register_participants_safety.php b/register_participants_safety.php
index ef44fab..deb80da 100644
--- a/register_participants_safety.php
+++ b/register_participants_safety.php
@@ -1,5 +1,5 @@
 <?
-/* 
+/* mysql_query
    This file is part of the 'Science Fair In A Box' project
    SFIAB Website: http://www.sfiab.ca
 
@@ -35,20 +35,21 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0) {
+ if($q->rowCount()==0) {
  	header("Location: register_participants.php");
 	exit;
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
  //send the header
  send_header("Participant Registration - Safety Information");
@@ -65,16 +66,18 @@ echo mysql_error();
 	}
 	else {
 		//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
-		mysql_query("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		if(is_array($_POST['safety'])) {
 			$safetyids=array_keys($_POST['safety']);
 			foreach($safetyids AS $key=>$val) {
-				mysql_query("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
+				$stmt = $pdo->prepare("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
 						"'".$_SESSION['registration_id']."', ".
 						"'$val', ".
 						"'".$config['FAIRYEAR']."', ".
-						"'".mysql_escape_string(stripslashes($_POST['safety'][$val]))."')");
-						echo mysql_error();
+						"'".stripslashes($_POST['safety'][$val]))."')";
+				$stmt->execute();
+						echo $pdo->errorInfo();
 			}
 		}
 	}	
@@ -89,13 +92,15 @@ else if($newstatus=="complete") {
 	echo happy(i18n("Safety Information Complete"));
 }
 
- $q=mysql_query("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
- while($r=mysql_fetch_object($q)) {
+ $q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$safetyanswers[$r->safetyquestions_id]=$r->answer;
  }
 
- $q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
- if(mysql_num_rows($q)) {
+ $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
+ $q->execute();
+ if($q->rowCount()) {
 	 echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer");
 	 echo "<br />";
 	 echo "<br />";
@@ -103,7 +108,7 @@ else if($newstatus=="complete") {
 	 echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 	 echo "<table class=\"tableedit\">\n";
 	 $num=1;
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$trclass=($num%2==0?"odd":"even");
 		echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>";
 		if($r->required=="yes") echo REQUIREDFIELD;
diff --git a/register_participants_signature.php b/register_participants_signature.php
index 28e618a..aa8ffa5 100644
--- a/register_participants_signature.php
+++ b/register_participants_signature.php
@@ -45,7 +45,7 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
@@ -55,16 +55,17 @@
 
 	$registration_number=$_SESSION['registration_number'];
 	$registration_id=$_SESSION['registration_id'];
+$q->execute();
 
-echo mysql_error();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
 }
  //END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@@ -106,7 +107,7 @@ $pdf->newPage();
  else
  {
  //grab the project info
- $q=mysql_query("SELECT projects.*, 
+ $q=$pdo->prepare("SELECT projects.*, 
                         projectcategories.category, 
                         projectdivisions.division
                  FROM projects
@@ -117,10 +118,12 @@ $pdf->newPage();
                         AND projectdivisions.year='".$config['FAIRYEAR']."'
                         AND projectcategories.year='".$config['FAIRYEAR']."'
                         ");
- $projectinfo=mysql_fetch_object($q);
+$q->execute();
+ $projectinfo=$q->fetch(PDO::FETCH_OBJ);
 
- $q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- while($si=mysql_fetch_object($q))
+ $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ while($si=$q->fetch(PDO::FETCH_OBJ))
 	$studentinfoarray[]=$si;
  }
 
@@ -141,8 +144,9 @@ $pdf->newPage();
  foreach($studentinfoarray AS $studentinfo)
  {
  	if(!$_GET['sample']) {
-	$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
-	$rr = mysql_fetch_object($qq);
+	$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
+	$qq->execute();
+	$rr = $qq->fetch(PDO::FETCH_OBJ);
 	}
 	
 	$pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5); 
@@ -154,8 +158,9 @@ $pdf->newPage();
 			 
  $pdf->hr();
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  if($r->use)
  {
 	 $pdf->heading(i18n("Exhibitor Declaration"));
@@ -201,8 +206,9 @@ $pdf->newPage();
 	 $pdf->hr();
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  if($r->use)
  {
 	 //now for the parent/guardian signatures
@@ -240,8 +246,9 @@ $pdf->newPage();
 	 $pdf->hr();
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  if($r->use)
  {
 	 //now for the teacher signature
@@ -280,8 +287,9 @@ $pdf->newPage();
 	$pdf->hr();
   }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  if($r->use)
  {
 	//now for the teacher signature
@@ -318,8 +326,9 @@ $pdf->newPage();
 	$pdf->hr();
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  if($r->use)
  {
 	//now for the teacher signature
diff --git a/register_participants_signature_tcpdf.php b/register_participants_signature_tcpdf.php
index 88df547..8c7278a 100644
--- a/register_participants_signature_tcpdf.php
+++ b/register_participants_signature_tcpdf.php
@@ -41,7 +41,7 @@
 		exit;
 	}
 
-	 $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname 
+	 $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname 
 	 			FROM registrations,students
 		 		WHERE students.email='{$_SESSION['email']}' 
 				AND registrations.num='{$_SESSION['registration_number']}'
@@ -51,15 +51,16 @@
 				AND students.year={$config['FAIRYEAR']}");
 	$registration_number=$_SESSION['registration_number'];
 	$registration_id=$_SESSION['registration_id'];
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q)==0) {
+	if($q->rowCount()==0) {
 	 	header("Location: register_participants.php");
 		exit;
  
 	}
-	$authinfo=mysql_fetch_object($q);
+	$authinfo=$q->fetch(PDO::FETCH_OBJ);
 
 }
  //END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@@ -86,7 +87,7 @@ $pdf->AddPage();
 	$rr->school="SampleSchool";
  } else {
 	 //grab the project info
-	 $q=mysql_query("SELECT projects.*, 
+	 $q=$pdo->prepare("SELECT projects.*, 
                         projectcategories.category, 
                         projectdivisions.division
                  FROM projects
@@ -97,10 +98,12 @@ $pdf->AddPage();
                         AND projectdivisions.year='".$config['FAIRYEAR']."'
                         AND projectcategories.year='".$config['FAIRYEAR']."'
                         ");
-	 $projectinfo=mysql_fetch_object($q);
+		$q->execute();
+	 $projectinfo=$q->fetch(PDO::FETCH_OBJ);
 
-	 $q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-	 while($si=mysql_fetch_object($q))
+	 $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+	 $q->execute();
+	 while($si=$q->fetch(PDO::FETCH_OBJ))
 		$studentinfoarray[]=$si;
  }
 
@@ -115,8 +118,9 @@ $pdf->AddPage();
  $students = "";
  foreach($studentinfoarray AS $studentinfo) { 
  	if(!$_GET['sample']) {
-		$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
-		$rr = mysql_fetch_object($qq);
+		$qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
+		$qq->execute();
+		$rr = $qq->fetch(PDO::FETCH_OBJ);
 	}
 	if($students != '') $students .= '<br/>';
 	$students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}";
@@ -144,8 +148,9 @@ function sig($pdf, $text)
 	$pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C');
 }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
- $r=mysql_fetch_assoc($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_ASSOC);
  if($r['use']) {
  	$t = nl2br($r['text']);
 	$pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t");
@@ -156,8 +161,9 @@ function sig($pdf, $text)
 	$pdf->WriteHTML("<br><hr>");
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
- $r=mysql_fetch_assoc($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_ASSOC);
  if($r['use']) {
  	$t = nl2br($r['text']);
 	$pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t");
@@ -168,8 +174,9 @@ function sig($pdf, $text)
 	$pdf->WriteHTML("<br><hr>");
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
- $r=mysql_fetch_assoc($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_ASSOC);
  if($r['use']) {
  	$t = nl2br($r['text']);
 	$pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t");
@@ -177,8 +184,9 @@ function sig($pdf, $text)
 	$pdf->WriteHTML("<br><hr>");	
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'");
- $r=mysql_fetch_assoc($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_ASSOC);
  if($r['use']) {
 	$pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>");
 
@@ -207,8 +215,9 @@ function sig($pdf, $text)
 	$pdf->WriteHTML("<br><hr>");	
  }
 
- $q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'");
- $r=mysql_fetch_assoc($q);
+ $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_ASSOC);
  if($r['use']) {
  	$t = nl2br($r['text']);
 	$pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t");
diff --git a/register_participants_spawards.php b/register_participants_spawards.php
index 5e6fef6..24bce44 100644
--- a/register_participants_spawards.php
+++ b/register_participants_spawards.php
@@ -36,24 +36,26 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+	$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0) {
+ if($q->rowCount()==0) {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
- $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
- $project=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
+$q->execute();
+ $project=$q->fetch(PDO::FETCH_OBJ);
 
  //send the header
  send_header("Participant Registration - Self-Nomination for Special Awards");
@@ -87,8 +89,9 @@ function checkboxclicked(b)
 
  if($config['specialawardnomination']=="date") {
 	echo notice(i18n("Special award self-nomination is only available from %1 to %2.  Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose'])));
-	$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	//this will return 1 if its between the dates, 0 otherwise.
 	if($r->datecheck==1)
 		$readonly=false;
@@ -123,16 +126,18 @@ function checkboxclicked(b)
 		}
 		else
 		{
-			mysql_query("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
-
+			$stmt =$pdo->prepare("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt-execute();
 			foreach($splist AS $spaward)
 			{
 				$s = ($spaward == -1) ? "NULL" : "'$spaward'";
-				mysql_query("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
+				$stmt = $pdo->prepare("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
 						"$s, ".
 						"'$project->id', ".
 						"'".$config['FAIRYEAR']."')");
-						echo mysql_error();
+				$stmt->execute();
+						echo $pdo->errorInfo();
+
 			}
 			if($num) {
 				if($noawards == true)
diff --git a/register_participants_students.php b/register_participants_students.php
index 2392092..6876e5a 100644
--- a/register_participants_students.php
+++ b/register_participants_students.php
@@ -37,32 +37,33 @@
 	exit;
  }
  $fairyear = intval($config['FAIRYEAR']);
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
- 	"WHERE students.email='" . mysql_real_escape_string($_SESSION['email']) . "' ".
-	"AND registrations.num='" . mysql_real_escape_string($_SESSION['registration_number']) . "' ". 
-	"AND registrations.id='" . mysql_real_escape_string($_SESSION['registration_id']) . "' ".
+ $q=yahoo_image.png.pnguery("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ 	"WHERE students.email='" . $_SESSION['email'] . "' ".
+	"AND registrations.num='" . $_SESSION['registration_number'] . "' ". 
+	"AND registrations.id='" . $_SESSION['registration_id'] . "' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=" . $fairyear . " ".
 	"AND students.year=" . $fairyear);
- echo mysql_error();
+ echo $pdo->errorInfo();
 
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $r=mysql_fetch_object($q);
+ $r=$q->fetch(PDO::FETCH_OBJ);
 
  send_header("Participant Registration - Student Information");
  echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
  echo "<br />";
 
  $regfee_items = array();
- $items_q = mysql_query("SELECT * FROM regfee_items
+ $items_q = $pdo->prepare("SELECT * FROM regfee_items
  				WHERE year='{$config['FAIRYEAR']}'");
- while($items_i = mysql_fetch_assoc($items_q)) {
+$items_q->execute();
+ while($items_i = $items_q->fetch(PDO::FETCH_ASSOC)) {
  	$regfee_items[] = $items_i;
  }
 
@@ -90,41 +91,42 @@ if($_POST['action']=="save")
 				//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record.  for anything else they can school the school on their own.
 				if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite")
 				{
-					$q=mysql_query("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
-					$r=mysql_fetch_object($q);
+					$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
+					$q->execute();
+					$r=$q->fetch(PDO::FETCH_OBJ);
 					$schools_id=$r->schools_id;
 
 					$schoolvalue="'$schools_id', ";
 				}
 				else
 				{
-					$schoolvalue="'".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+					$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
 				}
 				//INSERT new record
 				$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-				mysql_query("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
+				$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
 						"'".$_SESSION['registration_id']."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+						"'".stripslashes($_POST['firstname'][$x])."', ".
+						"'".stripslashes($_POST['lastname'][$x])."', ".
+						"'".stripslashes($_POST['pronunciation'][$x])."', ".
+						"'".stripslashes($_POST['sex'][$x])."', ".
+						"'".stripslashes($_POST['email'][$x])."', ".
+						"'".stripslashes($_POST['address'][$x])."', ".
+						"'".stripslashes($_POST['city'][$x])."', ".
+						"'".stripslashes($_POST['county'][$x])."', ".
+						"'".stripslashes($_POST['province'][$x])."', ".
+						"'".stripslashes($_POST['postalcode'][$x])."', ".
+						"'".stripslashes($_POST['phone'][$x])."', ".
 						"'$dob', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+						"'".stripslashes($_POST['grade'][$x])."', ".
 						$schoolvalue.
-						"'".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
-						"'".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
+						"'".stripslashes($_POST['tshirt'][$x])."', ".
+						"'".stripslashes($_POST['medicalalert'][$x])."', ".
+						"'".stripslashes($_POST['foodreq'][$x])."', ".
+						"'".stripslashes($_POST['teachername'][$x])."', ".
+						"'".stripslashes($_POST['teacheremail'][$x])."', ".
 						"'".$config['FAIRYEAR']."')");
-				$students_id = mysql_insert_id();
+				$students_id = $pdo->lastInsertId();
 				
 				echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
 
@@ -139,44 +141,46 @@ if($_POST['action']=="save")
 				}
 				else
 				{
-					$schoolquery="schools_id='".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+					$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
 				}
 
 
 				//UPDATE existing record
 				$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-				mysql_query("UPDATE students SET ".
-						"firstname='".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ".
-						"lastname='".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ".
-						"pronunciation='".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ".
-						"sex='".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-						"email='".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ".
-						"address='".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ".
-						"city='".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ".
-						"county='".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ".
-						"province='".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ".
-						"postalcode='".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
-						"phone='".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+				$stmt = $pdo->prepare("UPDATE students SET ".
+						"firstname='".stripslashes($_POST['firstname'][$x])."', ".
+						"lastname='".stripslashes($_POST['lastname'][$x])."', ".
+						"pronunciation='".stripslashes($_POST['pronunciation'][$x])."', ".
+						"sex='".stripslashes($_POST['sex'][$x])."', ".
+						"email='".stripslashes($_POST['email'][$x])."', ".
+						"address='".stripslashes($_POST['address'][$x])."', ".
+						"city='".stripslashes($_POST['city'][$x])."', ".
+						"county='".stripslashes($_POST['county'][$x])."', ".
+						"province='".stripslashes($_POST['province'][$x])."', ".
+						"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
+						"phone='".stripslashes($_POST['phone'][$x])."', ".
 						"dateofbirth='$dob', ".
-						"grade='".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+						"grade='".stripslashes($_POST['grade'][$x])."', ".
 						$schoolquery.
-						"medicalalert='".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
-						"foodreq='".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
-						"teachername='".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ".
-						"teacheremail='".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ".
-						"tshirt='".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
+						"medicalalert='".stripslashes($_POST['medicalalert'][$x])."', ".
+						"foodreq='".stripslashes($_POST['foodreq'][$x])."', ".
+						"teachername='".stripslashes($_POST['teachername'][$x])."', ".
+						"teacheremail='".stripslashes($_POST['teacheremail'][$x])."', ".
+						"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
 						"WHERE id='$students_id'");
 				echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
 
 			}
 			/* Update the regfee items link */
 			if($config['participant_regfee_items_enable'] == 'yes') {
-				mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
+				$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
+				$stmt->execute();
 
 				if(is_array($_POST['regfee_item'][$x])) {
 					foreach($_POST['regfee_item'][$x] as $id=>$enabled) {
-						mysql_query("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
+						$stmt = $pdo->prepare("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
 								VALUES ('$students_id','$id') ");
+						$stmt->execute();
 					}
 				}
 			}
@@ -195,20 +199,22 @@ if($_GET['action']=="removestudent")
 	{
 		$students_id = intval($_GET['removestudent']);
 		//first make sure this is one belonging to this registration id
-		$q=mysql_query("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
-		if(mysql_num_rows($q)==1)
+		$q=$pdo->prepare("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
+		$q->execute();
+		if($q->rowCount()==1)
 		{
-			mysql_query("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
-
+			$stmt = $pdo->prepare("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
+			$stmt->execute();
 			//now see if they have an emergency contact that also needs to be removed
 
-			$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+			$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+			$q->execute();
 			//no need to error message if this doesnt exist
-			if(mysql_num_rows($q)==1)
-				mysql_query("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-
-			mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
-			
+			if($q->rowCount()==1)
+				$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+				$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
+			$stmt->execute();
 			echo notice(i18n("Student successfully removed"));
 		}
 		else
@@ -234,20 +240,21 @@ else if($newstatus=="complete")
 
 //now query and display
 
- $q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
-
- if(mysql_num_rows($q)==0)
+ $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+$q->execute();
+ if($q->rowCount()==0)
  {
  	//uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
 	//although... this can never really happen, since the above queries only allow the page to view if the student
 	//is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
-	mysql_query("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".mysql_real_escape_string($_SESSION['email'])."','".$config['FAIRYEAR']."')");
+	$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".$_SESSION['email']."','".$config['FAIRYEAR']."')");
+	$stmt->execute();
 	//if we just inserted it, then we will obviously find 1
 	$numfound=1;
  }
  else
  {
- 	$numfound=mysql_num_rows($q);
+ 	$numfound=$q->rowCount();
  }
 
  if($_GET['numstudents'])
@@ -277,7 +284,7 @@ else if($newstatus=="complete")
  echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
  for($x=1;$x<=$numtoshow;$x++)
  {
- 	$studentinfo=mysql_fetch_object($q);
+ 	$studentinfo=$q->fetch(PDO::FETCH_OBJ);
 	echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
 	//if we have a valid student, set their ID, so we can UPDATE when we submit
 	//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@@ -447,10 +454,11 @@ if($config['participant_student_personal']=="yes")
 	echo " <td>".i18n("School")."</td><td colspan=\"3\">";
 	if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
 	{
-		$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+		$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+		$schoolq->execute();
 		echo "<select name=\"schools_id[$x]\">\n";
 		echo "<option value=\"\">".i18n("Choose School")."</option>\n";
-		while($r=mysql_fetch_object($schoolq))
+		while($r=$schoolq->fetch(PDO::FETCH_OBJ))
 		{
 			if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
 			echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@@ -460,8 +468,9 @@ if($config['participant_student_personal']=="yes")
 	}
 	else
 	{
-		$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
-		$r=mysql_fetch_object($schoolq);
+		$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
+		$schoolq->execute();
+		$r=$schoolq->fetch(PDO::FETCH_OBJ);
 		echo $r->school;
 	}
 
@@ -474,10 +483,11 @@ if($config['participant_student_personal']=="yes")
 	echo "</tr>\n";
 
 	if($config['participant_regfee_items_enable'] == 'yes' ) {
-		$sel_q = mysql_query("SELECT * FROM regfee_items_link 
+		$sel_q = $pdo->prepare("SELECT * FROM regfee_items_link 
 					WHERE students_id=$id");
+		$sel_q->execute();
 		$sel = array();
-		while($info_q = mysql_fetch_assoc($sel_q)) {
+		while($info_q = $sel_q->fetch(PDO::FETCH_ASSOC)) {
 			$sel[$info_q['regfee_items_id']] = $info_q['id'];
 		}
 		foreach($regfee_items as $rfi) {
diff --git a/register_participants_tours.php b/register_participants_tours.php
index 873f32d..56f2d41 100644
--- a/register_participants_tours.php
+++ b/register_participants_tours.php
@@ -37,22 +37,23 @@
 	exit;
  }
 
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
+ $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
  	"WHERE students.email='".$_SESSION['email']."' ".
 	"AND registrations.num='".$_SESSION['registration_number']."' ". 
 	"AND registrations.id='".$_SESSION['registration_id']."' ".
 	"AND students.registrations_id=registrations.id ".
 	"AND registrations.year=".$config['FAIRYEAR']." ".
 	"AND students.year=".$config['FAIRYEAR']);
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
- if(mysql_num_rows($q)==0)
+ if($q->rowCount()==0)
  {
  	header("Location: register_participants.php");
 	exit;
  
  }
- $authinfo=mysql_fetch_object($q);
+ $authinfo=$q->fetch(PDO::FETCH_OBJ);
 
 
  //send the header
@@ -75,10 +76,11 @@ echo mysql_error();
 	else
 	{
 		//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
-		mysql_query("DELETE FROM tours_choice 
+		$stmt = $pdo->prepare("DELETE FROM tours_choice 
 				WHERE registrations_id='{$_SESSION['registration_id']}' 
 				AND year='{$config['FAIRYEAR']}' 
 				AND rank!='0'");
+		$stmt->execute();
 		if(is_array($_POST['toursel']))
 		{
 			foreach($_POST['toursel'] AS $students_id=>$ts)
@@ -98,13 +100,14 @@ echo mysql_error();
 					/* Remember this choice in a format that is easily searchable */
 					$selarray[] = $x;
 
-					mysql_query("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
+					$stmt = $pdo->prepare("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
 						"'".$_SESSION['registration_id']."', ".
 						"'".intval($students_id)."', ".
 						"'".intval($tid)."', ".
 						"'".$config['FAIRYEAR']."', ".
 						"'$rank')");
-						echo mysql_error();
+					$stmt->execute();
+						echo $pdo->errorInfo();
 				}
 
 			}
@@ -140,23 +143,25 @@ else if($newstatus=="complete")
 
 
  $assigned_tour = array();
- $q=mysql_query("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- while($r=mysql_fetch_object($q))
+ $q=$pdo->prepare("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
  	if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id;
 	$tour_choice[$r->students_id][$r->rank] = $r->tour_id;
  }
 
  $tours = array();
- $q=mysql_query("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
- if(mysql_num_rows($q) == 0)
+ $q=$pdo->prepare("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+ $q->execute();
+ if($q->rowCount() == 0)
  {
  	echo notice(i18n("There is not tour information"));
 	send_footer(); 
 	exit;
  }
 
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {
 	$tours[$r->id]['name'] = $r->name;
 	$tours[$r->id]['num'] = $r->num;
@@ -173,11 +178,12 @@ else if($newstatus=="complete")
  echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
  echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 
- $q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
- $num_found = mysql_num_rows($q);
+ $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
+$q->execute();
+ $num_found = $q->rowCount();
 
  $print_submit = false;
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
 	echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />";
 	if($r->grade <= 0) {
diff --git a/remote.php b/remote.php
index db64143..5d649d9 100644
--- a/remote.php
+++ b/remote.php
@@ -37,9 +37,10 @@ function handle_getstats(&$u, $fair,&$data, &$response)
 	$response['statconfig'] = explode(',', $fair['gather_stats']);
 
 	/* Send back the stats we currently have */
-	$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
+	$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
 				AND year='$year'");
-	$response['stats'] = mysql_fetch_assoc($q);
+	$q->execute();
+	$response['stats'] = $q->fetch(PDO::FETCH_ASSOC);
 	unset($response['stats']['id']);
 	$response['error'] = 0;
 }
@@ -48,17 +49,19 @@ function handle_stats(&$u,$fair, &$data, &$response)
 {
 	$stats = $data['stats'];
 	foreach($stats as $k=>$v) {
-		$stats[$k] = mysql_escape_string($stats[$k]);
+		$stats[$k] = $stats[$k];
 	}
 
 //	$str = join(',',$stats);
 	$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
 	$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
-	mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
+	$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
 		AND year='{$stats['year']}'");
-	echo mysql_error();
-	mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
+	$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
+	$stmt->execute();
+	echo $pdo->errorInfo();
 
 	$response['message'] = 'Stats saved';
 	$response['error'] = 0;
@@ -71,8 +74,9 @@ function handle_getawards(&$u, $fair, &$data, &$response)
 
 	$ids = array();
 	/* Load a list of awards linked to the fair id */
-	$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
-	while($r = mysql_fetch_assoc($q)) {
+	$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
+	$q->execute();
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$aaid = $r['award_awards_id'];
 		if($r['download_award'] == 'yes') $ids[] = $aaid;
 		$ul[$aaid] = $r['upload_winners'];
@@ -80,9 +84,10 @@ function handle_getawards(&$u, $fair, &$data, &$response)
 
 	/* Load the awards this fair is allowed to download */
 	$where = "(id='".join("' OR id='", $ids)."')";
-	$q = mysql_query("SELECT * FROM award_awards WHERE $where AND year='$year'" );
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year='$year'" );
+	$q->execute();
 
-	while($a = mysql_fetch_assoc($q)) {
+	while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 		$award = array();
 		$award['identifier'] = $a['external_identifier'];
 		$award['external_additional_materials'] = $a['external_additional_materials'];
@@ -95,16 +100,18 @@ function handle_getawards(&$u, $fair, &$data, &$response)
 		$award['schedule_judges'] = $a['schedule_judges'];
 		
 		if($a['sponsors_id']) {
-			$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
-			if(mysql_num_rows($sq)) {
-				$s =  mysql_fetch_assoc($sq);
+			$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
+			$sq->execute();
+			if($sq->rowCount()) {
+				$s =  $sq->fetch(PDO::FETCH_ASSOC);
 				$award['sponsor'] = $s['organization'];
 			}
 		}
 
 		$award['prizes'] = array();
-		$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
-		while($p = mysql_fetch_assoc($pq)) {
+		$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
+		$pq->execute();
+		while($p = $pq->fetch(PDO::FETCH_ASSOC)) {
 			/* Map array keys -> local database field */
 			$map = array(	'cash' => 'cash', 'scholarship' => 'scholarship',
 					'value' => 'value', 'prize_en' => 'prize', 'number'=>'number',
@@ -146,7 +153,7 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
 				'scienceheadphone'=>'scienceheadphone');*/
 
 	if($school_id == -1) {
-		$our_school = mysql_fetch_assoc($mysql_query);
+		$our_school = $mysql_query->fetch(PDO::FETCH_ASSOC);
 		$sid = $our_school['id'];
 	} else {
 		$sid = $school_id;
@@ -156,41 +163,47 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
 	foreach($school_fields as $t=>$m) {
 		if($our_school[$m] == $school[$t]) continue;
 		if($set != '') $set.=',';
-		$set .= "`$m`='".mysql_real_escape_string($school[$t])."'";
+		$set .= "`$m`='".$school[$t]."'";
 	}
-	mysql_query("UPDATE schools SET $set WHERE id='$sid'");
+	$stmt = $pdo->prepare("UPDATE schools SET $set WHERE id='$sid'");
+	$stmt->execute();
 	return $sid;
 }
 
 function award_upload_school(&$student, &$school, $year, &$response)
 {
 
-	$school_name = mysql_real_escape_string($school['schoolname']);
-	$school_city = mysql_real_escape_string($school['city']);
-	$school_phone = mysql_real_escape_string($school['phone']);
-	$school_addr = mysql_real_escape_string($school['address']);
+	$school_name = $school['schoolname'];
+	$school_city = $school['city'];
+	$school_phone = $school['phone'];
+	$school_addr = $school['address'];
 	$student_city = $student['city'];
 
 	/* Find school by matching name, city, phone, year */
-	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
-	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
+	$q->execute();
+	if($q->rowCount() == 1) return award_upload_update_school($q, $school);
 
 	/* Find school by matching name, city, address, year */
-	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
-	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
+	$q->execute();
+	if($q->rowCount() == 1) return award_upload_update_school($q, $school);
 
 	/* Find school by matching name, city, year */
-	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
-	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
+	$q->execute();
+	if($q->rowCount() == 1) return award_upload_update_school($q, $school);
 
 	/* Find school by matching name, student city, year */
-	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
-	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
+	$q->execute();
+	if($q->rowCount() == 1) return award_upload_update_school($q, $school);
 
 	$response['notice'][] = "      - Creating new school: $school_name";
 	/* No? ok, make a new school */
-	mysql_query("INSERT INTO schools(`school`,`year`) VALUES ('".mysql_real_escape_string($school['schoolname'])."','$year')");
-	$school_id = mysql_insert_id();
+	$stmt = $pdo->prepare("INSERT INTO schools(`school`,`year`) VALUES ('".$school['schoolname']."','$year')");
+	$stmt->execute();
+	$school_id = $pdo->lastInsertId();
 	return award_upload_update_school($q, $school, $school_id);
 }
 
@@ -216,11 +229,12 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
 				'teacheremail'=>'teacheremail');
 
 	/* See if this project already exists */
-	$pn = mysql_real_escape_string($project['projectnumber']);
-	$q = mysql_query("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
-	echo mysql_error();
-	if(mysql_num_rows($q) == 1) {
-		$our_project = mysql_fetch_assoc($q);
+	$pn = $project['projectnumber'];
+	$q = $pdo->prepare("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	if($q->rowCount() == 1) {
+		$our_project = $q->fetch(PDO::FETCH_ASSOC);
 		$registrations_id = $our_project['registrations_id'];
 		$pid = $our_project['id'];
 		$response['notice'][] = "   - Found existing project: {$project['title']}";
@@ -233,41 +247,47 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
 			//random number between
 			//100000 and 999999  (six digit integer)
 			$regnum=rand(100000,999999);
-			$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
-			echo mysql_error();
-		}while(mysql_num_rows($q)>0);
+			$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
+			$q->execute();
+			echo $pdo->errorInfo();
+		}while($q->rowCount()>0);
 
 		//actually insert it
-		mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
+		$stmt= $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
 				"'$regnum','$regnum',NOW(),'open',NULL,'$year')");
-		$registrations_id = mysql_insert_id();
+		$stmt->execute();
+		$registrations_id = $pdo->lastInsertId();
 		/* We'll fill in the email address later */
 
 		/* Add the project */
-		mysql_query("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
+		$stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
 				VALUES('$registrations_id',
-					'".mysql_real_escape_string($project['projectnumber'])."',
+					'".$project['projectnumber']."',
 					'$year', '{$fair['id']}');");
-		$pid = mysql_insert_id();
+		$stmt->execute();
+		$pid = $pdo->lastInsertId();
 		$reg_email_needs_update = true;
 		$new_reg = true;
 	}
-	$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
-	$registration = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
+	$q->execute();
+	$registration = $q->fetch(PDO::FETCH_ASSOC);
 
 	/* Update the project in case anythign changed */
-	mysql_query("UPDATE projects SET title='".mysql_real_escape_string($project['title'])."',
-					summary='".mysql_real_escape_string($project['abstract'])."',
+	$stmt = $pdo->prepare("UPDATE projects SET title='".$project['title']."',
+					summary='".$project['abstract']."',
 					projectcategories_id='".intval($project['projectcategories_id'])."',
 					projectdivisions_id='".intval($project['projectdivisions_id'])."'
 				WHERE id='$pid'");
+	$stmt->execute();
 
 	/* Record the winner */
-	mysql_query("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
+	$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
 			VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
-
+	$stmt->execute();
 	/* Delete the students attached to this project */
-	mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
+	$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
+	$stmt->execute();
 
 	/* Add new */
 	foreach($project['students'] as &$student) {
@@ -279,15 +299,17 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
 		$keys = ",`".join("`,`", array_values($student_fields))."`";
 		$values = "";
 		foreach($student_fields as $k=>$v) 
-			$values .= ",'".mysql_real_escape_string($student[$k])."'";
+			$values .= ",'".$student[$k]."'";
 		/* Note lack of comma before $keys, we added it above for both keys and values */
-		mysql_query("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
+		$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
 				VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
+		$stmt->execute();
 
 		/* Update the registration email */
 		if($reg_email_needs_update) {
-			mysql_query("UPDATE registrations SET email='".mysql_real_escape_string($student['email'])."'
+			$stmt = $pdo->prepare("UPDATE registrations SET email='".$student['email']."'
 					WHERE id='$registrations_id'");
+			$stmt->execute();
 			$reg_email_needs_update = false;
 		}
 
@@ -305,7 +327,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
 		/* It's not an external, so we don't need the student to login 
 		 * or antyhing, we probably want to include it in reports, so set 
 		 * it to complete */
-		mysql_query("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
+		$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
+		$stmt->execute();
 	}
 }
 
@@ -326,15 +349,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
 		$year = intval($award_data['year']);
 	
 		/* Find the award */
-		$eid = mysql_real_escape_string($external_identifier);
+		$eid = $external_identifier;
 
-		$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
-		if(mysql_num_rows($q) != 1) {
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
+		$q->execute();
+		if($q->rowCount() != 1) {
 			$response['message'] = "Unknown award identifier '$eid' for year $year";
 			$response['error'] = 1;
 			return;
 		}
-		$award = mysql_fetch_assoc($q);
+		$award = $q->fetch(PDO::FETCH_ASSOC);
 		$aaid = $award['id'];
 
 		$response['notice'][] = "Found award: {$award['name']}";
@@ -342,14 +366,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
 		/* Load prizes, we fetched the right award by year, so we don't need to 
 		 * check the year as long as we query by aaid */
 		$prizes = array();
-		$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
-		while($prize = mysql_fetch_assoc($q)) {
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
+		$q->execute();
+		while($prize = $q->fetch(PDO::FETCH_ASSOC)) {
 			$response['notice'][] = " - Prize: {$prize['prize']}";
 
 			/* Clean out existing winners for this prize */
-			mysql_query("DELETE FROM winners WHERE 
+			$stmt = $pdo->prepare("DELETE FROM winners WHERE 
 					award_prize_id='{$prize['id']}' 
 					AND fairs_id='{$fair['id']}'");
+			$stmt->execute();
 
 			/* Assign projects to this prize */
 			$ul_p =& $award_data['prizes'][$prize['prize']];
@@ -368,8 +394,9 @@ function handle_get_categories(&$u, &$fair, &$data, &$response)
 {
 	$year = intval($data['get_categories']['year']);
 	$cat = array();
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	        $cat[$r->id]=array('id' => $r->id,
 				'category' => $r->category,
 				'mingrade' => $r->mingrade,
@@ -383,8 +410,9 @@ function handle_get_divisions(&$u, &$fair, &$data, &$response)
 {
 	$year = intval($data['get_divisions']['year']);
 	$div = array();
-	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$div[$r->id] = array('id' => $r->id,
 				'division' => $r->division);
 	}
@@ -397,14 +425,15 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
 	$year = intval($data['award_additional_materials']['year']);
 	$external_identifier = $data['award_additional_materials']['identifier'];
 
-	$eid = mysql_real_escape_string($external_identifier);
-	$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
-	if(mysql_num_rows($q) != 1) {
+	$eid = $external_identifier;
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
+	$q->execute();
+	if($q->rowCount() != 1) {
 		$response['message'] = "Unknown award identifier '$eid'";
 		$response['error'] = 1;
 		return;
 	}
-	$award = mysql_fetch_assoc($q);
+	$award = $q->fetch(PDO::FETCH_ASSOC);
 
 	$pdf = fair_additional_materials($fair, $award, $year);
 	$response['award_additional_materials']['pdf']['header'] = $pdf['header'];
@@ -456,8 +485,9 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
 	exit;
  }
 
- $q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
- $fair = mysql_fetch_assoc($q);
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
+ $q->execute();
+ $fair = $q->fetch(PDO::FETCH_ASSOC);
 
  $response = array();
  if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
diff --git a/schoolaccess.php b/schoolaccess.php
index de1e6da..1554f48 100644
--- a/schoolaccess.php
+++ b/schoolaccess.php
@@ -4,12 +4,14 @@ require_once('user.inc.php');
 
 if($_POST['schoolid'] && $_POST['accesscode'])
 {
-	$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)==1)
+	$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()==1)
 	{
 		$_SESSION['schoolid']=$_POST['schoolid'];
 		$_SESSION['schoolaccesscode']=$_POST['accesscode'];
-		mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
+		$stmt = $pdo->prepare("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
+		$stmt->execute();
 
 	}
 	else
@@ -28,9 +30,10 @@ send_header("School Access");
 
 if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 {
-	$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
-	echo mysql_error();
-	$school=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	$school=$q->fetch(PDO::FETCH_OBJ);
 	if($school) {
 		if($_POST['action']=="save") {
 
@@ -65,27 +68,29 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 			}
 
 
-			mysql_query("UPDATE schools SET
-				school='".mysql_escape_string(stripslashes($_POST['school']))."',
-				address='".mysql_escape_string(stripslashes($_POST['address']))."',
-				city='".mysql_escape_string(stripslashes($_POST['city']))."',
-				province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."',
-				postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."',
-				phone='".mysql_escape_string(stripslashes($_POST['phone']))."',
+			$stmt = $pdo->prepare("UPDATE schools SET
+				school='".stripslashes($_POST['school'])."',
+				address='".stripslashes($_POST['address'])."',
+				city='".stripslashes($_POST['city'])."',
+				province_code='".stripslashes($_POST['province_code'])."',
+				postalcode='".stripslashes($_POST['postalcode'])."',
+				phone='".stripslashes($_POST['phone'])."',
 				$sciencehead_update
-				fax='".mysql_escape_string(stripslashes($_POST['fax']))."'
+				fax='".stripslashes($_POST['fax'])."'
 				WHERE id='$school->id'");
+			$stmt->execute();
 
-			echo mysql_error();
-				if(mysql_error())
+			echo $pdo->errorInfo();
+				if($pdo->errorInfo())
 					echo error(i18n("An Error occured trying to save the school information"));
 				else
 					echo happy(i18n("School information successfully updated"));
 
 				//and reselect it
-				$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
-				echo mysql_error();
-				$school=mysql_fetch_object($q);
+				$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
+				$q->execute();
+				echo $pdo->errorInfo();
+				$school=$q->fetch(PDO::FETCH_OBJ);
 		}
 
 /*
@@ -97,11 +102,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 						senior='".$_POST['senior']."'
 						WHERE id='$school->id'");
 
-				echo mysql_error();
+				echo $pdo->errorInfo();
 
 				$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
 				echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
-				$school=mysql_fetch_object($q);
+				$school=$q->fetch(PDO::FETCH_OBJ);
 
 		}
 		*/
@@ -221,9 +226,10 @@ else {
 	<select name="schoolid">
 	<option value=""><?=i18n("Choose your school")?></option>
 	<?
-	$q=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+	$q=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+	$q->execute();
 	$prev="somethingthatdoesnotexist";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($r->school==$prev)
 			echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n";
diff --git a/schoolinvite.php b/schoolinvite.php
index a3cf29e..e5278a9 100644
--- a/schoolinvite.php
+++ b/schoolinvite.php
@@ -7,9 +7,10 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 
 	echo "<a href=\"schoolaccess.php\">&lt;&lt; ".i18n("Return to school access main page")."</a><br />";
 	echo "<br />";
-	$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
-	echo mysql_error();
-	$school=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	$school=$q->fetch(PDO::FETCH_OBJ);
 	if($school)
 	{
 		if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" )
@@ -19,8 +20,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 				if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade'])
 				{
 					//make sure they arent already invited!
-					$q=mysql_query("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
-					if(mysql_num_rows($q))
+					$q=$pdo->prepare("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
+					$q->execute();
+					if($q->rowCount())
 					{
 						echo error(i18n("That students email address has already been invited"));
 					}
@@ -34,11 +36,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 							//random number between
 							//100000 and 999999  (six digit integer)
 							$regnum=rand(100000,999999);
-							$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
-						}while(mysql_num_rows($q)>0);
+							$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
+							$q->execute();
+						}while($q->rowCount()>0);
 
 						//actually insert it
-						mysql_query("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
+						$stmt = $pdo->prepare("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
 								"'$regnum',".
 								"'".$_POST['email']."',".
 								"'".$_POST['emailcontact']."',".
@@ -46,16 +49,18 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 								"'open',".
 								$config['FAIRYEAR'].
 								")");
-						$regid=mysql_insert_id();
+						$stmt->execute();
+						$regid=$pdo->lastInsertId();
 
-						mysql_query("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
+						$stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
 								'$regid',
-								'".mysql_escape_string($_POST['email'])."',
-								'".mysql_escape_string($_POST['firstname'])."',
-								'".mysql_escape_string($_POST['lastname'])."',
-								'".mysql_escape_string($_SESSION['schoolid'])."',
-								'".mysql_escape_string($_POST['grade'])."',
+								'".$_POST['email']."',
+								'".$_POST['firstname']."',
+								'".$_POST['lastname']."',
+								'".$_SESSION['schoolid']."',
+								'".$_POST['grade']."',
 								'".$config['FAIRYEAR']."')");
+						$stmt->execute();
 
 						email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email']));
 						if($_POST['emailcontact'])
@@ -70,19 +75,26 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 			if($_GET['action']=="uninvite")
 			{
 				//first, make sure that this is really their student, and it sfor this year.
-				$q=mysql_query("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
-				if(mysql_num_rows($q))
+				$q=$pdo->prepare("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
+				$q->execute();
+				if($q->rowCount())
 				{
-					$r=mysql_fetch_object($q);
+					$r=$q->fetch(PDO::FETCH_OBJ);
 					$registrations_id=$r->registrations_id;
 					if($registrations_id) //just to be safe!
 					{
-						mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
-						mysql_query("DELETE FROM projects WHERE registrations_id='$registrations_id'");
-						mysql_query("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
-						mysql_query("DELETE FROM safety WHERE registrations_id='$registrations_id'");
-						mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
-						mysql_query("DELETE FROM registrations WHERE id='$registrations_id'");
+						$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$registrations_id'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$registrations_id'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
+						$stmt->execute();
+						$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$registrations_id'");
+$stmt->execute();
 
 						echo happy(i18n("Student successfully uninvited"));
 					}
@@ -92,11 +104,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 			}
 
 
-			$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
-			$datecheck=mysql_fetch_object($q);
+			$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
+			$q->execute();
+			$datecheck=$q->fetch(PDO::FETCH_OBJ);
 
 
-			$q=mysql_query("SELECT 	
+			$q=$pdo->prepare("SELECT 	
 						students.*,
 						registrations.num,
 						registrations.emailcontact
@@ -111,7 +124,8 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 					ORDER BY 
 						lastname,
 						firstname");
-			$currentinvited=mysql_num_rows($q);
+			$q->execute();
+			$currentinvited=$q->rowCount();
 
 			if($datecheck!=0) {
 				echo i18n("In order for your school's students to register for the fair, you will need to invite them to register.  Simply enter their email address below to invite them to register.  <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project");
@@ -138,10 +152,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 					}
 					else if($school->projectlimitper=="agecategory") {
 						echo "<br />";
-						$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-						while($catr=mysql_fetch_object($catq)) {
+						$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+						$catq->execute();
+						while($catr=$catq->fetch(PDO::FETCH_OBJ)) {
 
-							$q2=mysql_query("SELECT COUNT(students.id) AS num
+							$q2=$pdo->prepare("SELECT COUNT(students.id) AS num
 									FROM 
 										students,
 										registrations 
@@ -153,8 +168,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 										AND students.registrations_id=registrations.id 
 										GROUP BY registrations.num
 									");
-									echo mysql_error();
-							$r2=mysql_fetch_object($q2);
+							$q2->execute();
+									echo $pdo->errorInfo();
+							$r2=$q2->fetch(PDO::FETCH_OBJ);
 							$currentinvited=$r2->num;
 
 							if($currentinvited<$school->projectlimit || $school->projectlimit==0) {
@@ -221,7 +237,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 			echo "<br />";
 
 			echo "<h4>".i18n("Invited participants from your school")."</h4>";
-			if(mysql_num_rows($q)) {
+			if($q->rowCount()) {
 			echo "<table class=\"summarytable\">";
 			echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>";
 			echo "<th>".i18n("Email Address")."</th>";
@@ -229,7 +245,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
 			echo "<th>".i18n("Registration Number")."</th>";
 			echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>";
 			
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				echo "<tr><td>$r->lastname</td><td>$r->firstname</td>";
 				echo "<td>$r->email";
 				if($r->emailcontact)
diff --git a/sponsor_main.php b/sponsor_main.php
index 8b827d6..2966c5d 100644
--- a/sponsor_main.php
+++ b/sponsor_main.php
@@ -31,8 +31,9 @@
  send_header("Sponsor Main", array());
  $u=user_load($_SESSION['users_id']);
  //print_r($u);
- $q=mysql_query("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
- $sponsor=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
+ $q->execute();
+ $sponsor=$q->fetch(PDO::FETCH_OBJ);
 
  //only display the named greeting if we have their name
  echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
@@ -49,7 +50,7 @@
  echo "</table>\n";
  echo "<h2>Your Sponsorships</h2>\n";
 
-	$sq=mysql_query("SELECT fundraising_donations.id, 
+	$sq=$pdo->prepare("SELECT fundraising_donations.id, 
 						sponsors.organization, 
 						fundraising_donations.value, 
 						fundraising_donations.status, 
@@ -62,7 +63,8 @@
 		  AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}'
 		  AND sponsors.id='".$u['sponsors_id']."'
 		  ORDER BY status DESC, probability DESC, organization");
-	echo mysql_error();
+		$sq->execute();
+	echo $pdo->errorInfo();
 
 	echo "<table class=\"tableview\">";
 	echo "<tr>";
@@ -72,7 +74,7 @@
 	echo " <th>".i18n("Action")."</th>";
 	echo "</tr>\n";
 	$total=0;
-	while($sr=mysql_fetch_object($sq)) {
+	while($sr=$sq->fetch(PDO::FETCH-OBJ)) {
 		echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">";
 		echo "<td>$sr->name</td>\n";
 		echo "<td>$sr->status</td>";
@@ -94,14 +96,15 @@
 	echo "<br />\n";
 
 	echo "<h2>Donor Levels</h2>\n";
-	$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
+	$q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
+	$q->execute();
 	echo "<table class=\"tableview\">";
 	echo "<th></th><th>".i18n("Level")."</th>";
 	echo "<th>".i18n("Description / Benefits")."</th>\n";
 	echo "<th>".i18n("Range")."</th>\n";
 	echo "</tr>\n";
 	$first=true;
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
 		echo "<td>";
 		if($total>=$r->min && $total<=$r->max) {
diff --git a/tableeditor.class.php b/tableeditor.class.php
index 20a6b09..aa3d27a 100644
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@@ -365,8 +365,9 @@ class TableEditor
 		$inputsize = 0;
 
 		//figure out what kind of input this should be
-		$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 		if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs))
 		{
@@ -466,8 +467,9 @@ class TableEditor
 		$query.=" FROM `{$this->table}`";
 		$query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'";
 		if($this->DEBUG) echo $query;
-		$editquery=mysql_query($query);
-		$editdata=mysql_fetch_assoc($editquery);
+		$editquery=$pdo->prepare($query);
+		$editquery->execute();
+		$editdata=$editquery->fetch(PDO::FETCH_ASSOC);
 		return $editdata;
 	}
 
@@ -503,12 +505,14 @@ class TableEditor
 		}
 
 		if($this->DEBUG) echo $query;
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
+		$stmt->execute();
 	}
 
 	function defaultDelete($keyval)
 	{
-		mysql_query("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
+		$stmt = $pdo->prepare("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
+		$stmt->execute();
 		echo happy(i18n("Successfully deleted %1",array($this->recordType)));
 	}
 
@@ -586,8 +590,8 @@ class TableEditor
 				else if($inputtype == 'time') //r->Type=="time")
 				{
 					if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
-							mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00'";
+						$editdata[$f] = "'".stripslashes($_POST[$f."_hour"]).":".
+							stripslashes($_POST[$f."_minute"]).":00'";
 					} else {
 						$editdata[$f] = 'NULL';
 					}
@@ -608,13 +612,13 @@ class TableEditor
 				{
 					//chose the text field first, if its been filled in, otherwise, go with the select box
 					if($_POST[$f."_text"])
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."'";
+						$editdata[$f] = "'".stripslashes($_POST[$f."_text"])."'";
 					else if($_POST[$f."_select"])
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."'";
+						$editdata[$f] = "'".stripslashes($_POST[$f."_select"])."'";
 					else
 					{
 						//maybe the options were over-wridden, if so, just check the field name
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
+						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
 					}
 
 				}
@@ -624,9 +628,9 @@ class TableEditor
 					//but allow them to enter http:// or https:// themselves.
 					//if no protocol is given, assume http://
 					if(substr(strtolower($_POST[$f]),0,4)=="http")
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
+						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
 					else
-						$editdata[$f] = "'http://".mysql_escape_string(stripslashes($_POST[$f]))."'";
+						$editdata[$f] = "'http://".stripslashes($_POST[$f])."'";
 
 				}
 				else if(substr($f,0,8)=="filename" && $this->uploadPath)
@@ -637,7 +641,7 @@ class TableEditor
 						if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
 							echo error(i18n("A file with that filename already exists, it will be overwritten"));
 						move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."'";
+						$editdata[$f] = "'".stripslashes($_FILES[$f]['name'])."'";
 					}
 					else
 					{
@@ -653,9 +657,9 @@ class TableEditor
 				else
 				{
 					if($this->fieldValidation[$f])
-						$editdata[$f] = "'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."'";
+						$editdata[$f] = "'".stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f]))."'";
 					else
-						$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'";
+						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
 				}
 			}
 
@@ -691,9 +695,9 @@ class TableEditor
 //			if($this->DEBUG) echo $query;
 
 //			mysql_query($query);
-			if(mysql_error())
+			if($pdo->errorInfo())
 			{
-				echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
+				echo error(i18n("Error $text_error %1: %2",array($this->recordType,$pdo->errorInfo())));
 			}
 			else
 			{
@@ -811,7 +815,8 @@ class TableEditor
 					case "enum":
 						break;
 					case "select_or_text":
-						$optq=mysql_query("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
+						$optq=$pdo->prepare("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
+						$optq->execute();
 						if($this->fieldInputOptions[$f])
 							echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">";
 						else
@@ -829,7 +834,7 @@ class TableEditor
 						}
 //							print_r($this->fieldOptions[$f]);
 
-						while($opt=mysql_fetch_object($optq))
+						while($opt=$optq->fetch(PDO::FETCH_OBJ))
 						{
 							if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f]))
 								continue;
@@ -1041,8 +1046,9 @@ class TableEditor
 		}
 
 		//put in some paganation stuff here.
-		$foundrowsq=mysql_query("SELECT FOUND_ROWS() AS f");
-		$foundrowsr=mysql_fetch_object($foundrowsq);
+		$foundrowsq=$pdo->prepare("SELECT FOUND_ROWS() AS f");
+		$foundrowsq->execute();
+		$foundrowsr=$foundrowsq->fetch(PDO::FETCH_OBJ);
 		$foundrows=$foundrowsr->f;
 
 		if($foundrows>$this->rowsPerPage)
@@ -1138,7 +1144,7 @@ class TableEditor
 
 		echo "  (Total: $foundrows)\n";
 		
-		if(mysql_num_rows($q))
+		if($q->rowCount())
 		{
 			echo "<table cellspacing=\"0\" class=\"tableview\">";
 			echo "<tr>";
@@ -1151,14 +1157,15 @@ class TableEditor
 			}
 			echo "<th>".i18n("Actions")."</th>";
 			echo "</tr>";
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
 				echo "<tr>";
 				foreach($this->listfields AS $f=>$n)
 				{
 					//figure out what kind of input this should be
-					$typeq=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
-					$typer=mysql_fetch_object($typeq);
+					$typeq=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
+					$typeq->execute();
+					$typer=$typeq->fetCh(PDO::fETCH_OBJ);
 					if($typer->Type=="time")
 						echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>";
 					else if($typer->Type=="date")
diff --git a/tours.class.php b/tours.class.php
index 3f48e8d..d57033a 100644
--- a/tours.class.php
+++ b/tours.class.php
@@ -78,16 +78,17 @@ function tableEditorLoad()
 
 //	print("Loading Judge ID  $id\n");
 
-	$q=mysql_query("SELECT	tours.*
+	$q=$pdo->prepare("SELECT	tours.*
 			FROM 	tours 
 			WHERE 	tours.id='$id'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 
 
 	/* We assume that the field names in the array we want to return
 	 * are the same as those in the database, so we'll turn the entire
 	 * query into a single associative array */
-	$j = mysql_fetch_assoc($q);
+	$j = $q->fetch(PDO::FETCH_ASSOC);
 
 	return $j;
 }
@@ -104,8 +105,9 @@ function tableEditorSave($data)
 	/* Construct an insert query if we have to */
 	if($this->id == false) {
 		$query = "INSERT INTO tours (id) VALUES ('')";
-		mysql_query($query);
-		$this->id = mysql_insert_id();
+		$stmt = $pdo->prepare($query);
+		$stmt->execute();
+		$this->id = $pdo->lastInsertId();
 	}
 
 	/* Give it a proper year when saving */
@@ -123,7 +125,8 @@ function tableEditorSave($data)
 	$query .= " WHERE id='{$this->id}'";
 
 //	echo $query;
-	mysql_query($query);
+	$stmt = $pdo->prepare($query);
+	$stmt->execute();
 
 }
 
@@ -133,8 +136,10 @@ function tableEditorDelete()
 
 	$id = $this->id;
 
-	mysql_query("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
+	$stmt=$pdo->prepare("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
+	$stmt->execute();
+	$stmt=$pdo->prepare("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
+$stmt->execute();
 
 	echo happy(i18n("Successfully removed tour from this year's fair"));
 }
diff --git a/user.inc.php b/user.inc.php
index fefe415..440cb68 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -107,8 +107,9 @@ function user_load_judge(&$u)
 	}
 	$specialawards=array();
 	if($u['special_award_only']=='yes') {
-		$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
-		while($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$specialawards[]=$r->award_awards_id;
 		}
 	}
@@ -143,8 +144,9 @@ function user_load_sponsor(&$u)
 	$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
 	$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
 	if($u['sponsors_id']) {
-		$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
-		$u['sponsor']=mysql_fetch_assoc($q);
+		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
+		$q->execute();
+		$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
 	}
 	return true;
 }
@@ -200,7 +202,7 @@ function user_load($user, $uid = false)
 	$q=$pdo->query($query);
 
 	if($q->rowCount()!=1) {
-//		echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
+//		echo "Query [$query] returned ".$q->rowCount()." rows\n";
 //		echo "<pre>";
 //		print_r(debug_backtrace());
 		return false;
@@ -297,11 +299,11 @@ function user_load_by_uid($uid)
 function user_load_by_email($email)
 {
 	/* Find the most recent uid for the email, regardless of deleted status */
-	$e = mysql_real_escape_string($email);
-	$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
-
-	if(mysql_num_rows($q) == 1) {
-			$i = mysql_fetch_assoc($q);
+	$e = $email;
+	$q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
+	$q->execute();
+	if($q->rowCount() == 1) {
+			$i = $q->fetch(PDO::FETCH_ASSOC);
 			return user_load_by_uid($i['uid']);
 	}
 	return false;
@@ -309,9 +311,10 @@ function user_load_by_email($email)
 
 function user_load_by_uid_year($uid, $year)
 {
-	$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
-	if(!mysql_num_rows($q)) return false;
-	$i = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
+	$q->execute();
+	if(!$q->rowCount()) return false;
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	return user_load($i['id']);
 }
 
@@ -320,8 +323,9 @@ function user_set_password($id, $password = NULL)
 	/* pass $u by reference so we can update it */
 	$save_old = false;
 	if($password == NULL) {
-		$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
-		$u = mysql_fetch_assoc($q);
+		$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
+		$q->execute();
+		$u = $q->fetch(PDO::FETCH_ASSOC);
 		/* Generate a new password */
 		$password = user_generate_password(12);
 		/* save the old password only if it's not an auto-generated one */
@@ -334,13 +338,13 @@ function user_set_password($id, $password = NULL)
 		$save_set = 'NOW()';
 	}
 
-	$p = mysql_escape_string($password);
+	$p = $password;
 	$set = ($save_old == true) ? 'oldpassword=password, ' : '';
 	$set .= "password='$p', passwordset=$save_set ";
 
 	$query = "UPDATE users SET $set WHERE id='$id'";
-	mysql_query($query);
-	echo mysql_error();
+	$stmt = $pdo->prepare($query);
+	echo $pdo->errorInfo();
 
 	return $password;
 }
@@ -364,17 +368,18 @@ function user_save_type_list($u, $db, $fields)
 		}
 
 		if(is_array($u[$f])) 
-			$data = mysql_escape_string(serialize($u[$f]));
+			$data = serialize($u[$f]);
 		else 
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 
 		$set .= "`$f`='$data'";
 	}
 	if($set != "") {
 		$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
-		mysql_query($query);
-		if(mysql_error()) {
-			echo mysql_error();
+		$stmt = $pdo->prepare($query);
+		$stmt->execute();
+		if($pdo->errorInfo()) {
+			echo $pdo->errorInfo();
 			echo error("Full query: $query");
 		}
 	}
@@ -452,7 +457,8 @@ function user_save(&$u)
 			exit;
 		}
         //give em a record, the primary key on the table takes care of uniqueness
-   	    $q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
+   	    $q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
+		$q->execute();
 	}
 
 
@@ -472,7 +478,7 @@ function user_save(&$u)
 		if($f == 'types') 
 			$set .= "$f='".implode(',', $u[$f])."'";
 		else {
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 			$set .= "$f='$data'";
 		}
 	}
@@ -481,9 +487,10 @@ function user_save(&$u)
 //	echo "</pre>";
 	if($set != "") {
 		$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
+		$stmt->execute();
 //		echo "query=[$query]";
-		echo mysql_error();
+		echo $pdo->errorInfo();
 	}
 
 	/* Save the password if it changed */
@@ -511,7 +518,8 @@ function user_save(&$u)
 
 function user_delete_committee($u)
 {
-	mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+	$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+	$stmt->execute();
 }
 
 function user_delete_volunteer($u)
@@ -522,13 +530,18 @@ function user_delete_judge($u)
 {
 	global $config;
 	$ids = array();
-	$q = mysql_query("SELECT id FROM users WHERE uid = '{$u['uid']}'");
-	while($row = mysql_fetch_assoc($q)) $ids[] = $row['id'];
+	$q = $pdo->prepare("SELECT id FROM users WHERE uid = '{$u['uid']}'");
+	$q->execute();
+	while($row = $q->fetch(PDO::FETCH_ASSOC)) $ids[] = $row['id'];
 	if(count($ids) > 0){
 		$idlist = implode(',', $ids);
-		mysql_query("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
-		mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
+		$stmt->execute();
+
+		$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
+	$stmt->execute();
 	}
+
 }
 
 function user_delete_fair($u)
@@ -585,7 +598,9 @@ function user_delete($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
+			
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
+			$stmt->execute();
 		} else {
 			$finish_delete = true;
 		}
@@ -598,7 +613,9 @@ function user_delete($u, $type=false)
 		$finish_delete = true;
 	}
 	if($finish_delete == true) {
-		mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
+		
+		$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
+		$stmt->execute();
 	}
 }
 
@@ -628,7 +645,8 @@ function user_purge($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt->execute();
 		} else {
 			$finish_purge = true;
 		}
@@ -636,18 +654,21 @@ function user_purge($u, $type=false)
 		 * out the entry */
 		call_user_func("user_delete_$type", $u);
 //		call_user_func("user_purge_$type", $u);
-		mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+		$stmt->execute();
 	} else {
 		/* Delete the whole user */
 		foreach($u['types'] as $t) {
 			call_user_func("user_delete_$t", $u);
 //			call_user_func("user_purge_$t", $u);
-			mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+			$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+			$stmt->execute();
 		}
 		$finish_purge = true;
 	}
 	if($finish_purge == true) {
-		mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
+		$stmt->execute();
 	}
 }
 
@@ -657,12 +678,13 @@ function user_dupe_row($db, $key, $val, $newval)
 {
 	global $config;
 	$nullfields = array('deleteddatetime'); /* Fields that can be null */
-	$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
-	if(mysql_num_rows($q) != 1) {
+	$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
+	$q->execute();
+	if($q->rowCount() != 1) {
 		echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
 		exit;
 	}
-	$i = mysql_fetch_assoc($q);
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	$i[$key] = $newval;
 
 	foreach($i as $k=>$v) {
@@ -671,7 +693,7 @@ function user_dupe_row($db, $key, $val, $newval)
 		else if($k == 'year') 
 			$i[$k] = $config['FAIRYEAR'];
 		else
-			$i[$k] = '\''.mysql_escape_string($v).'\'';
+			$i[$k] = '\''.$v.'\'';
 	}
 
 	$keys = '`'.join('`,`', array_keys($i)).'`';
@@ -679,10 +701,11 @@ function user_dupe_row($db, $key, $val, $newval)
 
 	$q = "INSERT INTO $db ($keys) VALUES ($vals)";
 //	echo "Dupe Query: [$q]";
-	$r = mysql_query($q);
-	echo mysql_error();
+	$r = $pdo->prepare($q);
+	$r->execute();
+	echo $pdo->errorInfo();
 
-	$id = mysql_insert_id();
+	$id = $pdo->errorInfo();
 	return $id;
 }
 /* Used by the login scripts to copy one user from one year to another */
@@ -711,7 +734,8 @@ function user_dupe($u, $new_year)
 	}
 
 	$id = user_dupe_row('users', 'id', $u['id'], NULL);
-	$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
+	$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
+	$q->execute();
 
 	/* Load the new user */
 	$u2 = user_load($id);
@@ -755,20 +779,22 @@ function user_create($type, $username, $u = NULL)
 {
 	global $config;
 	if(!is_array($u)) {
-		mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) 
+		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) 
 			VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
-		echo mysql_error();
+		$stmt->execute()';
+		echo $pdo->errorInfo();
 		$uid = mysql_insert_id();
         if(user_valid_email($username)) {
             mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
         }
 		mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		user_set_password($uid, NULL);
 		/* Since the user already has a type, user_save won't create this
 		 * entry for us, so do it here */
-		mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')");
-		echo mysql_error();
+		$stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
+		$stmt->execute();
+		echo $pdo->errorInfo();
 		/* Load the complete user */
 		$u = user_load($uid);
 	//	echo "user_create / user_load($uid) returned <pre>";
diff --git a/user_invite.php b/user_invite.php
index 77eb04f..b7fc19c 100644
--- a/user_invite.php
+++ b/user_invite.php
@@ -31,7 +31,7 @@
  /* AJAX query */
  if(intval($_GET['ajax']) == 1) {
  	/* Do ajax processing for this file */
-	$email = mysql_escape_string(stripslashes($_GET['email']));
+	$email = stripslashes($_GET['email']);
 	$type = $_GET['type'];
 
 	/* Sanity check type */
@@ -40,13 +40,14 @@
 		exit;
 	}
 
-	$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
-	if(mysql_num_rows($q) == 0) {
+	$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
+	$q->execute();
+	if($q->rowCount()  == 0) {
 		/* User doesn't exist */
 		echo "notexist\n";
 		exit;
 	}
-	$u = mysql_fetch_assoc($q);
+	$u = $q->fetch(PDO::FETCH_ASSOC);
 	$u = user_load($u['id']);
 
 	if($u['deleted'] == 'yes') {
@@ -174,9 +175,10 @@
 	if(!in_array($action, $allowed_actions)) 
 		exit;
 
-	$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
-	if(mysql_num_rows($q) > 0) {
-		$u = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
+	$q->execute();
+	if($q->rowCount()  > 0) {
+		$u = $q->fetch(PDO::FETCH_ASSOC);
 		$u = user_load($u['id']);
 	} else {
 		$u = NULL;
diff --git a/user_login.php b/user_login.php
index 89b13bf..62ca18c 100644
--- a/user_login.php
+++ b/user_login.php
@@ -56,7 +56,7 @@
 	$q->execute();
 	if($q->rowCount() < 1) return false;
 
-	#$r = mysql_fetch_object($q);
+	#$r = $q->fetch(PDO::FETCH_OBJ);
 	$r = $q->fetch(PDO::FETCH_OBJ);
 
 	/* See if the user account has been deleted */
@@ -321,9 +321,10 @@
 	$email = $_POST['email'];
 	if(user_valid_email($email)) {
 		/* valid email address */
-		$e = mysql_escape_string($email);
-		$q=mysql_query("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
-		$r=mysql_fetch_object($q);
+		$e = $email;
+		$q=$pdo->prepare("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		if($r) {
 			$fn = trim($_POST['fn']);
 			$ln = trim($_POST['ln']);
diff --git a/user_new.php b/user_new.php
index 00c626c..1d6d125 100644
--- a/user_new.php
+++ b/user_new.php
@@ -100,10 +100,10 @@
   * this is the one time I wish php had a goto statement. */
  switch($action) {
  case 'new':
-	$data_fn = mysql_escape_string(stripslashes($_POST['fn']));
-	$data_ln = mysql_escape_string(stripslashes($_POST['ln']));
+	$data_fn = stripslashes($_POST['fn']);
+	$data_ln = stripslashes($_POST['ln']);
 	$data_email = stripslashes($_POST['email']);
-	$sql_email = mysql_escape_string($data_email);
+	$sql_email = $data_email;
 	$registrationpassword = $_POST['registrationpassword'];
 
 	/* Check the registration singlepassword */
@@ -115,19 +115,21 @@
 	}
 
 	/* See if this email already exists */
-	$q = mysql_query("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
+	$q = $pdo->prepare("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
+	$q->execute();
 	//select *, max(year) from users where username=sql_email
 	//if deleted and year = current yera - just undelete
 	//if deleted and year != current yera - proceed normally and recreate the user
 
 
-	if(mysql_num_rows($q) > 0) {
+	if($q->rowCount() > 0) {
 		/* It already exists, make sure they're not already in this role */
-		$r = mysql_fetch_object($q);
+		$r = $q->fetch(PDO::FETCH_OBJ);
 		$types = explode(',', $r->types);
 
 		if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') {
-			mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			$stmt->execute();
 			message_push(happy(i18n("Your account has been undeleted")));
 			message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password",
 					array("<a href=\"user_login.php?type=$type\">", "</a>"))));
diff --git a/user_password.php b/user_password.php
index c3af72b..d5e00c9 100644
--- a/user_password.php
+++ b/user_password.php
@@ -61,13 +61,13 @@
 
  if($_POST['action']=="save")
  {
-	$pass = mysql_escape_string($_POST['pass1']);
+	$pass = $_POST['pass1'];
  	//first, lets see if they choosed the same password again (bad bad bad)
-	$q=mysql_query("SELECT password FROM users WHERE 
+	$q=$pdo->prepare("SELECT password FROM users WHERE 
 				id='{$_SESSION['users_id']}' 
 				AND password='$pass'");
-
-	if(mysql_num_rows($q))
+	$q->execute();
+	if($q->rowCount())
 		message_push(error(i18n("You cannot choose the same password again.  Please choose a different password")));
 	else if(!$_POST['pass1']) 
 		message_push(error(i18n("New Password is required")));
diff --git a/user_personal.php b/user_personal.php
index c9377a7..03a37ca 100644
--- a/user_personal.php
+++ b/user_personal.php
@@ -137,7 +137,7 @@ case 'save':
 		/* Trying to save a committee member eh? Well, we established above
 		 * that we're allowed to be here, so go ahead and save it */
 		$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
-		$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));
+		$u['emailprivate'] = stripslashes($_POST['emailprivate']);
 
 		if(committee_auth_has_access('super')) {
 			/* But only superusers can save these ones */
@@ -149,9 +149,10 @@ case 'save':
 
 
 	/* Check for an email collision */
-	$em = mysql_escape_string(stripslashes($_POST['email']));
-	$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
-	if(mysql_num_rows($q) > 0) {
+	$em = stripslashes($_POST['email']);
+	$q=$pdo->prepare("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
+	$q->execute();
+	if($q->rowCount()> 0) {
 		error_("That email address is in use by another user");
 		echo "email error";
 		$save = false;