Fixed the SQL error in pagetext.php. Removed UNIQUE constraint on a column name in table to make it work.

2025-01-03 14:55:12 -05:00 · 2025-01-03 14:55:12 -05:00 · c411d2bc49
commit c411d2bc49
parent ba6e7156cb
4 changed files with 34 additions and 33 deletions
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@ -27,15 +27,16 @@
 user_auth_required('committee', 'admin');
 require_once('awards.inc.php');
- switch(get_value_from_array($_GET, 'action')) {
+ switch(get_value_from_array($_GET, 'action', 'awardinfo_load')) {
 case 'awardinfo_load':
- 	$id = intval($_GET['id']);
+ 	$id = intval(get_value_from_array($_GET, 'id'));
 	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
 	$q->execute();	
 	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	//json_encode NEEDS UTF8 DATA, but we store it in the database as ISO :(
-	foreach($ret AS $k=>$v) {
+	foreach($ret AS $k=>$v) {print('sdfs');
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
 	}
 	//echo iconv("ISO-8859-1","UTF-8",json_encode($ret));
@ -83,7 +84,7 @@
 	$q->execute();
 	print_r($_POST);
 	echo $q;
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	happy_("Award information saved");
 	exit;
@ -139,7 +140,7 @@
 		$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
 				VALUES ('$id','$d','{$config['FAIRYEAR']}')");
 		$q->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 	}
 	happy_("Eligibility information saved");
 	exit;
@ -319,7 +320,7 @@
 	$q = $pdo->prepare("DELETE FROM fairs_awards_link WHERE award_awards_id='$id'");
 	$q->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	foreach($data as $fairs_id=>$f) {
 		$dl = ($f['dl'] == true) ? 'yes' : 'no';
 		$ul = ($f['ul'] == true) ? 'yes' : 'no';
@ -327,7 +328,7 @@
 		$q = $pdo->prepare("INSERT INTO fairs_awards_link (award_awards_id,fairs_id,download_award,upload_winners)
 				VALUES ('$id','$fairs_id','$dl','$ul')");
 		$q->execute();
-		echo $pdo->errorInfo();
+		show_pdo_errors_if_any($pdo);
 	}
 	$ident=stripslashes($_POST['identifier']);
 	$per_fair = $_POST['per_fair'] == 'yes' ? 'yes' : 'no';
@ -729,7 +730,7 @@ $(document).ready(function() {
 	$cq = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
 	$cq->execute();
-	echo $pdo->errorInfo();
+	show_pdo_errors_if_any($pdo);
 	while($cr=$cq->fetch(PDO::FETCH_OBJ)) {
 		echo "<input type=\"checkbox\" id=\"eligibility_categories_{$cr->id}\" name=\"categories[]\" value=\"$cr->id\" />".i18n($cr->category)."<br />";
 	}
--- a/common.inc.php
+++ b/common.inc.php
@ -232,7 +232,7 @@ else
 }
 //now if no language has been set yet, lets set it to the default language
-if(!$_SESSION['lang'])
+if(!get_value_from_array($_SESSION, 'lang'))
 {
 	//first try the default language, if that doesnt work, use "en"
 	if($config['default_language'])
--- a/config/pagetexts.php
+++ b/config/pagetexts.php
@ -43,29 +43,29 @@
 {
 	 foreach($config['languages'] AS $lang=>$langname) {
 		$q = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
-            '".$r->textname."',
+            ".$pdo->quote($r->textname).",
-            '".$r->textdescription."',
+            ".$pdo->quote($r->textdescription).",
-            '".$r->text."',
+            ".$pdo->quote($r->text).",
-            '".$config['FAIRYEAR']."',
+            ".$pdo->quote($config['FAIRYEAR']).",
-            '".$lang."')");
+            ".$pdo->quote($lang).")");
-		echo $r->textname;
+	
        $q->execute();
    }
 }
- if($_POST['action']=="save")
+ if(get_value_from_array($_POST, 'action')=="save")
 {
 	 foreach($config['languages'] AS $lang=>$langname) {
 		$textvar="text_$lang";
-		$text=stripslashes($_POST[$textvar]);
+		$text=$pdo->quote(stripslashes($_POST[$textvar]));
 		$stmt = $pdo->prepare("UPDATE pagetext 
 				SET 
 					lastupdate=NOW(), 
 					text='$text' 
 				WHERE 
-						textname='".$_POST['textname']."' 
+						textname='".$pdo->quote($_POST['textname'])."' 
 					AND year='".$config['FAIRYEAR']."'
 					AND lang='$lang'");
 		$stmt->execute();
@ -74,7 +74,7 @@
 }
- if($_GET['textname'])
+ if(get_value_from_array($_GET, 'textname'))
 {
 	$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
 	$q->execute();
@ -93,7 +93,7 @@
 			if(!$r)
 			{
-					$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
+					$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$pdo->quote($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
 					$stmt->execute();
 					echo $pdo->errorInfo();
 			}
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@ -500,7 +500,7 @@ class TableEditor
 			$query .= $field.$n.",";
 		}
-		//rip off the last comma
+		//rip off the last commaguix-system-vm-image-1.4.0.x86_64-linux.qcow2
 		$query=substr($query,0,-1);
 		if($insert_mode) {
@ -595,8 +595,8 @@ class TableEditor
 				else if($inputtype == 'time') //r->Type=="time")
 				{
 					if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
-						$editdata[$f] = "'".stripslashes($_POST[$f."_hour"]).":".
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f."_hour"])).":".
-							stripslashes($_POST[$f."_minute"]).":00'";
+							$pdo->quote(stripslashes($_POST[$f."_minute"])).":00'";
 					} else {
 						$editdata[$f] = 'NULL';
 					}
@ -617,13 +617,13 @@ class TableEditor
 				{
 					//chose the text field first, if its been filled in, otherwise, go with the select box
 					if($_POST[$f."_text"])
-						$editdata[$f] = "'".stripslashes($_POST[$f."_text"])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f."_text"]))."'";
 					else if($_POST[$f."_select"])
-						$editdata[$f] = "'".stripslashes($_POST[$f."_select"])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f."_select"]))."'";
 					else
 					{
 						//maybe the options were over-wridden, if so, just check the field name
-						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f]))."'";
 					}
 				}
@ -633,9 +633,9 @@ class TableEditor
 					//but allow them to enter http:// or https:// themselves.
 					//if no protocol is given, assume http://
 					if(substr(strtolower($_POST[$f]),0,4)=="http")
-						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f]))."'";
 					else
-						$editdata[$f] = "'http://".stripslashes($_POST[$f])."'";
+						$editdata[$f] = "'http://".$pdo->quote(stripslashes($_POST[$f]))."'";
 				}
 				else if(substr($f,0,8)=="filename" && $this->uploadPath)
@ -646,7 +646,7 @@ class TableEditor
 						if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
 							echo error(i18n("A file with that filename already exists, it will be overwritten"));
 						move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
-						$editdata[$f] = "'".stripslashes($_FILES[$f]['name'])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_FILES[$f]['name']))."'";
 					}
 					else
 					{
@ -662,9 +662,9 @@ class TableEditor
 				else
 				{
 					if($this->fieldValidation[$f])
-						$editdata[$f] = "'".stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f]))."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."'";
 					else
-						$editdata[$f] = "'".stripslashes($_POST[$f])."'";
+						$editdata[$f] = "'".$pdo->quote(stripslashes($_POST[$f]))."'";
 				}
 			}
@ -1016,7 +1016,7 @@ class TableEditor
 		foreach($sel as $s) $query .= ", $s";
 		$query .= " FROM ";
 		foreach($from as $f) $query .= "$f ";
-		print("sfs $f");
+		
 		$query .= " WHERE 1 ";
 		if(is_array($where)) {