arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

use prepare statements for register files (3 files) where possible

Browse Source
This commit is contained in:
Muad Sakah 2025-02-07 20:15:53 +00:00
parent ae40c90d07
commit c47beecc39
3 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
register_participants_isefforms.php
View File

@ -38,13 +38,13 @@
exit; exit;
} }
$q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students
"WHERE students.email=?" WHERE students.email=?
"AND registrations.num=?" AND registrations.num=?
"AND registrations.id=?" AND registrations.id=?
"AND students.registrations_id=registrations.id ". AND students.registrations_id=registrations.id
"AND registrations.year=?" AND registrations.year=?
"AND students.year=?"); AND students.year=?");
$q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]); $q->execute([$_SESSION['email'],$_SESSION['registration_number'],$_SESSION['registration_id'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);

2
register_participants_mentor.php
View File

@ -115,7 +115,7 @@ if (get_value_from_array($_GET, 'action') == 'removementor') {
echo error(i18n('Cannot make changes to forms once they have been received by the fair')); echo error(i18n('Cannot make changes to forms once they have been received by the fair'));
} else { } else {
// first make sure this is one belonging to this registration id // first make sure this is one belonging to this registration id
$q = $pdo->prepare("SELECT id FROM mentors WHERE id=?' AND registrations_id=?"); $q = $pdo->prepare("SELECT id FROM mentors WHERE id=? AND registrations_id=?");
$q->execute([$_GET['removementor'], $_SESSION['registration_id']]); $q->execute([$_GET['removementor'], $_SESSION['registration_id']]);
if ($q->rowCount() == 1) { if ($q->rowCount() == 1) {
$stmt = $pdo->prepare("DELETE FROM mentors WHERE id=? AND registrations_id=?"); $stmt = $pdo->prepare("DELETE FROM mentors WHERE id=? AND registrations_id=?");

42
register_participants_students.php
View File

@ -147,27 +147,27 @@ if (get_value_from_array($_POST, 'action') == 'save') {
// UPDATE existing record // UPDATE existing record
$dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x]; $dob = $_POST['year'][$x] . '-' . $_POST['month'][$x] . '-' . $_POST['day'][$x];
$stmt = $pdo->prepare('UPDATE students SET ' $stmt = $pdo->prepare('UPDATE students SET
. 'firstname = ?, ' firstname =?,
. 'lastname = ?, ' lastname =?,
. 'pronunciation = ?, ' pronunciation =?,
. 'sex = ?, ' sex =?,
. 'email = ?, ' email =?,
. 'address = ?, ' address =?,
. 'city = ?, ' city =?,
. 'county = ?, ' county =?,
. 'province = ?, ' province=?,
. 'postalcode = ?, ' postalcode =?,
. 'phone = ?, ' phone =?,
. 'dateofbirth = ?, ' dateofbirth =?,
. 'grade = ?, ' grade =?,
. $schoolquery $schoolquery
. 'medicalalert = ?, ' medicalalert =?,
. 'foodreq = ?, ' foodreq =?,
. 'teachername = ?, ' teachername =?,
. 'teacheremail = ?, ' teacheremail =?,
. 'tshirt = ? ' tshirt =?
. 'WHERE id = ?'); WHERE id =?');
$stmt->execute([ $stmt->execute([
stripslashes($_POST['firstname'][$x]), stripslashes($_POST['firstname'][$x]),