diff --git a/admin/award_awardcreatedivisional.php b/admin/award_awardcreatedivisional.php
index e442aff..9c97025 100644
--- a/admin/award_awardcreatedivisional.php
+++ b/admin/award_awardcreatedivisional.php
@@ -39,8 +39,10 @@
  else if($_POST['award_types_id']) $award_types_id=$_POST['award_types_id'];
 
 	//first, we can only do this if we dont have any type=divisional awards created yet
-	$q=mysql_query("SELECT COUNT(id) AS num FROM award_awards WHERE award_types_id='1' AND year='{$config['FAIRYEAR']}'");
-	$r=mysql_fetch_object($q);
+	
+	$q = $pdo->prepare("SELECT COUNT(id) AS num FROM award_awards WHERE award_types_id='1' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	if($r->num)
 	{
 		echo error(i18n("%1 Divisional awards already exist.  There must not be any divisional awards in order to run this wizard",array($r->num)));
@@ -48,21 +50,27 @@
 	else
 	{
 
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-		while($r=mysql_fetch_object($q))
+
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+		while($r = $q->fetch(PDO::FETCH_OBJ))
 			$div[$r->id]=$r->division;
 
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-		while($r=mysql_fetch_object($q))
+		
+		$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 			$cat[$r->id]=$r->category;
 
 		$dkeys = array_keys($div);
 		$ckeys = array_keys($cat);
 
 		if($config['filterdivisionbycategory']=="yes") {
-			$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+			
+			$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 			$divcat=array();
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 			}
 
@@ -79,9 +87,11 @@
 
 		if($_GET['action']=="create" && $_GET['sponsors_id'])
 		{
-			$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		
+			$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			$q->execute();
 			$prizes=array();
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
 				$prizes[]=array(
 						"cash"=>$r->cash,
@@ -106,7 +116,8 @@
 				$c_category=$cat[$c_id];
 					
 					echo i18n("Creating %1 - %2",array($c_category,$d_division))."<br />";
-					mysql_query("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
+					
+					$q = $pdo->prepare("INSERT INTO award_awards (sponsors_id,award_types_id,name,criteria,`order`,year) VALUES (
 						'{$_GET['sponsors_id']}',
 						'1',
 						'$c_category - $d_division',
@@ -114,19 +125,26 @@
 						'$ord',
 						'{$config['FAIRYEAR']}'
 					)");
-					echo mysql_error();
-					$award_awards_id=mysql_insert_id();
+					$q->execute();
+					echo $pdo->errorInfo();
+					$award_awards_id=$pdo->lastInsertId();
 
 
-					mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES ('$award_awards_id','$c_id','{$config['FAIRYEAR']}')");
-					mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES ('$award_awards_id','$d_id','{$config['FAIRYEAR']}')");
+					
 
-					$ord++;
+					$q = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES ('$award_awards_id','$c_id','{$config['FAIRYEAR']}')");
+					$q->execute();
+
+					$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES ('$award_awards_id','$d_id','{$config['FAIRYEAR']}')");
+					$q->execute();
+										$ord++;
 
 					echo "&nbsp;&nbsp;".i18n("Prizes: ");
 					foreach($prizes AS $prize)
 					{
-						mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,value,prize,number,`order`,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,year) VALUES (
+						
+						
+						$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,value,prize,number,`order`,excludefromac,trophystudentkeeper,trophystudentreturn,trophyschoolkeeper,trophyschoolreturn,year) VALUES (
 							'$award_awards_id',
 							'{$prize['cash']}',
 							'{$prize['scholarship']}',
@@ -141,6 +159,10 @@
 							'{$prize['trophyschoolreturn']}',
 							'{$config['FAIRYEAR']}'
 							)");
+						
+						$q->execute();
+
+
 						echo $prize['prize'].",";
 					}
 					echo "<br />";
@@ -157,11 +179,13 @@
 
 			echo "<table>";
 			echo "<tr><td>".i18n("Sponsor").":</td><td>";
-			$sq=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+			
+			$sq = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+			$sq->execute();
 			echo "<select name=\"sponsors_id\">";
 			//only show the "choose a sponsor" option if we are adding,if we are editing, then they must have already chosen one.
 			echo $firstsponsor;
-			while($sr=mysql_fetch_object($sq))
+			while($sr=$sq->fetch(PDO::FETCH_OBJ))
 			{
 				if($sr->id == $sponsors_id)
 					$sel="selected=\"selected\"";
@@ -175,9 +199,11 @@
 			echo "<tr><td>".i18n("Prizes")."</td><td><a href=\"award_prizes.php?award_awards_id=-1\">Edit prize template for divisional awards</a>";
 			//the 'generic' template prizes for the awards are stored with year =-1 and award_awards_id=0
 
-			$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			
+			$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+			$q->execute();
 
-			if(mysql_num_rows($q))
+			if($q->rowCount())
 			{
 			/*
 				echo "<form method=\"post\" action=\"award_prizes.php\">";
@@ -197,7 +223,7 @@
 				echo "</tr>\n";
 
 
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					echo "<tr>\n";
 					echo " <td>$r->prize</td>\n";
diff --git a/admin/award_awards.php b/admin/award_awards.php
index f9a51f5..0aafc3b 100644
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@@ -30,8 +30,10 @@
  switch($_GET['action']) {
  case 'awardinfo_load':
  	$id = intval($_GET['id']);
-	$q=mysql_query("SELECT * FROM award_awards WHERE id='$id'");
-	$ret = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
+	$q->execute();	
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	//json_encode NEEDS UTF8 DATA, but we store it in the database as ISO :(
 	foreach($ret AS $k=>$v) {
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
@@ -50,9 +52,11 @@
 	$id=intval($_POST['id']);
 
 	if($id == -1) {
-		$q=mysql_query("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
+		
+		$q = $prepare("INSERT INTO award_awards (year,self_nominate,schedule_judges) 
 				VALUES ('{$config['FAIRYEAR']}','yes','yes')");
-		$id = mysql_insert_id();
+		$q->execute();
+		$id = $pdo->lastInsertId();
 		happy_("Award Created");
 		/* Set the award_id in the client */
 		echo "<script type=\"text/javascript\">award_id=$id;</script>";
@@ -60,25 +64,26 @@
 
 	$q = "UPDATE award_awards SET 
 		award_types_id='".intval($_POST['award_types_id'])."',
-		presenter='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['presenter'])))."', 
+		presenter='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['presenter']))."', 
 		excludefromac='".(($_POST['excludefromac'] == 1) ? 1 : 0)."',
 		cwsfaward='".(($_POST['cwsfaward'] == 1) ? 1 : 0)."', 
 		self_nominate='".(($_POST['self_nominate'] == 'yes') ? 'yes' : 'no')."', 
 		schedule_judges='".(($_POST['schedule_judges'] == 'yes') ? 'yes' : 'no')."', 
-		description='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['description'])))."' ";
+		description='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['description']))."' ";
 
 	if(array_key_exists('name', $_POST)) {
 		/* These values may be disabled, if they name key exists, assume
 		 * they aren't disabled and save them too */
-		$q .= ",name='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['name'])))."',
-			criteria='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['criteria'])))."', 
+		$q .= ",name='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['name']))."',
+			criteria='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['criteria']))."', 
 			sponsors_id='".intval($_POST['sponsors_id'])."' ";
 	}
 	$q .= "WHERE id='$id'";
-	mysql_query($q);
+	$q = $pdo->prepare($q);
+	$q->execute();
 	print_r($_POST);
 	echo $q;
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	happy_("Award information saved");
 	exit;
 
@@ -86,14 +91,17 @@
  	$id = intval($_GET['id']);
 	//select the current categories that this award is linked to
 	$ret = array('categories'=>array(), 'divisions'=>array() );
-	$q=mysql_query("SELECT * FROM award_awards_projectcategories WHERE award_awards_id='$id'");
-	while($r=mysql_fetch_assoc($q)) {
+	
+	$q=$pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE award_awards_id='$id'");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$ret['categories'][] = $r['projectcategories_id'];
 	}
 
 	//select the current categories that this award is linked to
-	$q=mysql_query("SELECT * FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
-	while($r=mysql_fetch_assoc($q)) {
+	$q = $pdo->$prepare("SELECT * FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$ret['divisions'][] = $r['projectdivisions_id'];
 	}
 	echo json_encode($ret);
@@ -109,24 +117,29 @@
 	}
 
 	//wipe out any old award-category links
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");
-
+	$q = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");
+	$q->execute();
 	foreach($_POST['categories'] AS $key=>$cat) {
 		$c = intval($cat);
-		mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) 
+		$q = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) 
 				VALUES ('$id','$c','{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$q->execute();
+		echo $q->errorInfo();
 	}
 
 	//wipe out any old award-divisions links
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	
+	$q = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$id'");
+	$q->execute();
 
 	//now add the new ones
 	foreach($_POST['divisions'] AS $key=>$div) {
 		$d = intval($div);
-		mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
+	
+		$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
 				VALUES ('$id','$d','{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	}
 	happy_("Eligibility information saved");
 	exit;
@@ -136,8 +149,9 @@
 	foreach ($_GET['prizelist'] as $position=>$id) {
 		if($id == '') continue;
 		$order++;
-		mysql_query("UPDATE `award_prizes` SET `order`='$order' WHERE `id`='$id'");
-	}
+		
+		$q = $pdo->prepare("UPDATE `award_prizes` SET `order`='$order' WHERE `id`='$id'");
+	$q->execute();	}
 //	print_r($_GET);
 	happy_("Order Updated.");
 	exit;
@@ -147,7 +161,9 @@
 	foreach ($_GET['awardlist'] as $position=>$id) {
 		if($id == '') continue;
 		$order++;
-		mysql_query("UPDATE `award_awards` SET `order`='$order' WHERE `id`='$id'");
+		
+		$q = $pdo->prepare("UPDATE `award_awards` SET `order`='$order' WHERE `id`='$id'");
+		$q->execute();
 	}
 	happy_("Order updated");
 	exit;
@@ -155,11 +171,15 @@
  case 'prizeinfo_load':
 	$id = intval($_GET['id']);
 	if($id == -1) {
-		$q=mysql_query("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE year='-1' AND award_awards_id='0' ORDER BY `order`");
+		$q->execute();
 	} else {
-		$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
+		
+		$q = $prepare("SELECT * FROM award_prizes WHERE award_awards_id='$id' ORDER BY `order`");
+		$q->execute();
 	}
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		foreach($r AS $k=>$v) {
 			$r[$k]=iconv("ISO-8859-1","UTF-8",$v);
 		}
@@ -169,8 +189,10 @@
 	exit;
  case 'prize_load':
 	$id = intval($_GET['id']);
-	$q = mysql_query("SELECT * FROM award_prizes WHERE id='$id'");
-	$ret=mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM award_prizes WHERE id='$id'");
+	$q->execute();
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	foreach($ret AS $k=>$v) {
 		$ret[$k]=iconv("ISO-8859-1","UTF-8",$v);
 	}
@@ -184,15 +206,17 @@
 		$aaid = 0;
 		$year = -1;
 	}
-	mysql_query("INSERT INTO award_prizes(award_awards_id,year) VALUES ('$aaid','$year');");
-	$ret = array('id' => mysql_insert_id() );
+
+	$q = $pdo->prepare("INSERT INTO award_prizes(award_awards_id,year) VALUES ('$aaid','$year');");
+	$ret = array('id' => $pdo->lastInsertId() );
 	echo json_encode($ret);
 	exit;
 
  case 'prize_save':
 	$id = intval($_POST['id']);
-	$q="UPDATE award_prizes SET 
-				prize='".mysql_escape_string(stripslashes(iconv("UTF-8","ISO-8859-1",$_POST['prize'])))."', 
+	
+	$q = $pdo->prepare("UPDATE award_prizes SET 
+				prize='".stripslashes(iconv("UTF-8","ISO-8859-1",$_POST['prize']))."', 
 				cash='".intval($_POST['cash'])."',
 				scholarship='".intval($_POST['scholarship'])."',
 				value='".intval($_POST['value'])."',
@@ -202,8 +226,9 @@
 				trophystudentreturn='".(($_POST['trophystudentreturn']==1) ? 1 : 0)."',
 				trophyschoolkeeper='".(($_POST['trophyschoolkeeper']==1) ? 1 : 0)."',
 				trophyschoolreturn='".(($_POST['trophyschoolreturn']==1) ? 1 : 0)."'
-				WHERE id='$id'";
-	mysql_query($q);
+				WHERE id='$id'");
+	
+	$q->execute();
 //	echo $q;
 //	echo mysql_error();
 	happy_("Prize saved");
@@ -218,15 +243,19 @@
  case 'feeder_load':
  	$id = intval($_GET['id']);
 	/* Prepare two lists of fair IDs, for which fairs can upload and download this award */
-	$q=mysql_query("SELECT * FROM fairs_awards_link WHERE award_awards_id='$id'");
+	
+	$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE award_awards_id='$id'");
+	$q->execute();
 	$ul = array(); 
 	$dl = array();
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		if($r['upload_winners'] == 'yes') $ul[$r['fairs_id']] = true;
 		if($r['download_award'] == 'yes') $dl[$r['fairs_id']] = true;
 	}
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$id'");
-	$a = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$id'");
+	$q -> execute();
+	$a = fetch(PDO::FETCH_ASSOC)
 ?>
 	<h4><?=i18n("Feeder Fairs")?></h4>
 	<form id="feeder_form">
@@ -257,8 +286,10 @@
 		<th style="width: 5em"><?=i18n("Upload Winners")?></th>
 		</tr>
 <?
-	$q = mysql_query("SELECT * FROM fairs WHERE type='feeder'");
-	while($r = mysql_fetch_assoc($q)) {
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE type='feeder'");
+	$q->execute();
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		echo "<tr><td style=\"padding-left:1em;padding-right:1em\">{$r['name']}</td>";
 		$ch = $dl[$r['id']] == true ? 'checked="checked"' : '';
 		echo "<td style=\"text-align:center\"><input type=\"checkbox\" name=\"feeder_dl[]\" value=\"{$r['id']}\" $ch ></td>";
@@ -288,24 +319,31 @@
 	foreach($ul AS $fairs_id) $data[$fairs_id]['ul']  = true;
 
 	/* Now save each one */
-	mysql_query("DELETE FROM fairs_awards_link WHERE award_awards_id='$id'");
-				echo mysql_error();
+	
+	$q = $pdo->prepare("DELETE FROM fairs_awards_link WHERE award_awards_id='$id'");
+	$q->execute();
+	echo $pdo->errorInfo();
 	foreach($data as $fairs_id=>$f) {
 		$dl = ($f['dl'] == true) ? 'yes' : 'no';
 		$ul = ($f['ul'] == true) ? 'yes' : 'no';
-		mysql_query("INSERT INTO fairs_awards_link (award_awards_id,fairs_id,download_award,upload_winners)
+	
+		$q = $pdo->prepare("INSERT INTO fairs_awards_link (award_awards_id,fairs_id,download_award,upload_winners)
 				VALUES ('$id','$fairs_id','$dl','$ul')");
-				echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	}
-	$ident=mysql_escape_string(stripslashes($_POST['identifier']));
+	$ident=stripslashes($_POST['identifier']);
 	$per_fair = $_POST['per_fair'] == 'yes' ? 'yes' : 'no';
 	$mat = intval($_POST['additional_materials']);
 	$w = intval($_POST['register_winners']);
-	mysql_query("UPDATE award_awards SET external_identifier='$ident',
+	
+	
+	$q = $pdo->prepare("UPDATE award_awards SET external_identifier='$ident',
 						external_additional_materials='$mat',
 						external_register_winners='$w',
 						per_fair='$per_fair'
 					WHERE id='$id'");
+	$q->execute();
 
 	happy_("Feeder Fair information saved");
 	exit;
@@ -629,10 +667,12 @@ $(document).ready(function() {
 			</td></tr>
 		<tr><td><?=i18n("Sponsor")?>:</td><td>
 <?
-	$sq=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+	
+	$sq = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+	$sq->execute();
 	echo "<select id=\"awardinfo_sponsors_id\" name=\"sponsors_id\">";
 	echo "<option value=\"\">".i18n("Choose a sponsor")."</option>\n";
-	while($sr=mysql_fetch_object($sq)) {
+	while($sr=$sq->fetch(PDO::FETCH_OBJ)) {
 		echo "<option value=\"$sr->id\">".i18n($sr->organization)."</option>";
 	}
 ?>
@@ -642,11 +682,13 @@ $(document).ready(function() {
 			</td></tr>
 		<tr><td><?=i18n("Type")?>:</td><td>
 <?
-	$tq=mysql_query("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+	
+	$tq = $pdo->prepare("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+	$tq->execute();
 	echo "<select id=\"awardinfo_award_types_id\" name=\"award_types_id\">";
 	//only show the "choose a type" option if we are adding,if we are editing, then they must have already chosen one.
 	echo $firsttype;
-	while($tr=mysql_fetch_object($tq)) {
+	while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 		echo "<option value=\"$tr->id\">".i18n($tr->type)."</option>";
 	}
 ?>
@@ -687,9 +729,11 @@ $(document).ready(function() {
 //	if(count($currentcategories)==0) $class="class=\"error\""; else $class="";
 
 	//now select all the categories so we can list them all
-	$cq=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
-	echo mysql_error();
-	while($cr=mysql_fetch_object($cq)) {
+
+	$cq = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+	$cq->execute();
+	echo $pdo->errorInfo();
+	while($cr=$cq->fetch(PDO::FETCH_OBJ)) {
 		echo "<input type=\"checkbox\" id=\"eligibility_categories_{$cr->id}\" name=\"categories[]\" value=\"$cr->id\" />".i18n($cr->category)."<br />";
 	}
 ?>
@@ -697,9 +741,11 @@ $(document).ready(function() {
 
 	<tr><td><?=i18n("Divisions")?>:</td><td>
 <?
-	$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
-	echo mysql_error();
-	while($dr=mysql_fetch_object($dq)) {
+	
+	$dq->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
+	$dq->execute();
+	echo errorInfo();
+	while($dr=$dq->fetch(PDO::FETCH_OBJ)) {
 		echo "<input type=\"checkbox\" id=\"eligibility_divisions_{$dr->id}\" name=\"divisions[]\" value=\"$dr->id\" />".i18n($dr->division)."<br />";
 	}
 //	if(count($currentcategories)==0 || count($currentdivisions)==0)
@@ -919,10 +965,12 @@ echo "<form method=\"get\" action=\"award_awards.php\" name=\"filterchange\">";
 
 echo "<table><tr><td colspan=\"2\">";
 
-$q=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+
+$q = $pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+$q->execute();
 echo "<select name=\"sponsors_id\" onchange=\"document.forms.filterchange.submit()\">";
 echo "<option value=\"all\">".i18n("All Sponsors")."</option>";
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($r->id == $sponsors_id) {
 		$sel="selected=\"selected\"";
 		$sponsors_organization=$r->organization;
@@ -934,10 +982,12 @@ echo "</select>";
 echo "</td></tr>";
 echo "<tr><td>";
 
-$q=mysql_query("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+
+$q = $pdo->prepare("SELECT id,type FROM award_types WHERE year='{$config['FAIRYEAR']}' ORDER BY type");
+$q->execute();
 echo "<select name=\"award_types_id\" onchange=\"document.forms.filterchange.submit()\">";
 echo "<option value=\"all\">".i18n("All Award Types")."</option>";
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($r->id == $award_types_id) {
 		$sel="selected=\"selected\"";
 		$award_types_type=$r->type;
@@ -983,7 +1033,8 @@ if($award_types_id) $where_ati="AND award_types_id='$award_types_id'";
 
 if(!$orderby) $orderby="order";
 
-$q=mysql_query("SELECT 
+
+	$q = $pdo->prepare("SELECT 
 			award_awards.id,
 			award_awards.name,
 			award_awards.order,
@@ -1000,10 +1051,12 @@ $q=mysql_query("SELECT
 				$where_ati
 			AND 	award_types.year='{$config['FAIRYEAR']}'
 		ORDER BY `$orderby`");
+	
+	$q->execute();
 
-echo mysql_error();
+echo $pdo->errorInfo();
 
-if(mysql_num_rows($q))
+if($q->rowCount())
 		{
 	echo "* ".i18n("Click on the Script Order and drag to re-order the awards");
 	echo "<table id=\"awardlist\" class=\"tableview\" >";
@@ -1018,7 +1071,7 @@ if(mysql_num_rows($q))
 
 
 		$hasexternal=false;
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if($r->award_source_fairs_id) {
 				$cl="externalaward";
 				$hasexternal=true;
@@ -1031,8 +1084,10 @@ if(mysql_num_rows($q))
 			echo " <td $eh>{$r->type}</td>\n";
 			echo " <td $eh>{$r->name}</td>\n";
 
-			$numq=mysql_query("SELECT SUM(number) AS num FROM award_prizes WHERE award_awards_id='{$r->id}'");
-			$numr=mysql_fetch_assoc($numq);
+	
+			$numq = $pdo->prepare("SELECT SUM(number) AS num FROM award_prizes WHERE award_awards_id='{$r->id}'");
+			$numq->execute();
+			$numr=$numq->fetch(PDO::FETCH_ASSOC);
 			if(!$numr['num'])
 				$numr['num']=0;
 
diff --git a/admin/award_download.php b/admin/award_download.php
index 1483674..31a3e20 100644
--- a/admin/award_download.php
+++ b/admin/award_download.php
@@ -32,8 +32,10 @@
 switch($_GET['action']) {
 case 'check':
 	$fairs_id = intval($_GET['fairs_id']);
-	$q=mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair=mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	if(!($fair['username'] && $fair['password'])) {
 		echo error(i18n("Username and Password are not set for source '%1'.  Please set them in the SFIAB Configuration/External Award Sources editor first",array($r->name)));
 		return;
@@ -71,9 +73,11 @@ case 'check':
 	}			
 
 	//get a list of all the existing awards for this external source
-	$aq=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	
+	$aq = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+	$aq->execute();
 	$existingawards=array();
-	while($ar=mysql_fetch_object($aq)) {
+	while($ar=$aq->fetch(PDO::FETCH_OBJ)) {
 		$existingawards[$ar->id] = true;
 	}
 	
@@ -106,27 +110,34 @@ case 'check':
 			continue;
 		}
 
-		$tq=mysql_query("SELECT * FROM award_awards WHERE 
+	
+		$tq = $pdo->prepare("SELECT * FROM award_awards WHERE 
 					external_identifier='$identifier' AND 
 					award_source_fairs_id='$fairs_id' AND 
 					year='$year'");
-		if(mysql_num_rows($tq)  == 0) {
+		$tq->execute();
+		if($tq->rowCount()  == 0) {
 			/* Award doesn't exist, create it, then update it with the common code below */
-			mysql_query("INSERT INTO award_awards (award_types_id,
+			
+			$q = $pdo->prepare("INSERT INTO award_awards (award_types_id,
 						year, external_identifier,
 						award_source_fairs_id) 
 					VALUES (2,'{$year}',
-					'".mysql_escape_string($identifier)."',
+					'".$identifier."',
 					'$fairs_id')");
-			$award_id=mysql_insert_id();
+			$q->execute();
+			$award_id=$q->insertLastId();
 			/* By default make all divs/cats eligible */
 			foreach($divs as $id=>$d) 
-				mysql_query("INSERT INTO award_awards_projectdivisions(award_awards_id,projectdivisions_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");
+			$q = $pdo->prepare("INSERT INTO award_awards_projectdivisions(award_awards_id,projectdivisions_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");	
+			$q->execute();
+			
 			foreach($cats as $id=>$c) 
-				mysql_query("INSERT INTO award_awards_projectcategories(award_awards_id,projectcategories_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");
+			$q = $pdo->prepare("INSERT INTO award_awards_projectcategories(award_awards_id,projectcategories_id,year) VALUES ('$award_id','$id','{$config['FAIRYEAR']}')");	
+			$q->execute();
 		} else {
 			echo i18n("Award already exists, updating info")."<br />";
-			$awardrecord=mysql_fetch_object($tq);
+			$awardrecord=Tq->fetch(PDO::FETCH_OBJ);
 			$award_id = $awardrecord->id;
 		}
 
@@ -134,35 +145,40 @@ case 'check':
 		unset($existingawards[$award_id]);
 
 		//check if the sponsor exists, if not, add them
-		$sponsor_str = mysql_escape_string($award['sponsor']);
-		$sponsorq=mysql_query("SELECT * FROM sponsors WHERE organization='$sponsor_str'");
-		if($sponsorr=mysql_fetch_object($sponsorq)) {
+		$sponsor_str = $award['sponsor'];
+		
+		$sponsorq=$pdo->prepare("SELECT * FROM sponsors WHERE organization='$sponsor_str'");
+		$sponsorq->execute();
+		if($sponsorr=$sponsorq->fetch(PDO::FETHC_OBJ)) {
 			$sponsor_id=$sponsorr->id;
 		} else {
-			mysql_query("INSERT INTO sponsors (organization,year,notes) 
-				VALUES ('$sponsor_str','$year','".mysql_escape_string("Imported from external source: $r->name")."')");
-			echo mysql_error();
-			$sponsor_id=mysql_insert_id();
+			$q = $pdo->prepare("INSERT INTO sponsors (organization,year,notes) 
+				VALUES ('$sponsor_str','$year','"."Imported from external source: $r->name"."')");
+			$q->execute();
+			echo $q->errroInfo();
+			$sponsor_id=$pdo->lastInsertId();
 		}
 
 
 		$self_nominate = ($award['self_nominate'] == 'yes') ? 'yes' : 'no';
 		$schedule_judges = ($award['schedule_judges'] == 'yes') ? 'yes' : 'no';
-		mysql_query("UPDATE award_awards SET
+		
+		$q = $pdo->prepare("UPDATE award_awards SET
 				sponsors_id='$sponsor_id',
-				name='".mysql_escape_string($award['name_en'])."',
-				criteria='".mysql_escape_string($award['criteria_en'])."',
-				external_postback='".mysql_escape_string($postback)."',
+				name='".$award['name_en']."',
+				criteria='".$award['criteria_en']."',
+				external_postback='".$postback."',
 				external_register_winners='".(($award['external_register_winners']==1)?1:0)."',
 				external_additional_materials='".(($award['external_additional_materials']==1)?1:0)."',
 				self_nominate='$self_nominate',
 				schedule_judges='$schedule_judges'
 			WHERE 
 				id='$award_id' 
-				AND external_identifier='".mysql_escape_string($identifier)."' 
+				AND external_identifier='".$identifier."' 
 				AND year='$year'
 		");
-		echo mysql_error();
+		$q->execute();
+		echo $q->errorInfo();
 
 		//update the prizes
 		$prizes = $award['prizes'];
@@ -172,9 +188,11 @@ case 'check':
 
 		echo i18n("Number of prizes: %1",array(count($prizes)))."<br />";
 		/* Get existing prizes */
-		$pq=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$award_id'");
+		
+		$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$award_id'");
+		$pq->execute();
 		$existingprizes=array();
-		while($pr=mysql_fetch_assoc($pq)) 
+		while($pr=$pq->fetch(PDO::FETCH_ASSOC)) 
 			$existingprizes[$pr['prize']]=$pr;
 
 
@@ -186,10 +204,12 @@ case 'check':
 				 * but it's much shorter code, and means changing things in only
 				 * one spot */
 				echo "&nbsp;".i18n("Adding prize %1",array($prize['prize_en']))."<br />";
-				$p = mysql_escape_string(stripslashes($prize['prize_en']));
-				mysql_query("INSERT INTO award_prizes (award_awards_id,prize,year,external_identifier)
+				$p = stripslashes($prize['prize_en']);
+				
+				$q = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,prize,year,external_identifier)
 					VALUES ('$award_id','$p','$year','$p')");
-				$prize_id = mysql_insert_id();
+				$q->execute();
+				$prize_id = $pdo->insertLastId();
 			} else {
 				$ep=$existingprizes[$prize['prize_en']];
 				echo "&nbsp;".i18n("Updating prize %1",array($ep['prize']))."<br />";
@@ -200,22 +220,25 @@ case 'check':
 
 			if(!array_key_exists('identifier', $prize)) $prize['identifier'] = $prize['prize_en'];
 
-			mysql_query("UPDATE award_prizes SET 
+			
+			$q = $pdo->prepare("UPDATE award_prizes SET 
 					cash='".intval($prize['cash'])."',
 					scholarship='".intval($prize['scholarship'])."',
 					value='".intval($prize['value'])."',
-					prize='".mysql_escape_string($prize['prize_en'])."',
+					prize='".$prize['prize_en']."',
 					number='".intval($prize['number'])."',
 					`order`='".intval($prize['ord'])."',
-					external_identifier='".mysql_real_escape_string(stripslashes($prize['identifier']))."',
+					external_identifier='".stripslashes($prize['identifier'])."',
 					trophystudentkeeper='".intval($prize['trophystudentkeeper'])."',
 					trophystudentreturn='".intval($prize['trophystudentreturn'])."',
 					trophyschoolkeeper='".intval($prize['trophyschoolkeeper '])."',
 					trophyschoolreturn='".intval($prize['trophyschoolreturn'])."'
 				WHERE
 					id='$prize_id'");
+			
+			$q->execute();
 
-			echo mysql_error();
+			echo $pdo->errorInfo();
 			//FIXME: update the translations
 		}
 
@@ -272,8 +295,10 @@ if(!function_exists('curl_init')) {
 </tr></thead>
 <?
 
-$q=mysql_query("SELECT * FROM fairs WHERE enable_awards='yes' ORDER BY name");
-while($r=mysql_fetch_object($q)) {
+
+$q = $pdo->prepare("SELECT * FROM fairs WHERE enable_awards='yes' ORDER BY name");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<tr>";
 	echo "<td>{$r->name}</td>\n";
 	echo "<td>{$r->url}</td>";
diff --git a/admin/award_upload.php b/admin/award_upload.php
index 647d485..cf94a69 100644
--- a/admin/award_upload.php
+++ b/admin/award_upload.php
@@ -68,28 +68,34 @@ function get_winners($awardid, $fairs_id)
 	$awards = array();
 	if($awardid == -1) {
 		/* Get all for this fair */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
-		if(mysql_num_rows($q) == 0) {
+	
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+		if($q->rowCount() == 0) {
 			error_("Can't find award id $awardid");
 			return false;
 		}
-		while($a = mysql_fetch_assoc($q)) {
+		while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 			$awards[] = $a;
 		}
 	} else {
 		/* Get the award */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
-		if(mysql_num_rows($q)!=1) {
+	 	
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowCount()!=1) {
 			error_("Can't find award id $awardid");
 			return false;
 		}
-		$award=mysql_fetch_assoc($q);
+		$award=$q->fetch(PDO::FETCH_ASSOC);
 		$awards[] = $award;
 	}
 
 	/* Get the fair for the div/cat mappings */
-	$q = mysql_query("SELECT * FROM fairs WHERE id='{$award['award_source_fairs_id']}'");
-	$fair = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$award['award_source_fairs_id']}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+	
 	$catmap = unserialize($fair['catmap']);
 	$divmap = unserialize($fair['divmap']);
 
@@ -107,29 +113,37 @@ function get_winners($awardid, $fairs_id)
 		}
 
 		/* Get the prizes */
-		$q=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
-		while($prize=mysql_fetch_assoc($q)) {
+	
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+		$q->execute();
+		while($prize=$q->fetch(PDO::FETCH_ASSOC)) {
 			$pid = $prize['id'];
-			$wq=mysql_query("SELECT projects.* FROM award_prizes
+		
+			$wq = $pdo->prepare("SELECT projects.* FROM award_prizes
 						LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 						LEFT JOIN projects ON projects.id=winners.projects_id
 					WHERE 
 						awards_prizes_id='$pid' AND 
 						winners.year='{$config['FAIRYEAR']}'");
-			echo mysql_error();
+			$wq->execute();
+			echo $pdo->erroInfo();
 			/* Get all projects assigned to this prize */
 			$prizewinners = array();
-			while($project=mysql_fetch_assoc($wq)) {
+			while($project=$wq->fetch(PDO::FETCH_ASSOC)) {
 
 				/* Get the students */
-				$sq=mysql_query("SELECT * FROM students WHERE registrations_id='{$project['registrations_id']}'
+			
+				$sq = $pdo->prepare("SELECT * FROM students WHERE registrations_id='{$project['registrations_id']}'
 							AND year='{$config['FAIRYEAR']}'");
+				$sq->execute();
 				$students=array();
-				while($s=mysql_fetch_assoc($sq)) {
+				while($s=$sq->fetch(PDO::FETCH_ASSOC)) {
 
 					/* Get the student's school */
-					$schoolq=mysql_query("SELECT * FROM schools WHERE id='{$s['schools_id']}'");
-					$schoolr=mysql_fetch_assoc($schoolq);
+					
+					$schoolq = $pdo->prepare("SELECT * FROM schools WHERE id='{$s['schools_id']}'");
+					$schoolq->execute();
+					$schoolr=$schoolq->fetch(PDO::FETCH_ASSOC);
 					$school = array("xml_type"=>"school");/* for ysc compatability */
 					foreach($school_fields as $k=>$v) 
 						$school[$k] = $schoolr[$v];
@@ -179,37 +193,45 @@ function count_winners($awardid, $fairs_id)
 	$awards = array();
 	if($awardid == -1) {
 		/* Get all for this fair */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
-		if(mysql_num_rows($q) == 0) {
+	 	
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE award_source_fairs_id='$fairs_id' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowCount() == 0) {
 			error_("Can't find award id $awardid");
 			return 0;
 		}
-		while($a = mysql_fetch_assoc($q)) {
+		while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 			$awards[] = $a;
 		}
 	} else {
 		/* Get the award */
-	 	$q=mysql_query("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
-		if(mysql_num_rows($q)!=1) {
+	 	
+		$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$awardid' AND year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		if($q->rowcount()!=1) {
 			error_("Can't find award id $awardid");
 			return 0;
 		}
-		$award=mysql_fetch_assoc($q);
+		$award=$q->fetch(PDO::FETCH_ASSOC);
 		$awards[] = $award;
 	}
 
 	foreach($awards as $award) {
 		/* Get the prizes */
-		$q=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
-		while($prize=mysql_fetch_assoc($q)) {
+		
+		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$award['id']}'");
+		$q->execute();
+		while($prize=$q->fetch(PDO::FETCH_ASSOC)) {
 			$pid = $prize['id'];
-			$wq=mysql_query("SELECT COUNT(projects.id) as C FROM award_prizes
+		
+			$wq = $pdo->prepare("SELECT COUNT(projects.id) as C FROM award_prizes
 						LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
 						LEFT JOIN projects ON projects.id=winners.projects_id
 					WHERE 
 						awards_prizes_id='$pid' AND 
 						winners.year='{$config['FAIRYEAR']}'");
-			$wc = mysql_fetch_assoc($wq);
+			$wq->execute();
+			$wc = $wq->fetch(PDO::FETCH_ASSOC);
 			$count += $wc['C'];
 		}
 	}
@@ -221,8 +243,10 @@ function count_winners($awardid, $fairs_id)
 function load_server_cats_divs($fairs_id)
 {
 	global $config;
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair = mysql_fetch_assoc($q);
+
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 
 	$req = array('get_categories' => array('year' => $config['FAIRYEAR']),
 			'get_divisions' => array('year' => $config['FAIRYEAR'])
@@ -235,8 +259,10 @@ function load_server_cats_divs($fairs_id)
 	} else {
 		$catmap = array();
 		/* Load ours */
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
-		while($r=mysql_fetch_object($q)) {
+	
+		$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			foreach($data['categories'] as $id=>$c) {
 				if($c['mingrade'] == $r->mingrade) {
 					$catmap[$r->id] = $id;
@@ -249,8 +275,10 @@ function load_server_cats_divs($fairs_id)
 		$divmap = unserialize($fair['divmap']);
 	} else {
 		$ret['divmap'] = array();
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
-		while($r=mysql_fetch_object($q)) {
+	
+		$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$lowest = 999;
 			$lowest_id = 0;
 			foreach($data['divisions'] as $id=>$d) {
@@ -278,8 +306,10 @@ case 'award_upload':
 	$all_winners = get_winners($award_awards_id, $fairs_id);
 
 	/* Get the fair */
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
-	$fair = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);;
 
 	echo '<br />';
 	/* Check that we're going to upload something, and override the 
@@ -365,8 +395,11 @@ case 'catdiv_load':
 	list($c, $d, $cm, $dm) = load_server_cats_divs($fairs_id);
 	$divs = projectdivisions_load();
 
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
-	$fair = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+
 
 ?>	<h4><?=i18n("Division Mapping")?></h4>
 	<br />
@@ -407,21 +440,27 @@ case 'catdiv_save':
 		$div[intval($key)] = intval($d);
 	}
 	
-	$catmap = mysql_real_escape_string(serialize($cat));
-	$divmap = mysql_real_escape_string(serialize($div));
-	mysql_query("UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'");
-	echo "UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'";
-	echo mysql_error();
+	$catmap = serialize($cat);
+	$divmap = serialize($div);
+
+	$q = $pdo->prepare("UPDATE fairs SET catmap='$catmap',divmap='$divmap' WHERE id='$fairs_id'");
+
+	$q->execute();
+	echo $pdo->errorInfo();
 
 	happy_("Category/Division mapping information saved");
 	exit;
 
 case 'additional_materials':
 	$award_awards_id = intval($_GET['award_awards_id']);
-	$q = mysql_query("SELECT award_source_fairs_id,external_identifier FROM award_awards WHERE id='$award_awards_id'");
-	$a = mysql_fetch_assoc($q);
-	$q = mysql_query("SELECT * FROM fairs WHERE id='{$a['award_source_fairs_id']}'");
-	$fair = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT award_source_fairs_id,external_identifier FROM award_awards WHERE id='$award_awards_id'");
+	$q->execute();
+	$a = $q->fetch(PDO::FETCH_ASSOC);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$a['award_source_fairs_id']}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	$req = array('award_additional_materials' => array(
 				'year'=>$config['FAIRYEAR'],
 				'identifier'=>$a['external_identifier'])
@@ -439,8 +478,11 @@ case 'load':
 	$winners = get_winners($award_awards_id, $fairs_id);
 	$divs = projectdivisions_load();
 
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id}'");
-	$fair = mysql_fetch_assoc($q);
+	
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id}'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
+	
 
 	echo i18n("The following list of winning projects/students will be sent to: <b>%1</b>.  Use the 'Edit Default Division Assignments' button to change the default mappings for divisions.  You can over-ride any division assignment by changing it in the list below.  Category assignments are done automatically based on grade.  When you are happy with the list below, click the 'Upload Winners' button.", array($fair['name']));
 
@@ -659,13 +701,15 @@ if(!function_exists('curl_init')) {
 
 
 /* Fairs first */
-$q = mysql_query("SELECT fairs.id, fairs.name, fairs.type, COUNT(award_awards.id) as AWARD_COUNT FROM fairs 
+
+$q = $pdo->prepare("SELECT fairs.id, fairs.name, fairs.type, COUNT(award_awards.id) as AWARD_COUNT FROM fairs 
 			LEFT JOIN award_awards ON award_awards.award_source_fairs_id=fairs.id
 			WHERE award_awards.award_source_fairs_id IS NOT NULL
 				AND award_awards.year='{$config['FAIRYEAR']}'
 			GROUP BY fairs.id
 			ORDER BY fairs.name ");
-echo mysql_error();
+$q->execute();
+echo $q->errorInfo();
 
 ?>
 <h4><?=i18n('Upload all winners to a source')?>:</h4>
@@ -678,7 +722,7 @@ echo mysql_error();
 </tr></thead>
 <?
 
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$count = count_winners(-1, $r->id);
 ?>
 	<tr><td><?=$r->name?></td>
@@ -700,7 +744,7 @@ while($r=mysql_fetch_object($q)) {
 
 <?
 
-$q = mysql_query("SELECT award_awards.id, award_awards.name AS awardname,
+$q = $pdo->prepare("SELECT award_awards.id, award_awards.name AS awardname,
 			  fairs.name as fairname, award_source_fairs_id, 
 			  fairs.type as fairtype, award_awards.external_additional_materials
 			FROM award_awards 
@@ -708,7 +752,8 @@ $q = mysql_query("SELECT award_awards.id, award_awards.name AS awardname,
 			WHERE award_awards.award_source_fairs_id IS NOT NULL
 				AND award_awards.year='{$config['FAIRYEAR']}'
 			ORDER BY fairs.name, award_awards.name");
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
 ?>
 <h4><?=i18n('Upload individual winners to a source')?>:</h4>
@@ -721,7 +766,7 @@ echo mysql_error();
 <th><?=i18n("Additional<br />Info")?></th>
 </tr></thead>
 <?
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$count = count_winners($r->id, $r->award_source_fairs_id);
 ?>	
 	<tr><td><?=$r->awardname?></td>
diff --git a/admin/awards.inc.php b/admin/awards.inc.php
index c8ae685..9515c2b 100644
--- a/admin/awards.inc.php
+++ b/admin/awards.inc.php
@@ -25,25 +25,42 @@
 function award_delete($award_awards_id)
 {
 	/* Delete all winners attached to this award */
-	$q = mysql_query("SELECT id FROM award_prizes WHERE award_awards_id='$award_awards_id'");
-	while(($p = mysql_fetch_assoc($q))) {
-		mysql_query("DELETE FROM winners WHERE award_prizes_id='{$p['id']}'");
+	
+   $q = $pdo->prepare("SELECT id FROM award_prizes WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+   	while(($p = $q->fetch(PDO::FETCH_ASSOC))) {
+		
+      $q = $pdo->prepare();
+      $q->execute("DELETE FROM winners WHERE award_prizes_id='{$p['id']}'");
 	}
 
 	/* FIXME: maybe delte judging teams and judge 
 	 * assignments and timeslots?
 
 	/* Delete the award */
-	mysql_query("DELETE FROM award_prizes WHERE award_awards_id='$award_awards_id'");
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$award_awards_id'");
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$award_awards_id'");
-	mysql_query("DELETE FROM award_awards WHERE id='$award_awards_id'");
+	
+   $q = $pdo->prepare("DELETE FROM award_prizes WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+	
+   $q = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+
+   $q = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$award_awards_id'");
+   $q->execute();
+	
+   $q = $pdo->prepare("DELETE FROM award_awards WHERE id='$award_awards_id'");
+   $q->execute();
 }
 
 function award_prize_delete($award_prizes_id)
 {
-	mysql_query("DELETE FROM winners WHERE award_prizes_id='$award_prizes_id'");
-	mysql_query("DELETE FROM award_prizes WHERE id='$award_prizes_id'");
+	
+   $q = $pdo->prepare("DELETE FROM winners WHERE award_prizes_id='$award_prizes_id'");
+   $q->execute();
+
+   $q = $pdo->prepare("DELETE FROM award_prizes WHERE id='$award_prizes_id'");
+   $q->execute();
+
 }
 
 ?>
diff --git a/admin/cms.php b/admin/cms.php
index badbac0..5a957ad 100644
--- a/admin/cms.php
+++ b/admin/cms.php
@@ -53,15 +53,17 @@
 		$insertdt=date("Y-m-d H:i:s");
 		$text=stripslashes($_POST[$textname]);
 
-		mysql_query("INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
-			'".mysql_escape_string($filename)."',
+		
+		$q = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
+			'".$filename."',
 			'$insertdt',
 			'$lang',
-			'".mysql_escape_string($text)."',
-			'".mysql_escape_string($_POST[$titlename])."',
+			'".$text."',
+			'".$_POST[$titlename]."',
 			'".$_POST[$showlogoname]."'
 			)");
-		if(mysql_error()) {
+		$q->execute();
+		if($pdo->errorInfo()) {
 			echo error(i18n("An error occurred saving %1 in %2",array($filename,$langname)));
 			$err=true;
 		}
@@ -85,14 +87,18 @@
 	foreach($config['languages'] AS $lang=>$langname) {
 		echo "<table class=\"tableview\" width=\"100%\">";
 		echo "<tr><th colspan=\"2\">";
-		$q=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' AND lang='$lang' ORDER BY dt DESC LIMIT 1");
-		if($r=mysql_fetch_object($q)) {
+		
+		$q = $pdo->prepare("SELECT * FROM cms WHERE filename='".$_GET['filename']."' AND lang='$lang' ORDER BY dt DESC LIMIT 1");
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if($r->dt=="0000-00-00 00:00:00" || !$r->dt) $dt="Never";
 			else $dt=$r->dt;
 			echo "<b>".htmlspecialchars($_GET['filename'])." - $langname</b> &nbsp;&nbsp; ".i18n("Last updated").": $dt<br />";
 			if($_GET['dt']) {
-				$q2=mysql_query("SELECT * FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' AND lang='$lang' AND dt<='".$_GET['dt']."' ORDER BY dt DESC LIMIT 1");
-				$r2=mysql_fetch_object($q2);
+				
+				$q2 = $pdo->prepare("SELECT * FROM cms WHERE filename='".$_GET['filename']."' AND lang='$lang' AND dt<='".$_GET['dt']."' ORDER BY dt DESC LIMIT 1");
+				$q2->execute();
+				$r2=$q2->fetch(PDO::FETCH_OBJ);
 				if($r2->dt!=$r->dt)
 				{
 					echo "Displaying historical file.  Date: $r->dt";
@@ -136,10 +142,13 @@
 	else $historylimit=30;
 
 	echo "<tr><th>".i18n("File History")."</th></tr>\n";
-	$q=mysql_query("SELECT DISTINCT(dt) FROM cms WHERE filename='".mysql_escape_string($_GET['filename'])."' ORDER BY dt DESC LIMIT $historylimit");
+	
+
+	$q = $pdo->prepare("SELECT DISTINCT(dt) FROM cms WHERE filename='".$_GET['filename']."' ORDER BY dt DESC LIMIT $historylimit");
+	$q->execute();
 	$first=true;
-	if(mysql_num_rows($q)) {
-		while($r=mysql_fetch_object($q)) 
+	if($q->rowCount()) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) 
 		{
 			if($r->dt==$_GET['dt']) $style="font-weight: bold;"; 
 			else $style="font-weight: normal;";
@@ -183,7 +192,7 @@
 	 while($r=$q->fetch(PDO::FETCH_ASSOC))
 	 {
 		echo "<tr><td><a href=\"cms.php?filename=".rawurlencode($r->filename)."\">/web/$r->filename</a></td>";
-		$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1");
+		$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='".$r->filename."' ORDER BY dt DESC LIMIT 1");
 	
 		$r2=$q2->fetch(PDO::FETCH_OBJ);
 		if($r2->dt=="0000-00-00 00:00:00") $dt="Never";
diff --git a/admin/committees.php b/admin/committees.php
index 37d60fc..db8abbb 100644
--- a/admin/committees.php
+++ b/admin/committees.php
@@ -128,7 +128,9 @@ function actionSubmit()
 if($_POST['addcommittee'])
 {
 	//add a new committee
-	mysql_query("INSERT INTO committees (name) VALUES ('".mysql_escape_string($_POST['addcommittee'])."')");
+	//re-order the committees
+	$q = $pdo->prepare("INSERT INTO committees (name) VALUES ('".$_POST['addcommittee']."')");
+	$q->execute();
 	echo happy(i18n("Committee successfully added"));
 }
 
@@ -142,7 +144,9 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
 	$pords = $_POST['order'];
 	while($ids[$x]) {
 		$cid = intval($ids[$x]);
-		mysql_query("UPDATE committees SET ord='".intval($ords[$x])."' WHERE id='$cid'");
+
+		$q = $pdo->prepare("UPDATE committees SET ord='".intval($ords[$x])."' WHERE id='$cid'");
+		$q->execute();
 		$x++;
 
 		$ctitle = $titles[$cid];
@@ -155,12 +159,12 @@ if($_POST['committees_id'] && $_POST['committees_ord']) {
 
 		foreach($ctitle as $uid=>$title) {
 			$o = intval($cord[$uid]);
-			$t = mysql_escape_string(stripslashes($title));
+			$t = stripslashes($title);
 			$u = intval($uid);
-			$q = "UPDATE committees_link SET title='$t', ord='$o'
-				WHERE committees_id='$cid' AND users_uid='$u'";
-//				echo $q;
-			mysql_query($q);
+			
+			$q = $pdo->prepare("UPDATE committees_link SET title='$t', ord='$o'
+				WHERE committees_id='$cid' AND users_uid='$u'");
+			$q->execute();
 		}
 
 	}
@@ -172,10 +176,12 @@ if($_POST['action']=="assign")
 {
 	if($_POST['committees_id'] && $_POST['users_uid']) {
 		$cid = intval($_POST['committees_id']);
-		$q=mysql_query("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
+		$q = $pdo->prepare("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_uid='$uid'");
+		$q->execute();
 
-		if(!mysql_num_rows($q)) {
-			mysql_query("INSERT INTO committees_link (committees_id,users_uid) VALUES ('$cid','$uid')");
+		if(!$q->rowCount()) {
+			$q = $pdo->prepare("INSERT INTO committees_link (committees_id,users_uid) VALUES ('$cid','$uid')");
+			$q->execute();
 			echo happy(i18n("Successfully added member to committee"));
 		}
 		else
@@ -187,7 +193,9 @@ if($_POST['action']=="assign")
 
 if($_GET['deletecommittee']) {
 	$del = intval($_GET['deletecommittee']);
-	mysql_query("DELETE FROM committees WHERE id='$del'");
+
+	$q = $pdo->prepare("DELETE FROM committees WHERE id='$del'");
+	$q->execute();
 	echo happy(i18n("Committee removed"));
 }
 
@@ -201,7 +209,9 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	$mem = intval($_GET['unlinkmember']);
 	$com = intval($_GET['unlinkcommittee']);
 	//unlink the member from the committee
-	mysql_query("DELETE FROM committees_link WHERE users_uid='$mem' AND committees_id='$com'");
+
+	$q = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='$mem' AND committees_id='$com'");
+	$q->execute();
 	echo happy(i18n("Committee member unlinked from committee"));
 }
 
@@ -272,7 +282,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	$q->execute();
 	echo "<select name=\"committees_id\">";
 	echo "<option value=\"\">".i18n("Select a Committee")."</option>\n";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		echo "<option value=\"$r->id\">$r->name</option>\n";
 	}
@@ -291,8 +301,10 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	echo "<hr />";
 
 
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
-	if(mysql_num_rows($q))
+
+	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
+	$q->execute();
+	if($q->rowCout())
 	{
 		echo "<h4>".i18n("Committees")."</h4>";
 		echo "<form method=\"post\" action=\"committees.php\">\n";
@@ -300,7 +312,7 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 		echo "<tr><td colspan=\"2\"></td><td><b>".i18n('Title')."</b></td>";
 		echo "<td><b>".i18n('Order')."</b></td>";
 		echo "<td><b>".i18n("Public Email / Private Email")."</b></td></tr>";
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<tr>";
 			echo "<td colspan=\"3\">";
@@ -309,7 +321,8 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 			echo "&nbsp; <b>".i18n($r->name)."</b>";
 
 
-			$q2=mysql_query("SELECT 
+			
+			$q2 = $pdo->prepare("SELECT 
 								committees_link.title,
 								committees_link.ord,
 								users.uid,
@@ -321,15 +334,16 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 								GROUP BY users.uid 
 								ORDER BY ord,
 								users.lastname ");
+			$q2->execute();
 
-			if(mysql_num_rows($q2)==0) {
+			if($q2->rowCount()==0) {
 				echo "&nbsp; &nbsp;";
 				echo "<a title=\"Remove Committee\" onclick=\"return confirmClick('Are you sure you want to remove this committee?');\" href=\"committees.php?deletecommittee=$r->id\"><img src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\" border=\"0\" alt=\"Remove Committee\" /></a>";
 			}
 
 			echo "</td></tr>\n";
-			echo mysql_error();
-			while($r2=mysql_fetch_object($q2)) {
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ)) {
 				$u = user_load_by_uid($r2->uid);
 				echo "<tr><td align=\"right\">&nbsp;&nbsp;&nbsp;&nbsp;";
 				echo "<a title=\"Edit Member\" href=\"#\" onclick=\"openeditor({$u['id']})\"><img src=\"{$config['SFIABDIRECTORY']}/images/16/edit.{$config['icon_extension']}\" border=\"0\" alt=\"Edit\" /></a>";
diff --git a/admin/communication.php b/admin/communication.php
index c531a4c..4e48a8e 100644
--- a/admin/communication.php
+++ b/admin/communication.php
@@ -42,8 +42,9 @@
 switch($_GET['action']) {
 case 'dialog_choose_load':
 	$emails_id = intval($_GET['emails_id']);
-	$q = mysql_query("SELECT * FROM emails WHERE id='$emails_id'");
-	$e = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM emails WHERE id='$emails_id'");
+	$q->execute();
+	$e = $q->fetch(PDO::FETCH_ASSOC);
 	?>
 	<table class="editor">
 	<tr><td class="label" style="width:15%"><?=i18n('Name')?>:</td><td class="input"><?=$e['name']?></td></tr>
@@ -64,9 +65,10 @@ case 'dialog_choose':
 	<select id="comm_dialog_choose_emails_id">
 		<option value="-1">-- <?=i18n('Choose a Communication')?> --</option>
 	<?
-	$type = mysql_real_escape_string($_GET['type']);
-	$q = mysql_query("SELECT * FROM emails WHERE type='$type'");
-	while($e = mysql_fetch_assoc($q)) {
+	$type = $_GET['type'];
+	$q = $pdo->prepare("SELECT * FROM emails WHERE type='$type'");
+	$q->execute();
+	while($e = $q->fetch(PDO::FETCH_ASSOC)) {
 		echo "<option value=\"{$e['id']}\">{$e['name']}</option>";
 	}
 	?>
@@ -155,21 +157,22 @@ case 'email_save':
 	$subject=iconv("UTF-8","ISO-8859-1//TRANSLIT",$subject);
 
 	//Now its safe to escape it for the db query
-	$name = mysql_real_escape_string(stripslashes($name));
-	$description = mysql_real_escape_string(stripslashes($description));
-	$from = mysql_real_escape_string(stripslashes($from));
-	$subject = mysql_real_escape_string(stripslashes($subject));
-	$bodyhtml = mysql_real_escape_string(stripslashes($bodyhtml));
+	$name = stripslashes($name);
+	$description = stripslashes($description);
+	$from = stripslashes($from);
+	$subject = stripslashes($subject);
+	$bodyhtml = stripslashes($bodyhtml);
 
-	$type = mysql_real_escape_string($_POST['type']);
-	$key = mysql_real_escape_string($_POST['key']);
-	$fcid = mysql_real_escape_string($_POST['fcid']);
+	$type = $_POST['type'];
+	$key = $_POST['key'];
+	$fcid = $_POST['fcid'];
 
 	if($id == 0) {
 		if($key && $name) {
-			mysql_query("INSERT INTO emails(type,val) VALUES('$type','$key')");
-			echo mysql_error();
-			$id = mysql_insert_id();
+			$q = $pdo->prepare("INSERT INTO emails(type,val) VALUES('$type','$key')");
+			$q->execute();
+			echo $pdo->errorInfo();
+			$id = lastInsertId();
 		} else {
 			error_("Email Key and Name are required");
 			exit;
@@ -180,7 +183,7 @@ case 'email_save':
 	$fcstr = ($fcid == 0) ? 'NULL' : "'$fcid'";
 
 	$body=getTextFromHtml($bodyhtml);
-	mysql_query("UPDATE emails SET 
+	$q = $pdo->prepare("UPDATE emails SET 
 								name='$name',
 								description='$description',
 								`from`='$from',
@@ -189,7 +192,8 @@ case 'email_save':
 								bodyhtml='$bodyhtml',
 								fundraising_campaigns_id=$fcstr
 						WHERE id='$id'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	happy_("Email Saved");
 	exit;
 
@@ -208,8 +212,8 @@ case 'dialog_edit':
 		if(array_key_exists('fundraising_campaigns_id', $_GET)) {
 			$fcid = intval( $_GET['fundraising_campaigns_id']);
 			$type = 'fundraising';
-			$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-			$fc=mysql_fetch_object($q);
+			$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
+			$fc=$q->fetch(PDO::FETCH_OBJ);
 			$name=i18n("%1 communication for %2",array(ucfirst($key),$fc->name));
 		} else {
 			$fcid = 0;
@@ -219,12 +223,13 @@ case 'dialog_edit':
 		$from=$_SESSION['name']." <".$_SESSION['email'].">";
 	}
 	if($id) {
-		$q = mysql_query("SELECT * FROM emails WHERE id='$id'");
-		if(mysql_num_rows($q) != 1) {
+		$q = $pdo->prepare("SELECT * FROM emails WHERE id='$id'");
+		$q->execute();
+		if($q->rowCount() != 1) {
 			echo "Ambiguous edit";
 			exit;
 		}
-		$e = mysql_fetch_assoc($q);
+		$e = $q->fetch(PDO::FETCH_ASSOC);
 
 		/* If we're supposed to clone it, load it then zero out the
 		 * id so we make a new record on save, and override the key */
@@ -398,18 +403,21 @@ case 'dialog_send':
 	$fcid=intval($_GET['fundraising_campaigns_id']);
 	$emailid=intval($_GET['emails_id']);
 
-	$fcq=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-	$fc=mysql_fetch_object($fcq);
+	$fcq=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
+	$fcq->execute();
+	$fc=$fcq->fetch(PDO::FETCH_OBJ);
 
-	$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
-	$email=mysql_fetch_object($emailq);
+	$emailq=$pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
+	$emailq->execute();
+	$email=$email->fetch(PDO::FETCH_OBJ);
 
 	?>
 	<form id="send">
 	<table style="width:100%">
 	<?
-	$q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$numrecipients=$r->num;
 
 	echo "<tr><td>".i18n("Appeal")."</td><td>".$fc->name." - ".i18n(ucfirst($email->val))."</td></tr>\n";
@@ -502,8 +510,9 @@ case 'dialog_sender':
 	$u=user_load_by_uid(intval($_GET['uid']));
 
 	if($_GET['template']) {
-		$emailq=mysql_query("SELECT * FROM emails WHERE `val`='".mysql_real_escape_string($_GET['template'])."'");
-		$e=mysql_fetch_assoc($emailq);
+		$emailq=$pdo->prepare("SELECT * FROM emails WHERE `val`='".$_GET['template']."'");
+		$emailq->execute();
+		$e=$emailq->fetch(PDO::FETCH_ASSOC);
 	}
 	else
 		$e=null;
@@ -642,16 +651,22 @@ case "email_get_list":
 
 	 case 'cancel':
 	 if($_GET['cancel']) {
-		mysql_query("UPDATE emailqueue SET finished=NOW() WHERE id='".intval($_GET['cancel'])."'");
-		mysql_query("UPDATE emailqueue_recipients SET result='cancelled' WHERE emailqueue_id='".intval($_GET['cancel'])."' AND sent IS NULL AND result IS NULL");
+		
+		$q = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='".intval($_GET['cancel'])."'");
+		$q->execute();
+	
+		$q = $pdo->prepare("UPDATE emailqueue_recipients SET result='cancelled' WHERE emailqueue_id='".intval($_GET['cancel'])."' AND sent IS NULL AND result IS NULL");
+		$q->execute();
 		echo "ok";
 	 }
 	 exit;
 
 	case 'loadaddresses':
 		if($_GET['query'] && array_key_exists($_GET['query'],$mailqueries)) {
-			$q=mysql_query($mailqueries[$_GET['query']]['query']);
-			while($r=mysql_fetch_object($q)) {
+			
+			$q = $pdo->prepare($mailqueries[$_GET['query']]['query']);
+			$q->execute();
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				if($r->organization) $s="($r->organization) ";
 				else $s="";
 				echo "$r->firstname $r->lastname {$s}&lt;$r->email&gt;<br />";
@@ -666,43 +681,52 @@ case "email_get_list":
 	$fcid=intval($_POST['fundraising_campaigns_id']);
 	$emailid=intval($_POST['emails_id']);
 
-	$fcq=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
-	$fc=mysql_fetch_object($fcq);
 
-	$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
-	$email=mysql_fetch_object($emailq);
+	$fcq = $pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$fcid'");
+	$fcq->execute();
+	$fc=$fcq->fetch(PDO::FETCH_OBJ);
 
-	$recipq=mysql_query("SELECT * FROM fundraising_campaigns_users_link
+	
+	$emailq = $pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
+	$emailq.execute();
+	$email=$emailq.fetch(PDO::FETCH_OBJ);
+
+	$recipq = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
 						WHERE fundraising_campaigns_id='$fcid'");
-	echo mysql_error();
+	$recipq.execute();
+	echo $pdo->errorInfo();
 
-	$numtotal=mysql_num_rows($recipq);
-	mysql_query("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
-			'".mysql_real_escape_string($email->val)."',
-			'".mysql_real_escape_string($email->name)."',
+	$numtotal=$recipq->rowCount();
+
+	$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
+			'".$email->val."',
+			'".$email->name."',
 			'".$_SESSION['users_uid']."',
-			'".mysql_real_escape_string($email->from)."',
-			'".mysql_real_escape_string($email->subject)."',
-			'".mysql_real_escape_string($email->body)."',
-			'".mysql_real_escape_string($email->bodyhtml)."',
-			'".mysql_real_escape_string($email->type)."',
+			'".$email->from."',
+			'".$email->subject."',
+			'".$email->body."',
+			'".$email->bodyhtml."',
+			'".$email->type."',
 			$fcid,
 			NOW(),
 			NULL,
 			$numtotal,
 			0)");
-	$emailqueueid=mysql_insert_id();
-	echo mysql_error();
+	$q->execute();
+	$emailqueueid=$pdo->lastInsertId();
+	echo $pdo->errorInfo();
 
 	$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
 	$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
 	$urllogin = "$urlmain/login.php";
-	while($r=mysql_fetch_object($recipq)) {
+	while($r=$recipq->fetch(PDO::FETCH_OBJ)) {
 		$u=user_load_by_uid($r->users_uid);
 
 		//we only send school access codes to science heads or principals
-		$acq=mysql_query("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
-		$acr=mysql_fetch_object($acq);
+	
+		$acq = $pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+		$acq->execute();
+		$acr=$acq->fetch(PDO::FETCH_OBJ);
 		$accesscode=$acr->accesscode;
 
 		$replacements=array(
@@ -719,15 +743,18 @@ case "email_get_list":
 					);
 
 		if($u['email'] && $u['email'][0] != '*') {
-			mysql_query("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
+			
+			$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
 				'$emailqueueid',
-				'".mysql_real_escape_string($u['email'])."',
-				'".mysql_real_escape_string($u['name'])."',
-				'".mysql_real_escape_string(json_encode($replacements))."',
-				NULL)");
-			echo mysql_error();
+				'".$u['email']."',
+				'".$u['name']."',
+				'".json_encode($replacements."',
+				NULL)"));
+			$q->execute();
+			echo $pdo->erroInfo();
 		}
-		mysql_query("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+		$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+		$q->execute();
 	}
 	echo "ok";
 	launchQueue();
@@ -759,14 +786,18 @@ case "email_get_list":
  <?
 
  if($_GET['action']=="delete" && $_GET['delete']) {
- 	mysql_query("DELETE FROM emails WHERE id='".$_GET['delete']."' AND `type`='user'");
+	$q = $pdo->prepare("DELETE FROM emails WHERE id='".$_GET['delete']."' AND `type`='user'");
+ 	$q->execute();
 	echo happy("Email successfully deleted");
  }
 
 	if($_GET['action']=="send" && $_GET['send']) {
-		echo mysql_error();
-		$q=mysql_query("SELECT * FROM emails WHERE id='".$_GET['send']."'");
-		$r=mysql_fetch_object($q);
+		echo $pdo->errorInfo();
+	
+		$q = $pdo->prepare("SELECT * FROM emails WHERE id='".$_GET['send']."'");
+		$q->execute();
+
+		$r=$q->fetch(PDO::FETCH_OBJ);
 
 		echo i18n("Please confirm you would like to send the following email, and choose who to send it to");
 		echo "<br>";
@@ -779,14 +810,16 @@ case "email_get_list":
 		echo " <option value=\"\">Choose Email Recipients</option>";
 		$str="";
 		foreach($mailqueries AS $k=>$mq) {
-			$tq=mysql_query($mq['query']);
-            if(mysql_error()) {
-                echo mysql_error();
+			$tq=$pdo->prepare($mq['query']);
+			
+			$tq->execute();
+            if($pdo->errorInfo()) {
+                echo $pdo->errorInfo();
                 exit;
             }
-			$num=mysql_num_rows($tq);
+			$num=$tq->rowCount();
 			$str.="<h2>".$mq['name']." $num </h2>";
-			while($tr=mysql_fetch_object($tq)) {
+			while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 				$str.="[".$tr->uid."][".$tr->year."] ".$tr->firstname." ".$tr->lastname." &lt;{$tr->email}&gt;<br />";
 			}
 			echo " <option value=\"$k\">".i18n($mq['name'])." (".i18n("%1 recipients",array($num),array("number")).")</option>";
@@ -829,37 +862,39 @@ case "email_get_list":
 	}
 	else if($_POST['action']=="reallysend" && $_POST['reallysend'] && $_POST['to']) {
 		$emailid=intval($_POST['reallysend']);
-		$emailq=mysql_query("SELECT * FROM emails WHERE id='$emailid'");
-		$email=mysql_fetch_object($emailq);
+		$emailq=$pdo->prepare("SELECT * FROM emails WHERE id='$emailid'");
+		$email=$emailq->fetch(PDO::FETCH_OBJ);
 		$to=$_POST['to'];
 
 		if(array_key_exists($to,$mailqueries)) {
-				$recipq=mysql_query($mailqueries[$to]['query']);
+				$recipq=$pdo->prepare($mailqueries[$to]['query']);
+				$recipq->execute();
 		}
 
-		$numtotal=mysql_num_rows($recipq);
-		mysql_query("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
-				'".mysql_real_escape_string($email->val)."',
-				'".mysql_real_escape_string($email->name)."',
+		$numtotal=$recipq->rowCount();
+		$q = $pdo->prepare("INSERT INTO emailqueue (val,name,users_uid,`from`,subject,body,bodyhtml,`type`,fundraising_campaigns_id,started,finished,numtotal,numsent) VALUES (
+				'".$email->val."',
+				'".$email->name."',
 				'".$_SESSION['users_uid']."',
-				'".mysql_real_escape_string($email->from)."',
-				'".mysql_real_escape_string($email->subject)."',
-				'".mysql_real_escape_string($email->body)."',
-				'".mysql_real_escape_string($email->bodyhtml)."',
-				'".mysql_real_escape_string($email->type)."',
+				'".$email->from."',
+				'".$email->subject."',
+				'".$email->body."',
+				'".$email->bodyhtml."',
+				'".$email->type."',
 				NULL,
 				NOW(),
 				NULL,
 				$numtotal,
 				0)");
-		$emailqueueid=mysql_insert_id();
-		echo mysql_error();
+		$q->execute();
+		$emailqueueid=lastInsertId();
+		echo $pdo->errorInfo();
 
 		$urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://";
 		$urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}";
 		$urllogin = "$urlmain/login.php";
 
-		while($r=mysql_fetch_object($recipq)) {
+		while($r=$recipq->fetch(PDO::FETCH_OBJ)) {
 			if($r->uid)
 				$u=user_load_by_uid($r->uid);
 			else if($r->users_uid) 
@@ -883,9 +918,10 @@ case "email_get_list":
 			if($u) {
 
 				//we only send school access codes to science heads or principals
-				$acq=mysql_query("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
-				echo mysql_error();
-				$acr=mysql_fetch_object($acq);
+				$acq=$pdo->prepare("SELECT accesscode FROM schools WHERE (sciencehead_uid='{$u['uid']}' OR principal_uid='{$u['uid']}') AND `year`='{$config['FAIRYEAR']}'");
+				$acq->execute();
+				echo $pdo->errorInfo();
+				$acr=$acq->fetch(PDO::FETCH-OBJ);
 				$accesscode=$acr->accesscode;
 
 				$replacements=array(
@@ -906,15 +942,18 @@ case "email_get_list":
 			}
 
 			if($toemail) {
-				mysql_query("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
+				$q = $pdo->prepare("INSERT INTO emailqueue_recipients (emailqueue_id,toemail,toname,replacements,sent) VALUES (
 					'$emailqueueid',
-					'".mysql_real_escape_string($toemail)."',
-					'".mysql_real_escape_string($toname)."',
-					'".mysql_real_escape_string(json_encode($replacements))."',
+					'".$toemail."',
+					'".$toname."',
+					'".json_encode($replacements)."',
 					NULL)");
-				echo mysql_error();
+				$q->execute();
+				echo $pdo->errorInfo();
 			}
-			mysql_query("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+			
+			$q = $pdo->prepare("UPDATE emails SET lastsent=NOW() WHERE id='$emailid'");
+			$q->execute();
 		}
 		launchQueue();
 		echo "<br />";
diff --git a/admin/communication_send_status.php b/admin/communication_send_status.php
index a1a874e..487038b 100644
--- a/admin/communication_send_status.php
+++ b/admin/communication_send_status.php
@@ -27,12 +27,15 @@
  user_auth_required('committee', 'admin');
 
  if($_GET['action']=="status") {
-	 $q=mysql_query("SELECT * FROM emailqueue WHERE finished IS NULL");
+	
+	 $q = $pdo->prepare("SELECT * FROM emailqueue WHERE finished IS NULL");
+	 $q->execute();
 
-	 if($config['emailqueue_lock'] || mysql_num_rows($q)) {
+	 if($config['emailqueue_lock'] || $q->rowCount()) {
 		echo "<h4>".i18n("Active Send Queues")."</h4>\n";
-		$q=mysql_query("SELECT *,UNIX_TIMESTAMP(started) AS ts FROM emailqueue WHERE finished IS NULL ORDER BY started DESC");
-
+		
+		$q = $pdo->prepare("SELECT *,UNIX_TIMESTAMP(started) AS ts FROM emailqueue WHERE finished IS NULL ORDER BY started DESC");
+		$q->execute();
 	 	if(!$config['emailqueue_lock']) {
 			echo error(i18n("It looks like there's emails waiting to send, but the sending process isnt running.").
 			"<br />".
@@ -51,7 +54,7 @@
 		echo " <th>".i18n("Cancel")."</th>\n";
 		echo "</tr></thead>\n";
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 			echo " <td>$r->name</td>\n";
 			echo " <td>$r->subject</td>\n";
@@ -89,7 +92,9 @@
 		<?
 	 }
 
-	$q=mysql_query("SELECT * FROM emailqueue WHERE finished IS NOT NULL ORDER BY started DESC LIMIT 10");
+
+	$q = $pdo->prepare("SELECT * FROM emailqueue WHERE finished IS NOT NULL ORDER BY started DESC LIMIT 10");
+	$q->execute();
 	echo "<h4>".i18n("Completed Send Queues")."</h4>\n";
 	echo "<table class=\"tableview\">\n";
 	echo "<thead><tr>";
@@ -103,7 +108,7 @@
 	//FIXME: comment bounced until we implement it
 //	echo " <th>".i18n("Bounced")."</th>\n";
 	echo "</tr></thead>\n";
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
 		echo " <td>$r->name</td>\n";
 		echo " <td>$r->subject</td>\n";
diff --git a/admin/cwsfregister.php b/admin/cwsfregister.php
index 14c9a74..1173454 100644
--- a/admin/cwsfregister.php
+++ b/admin/cwsfregister.php
@@ -29,14 +29,15 @@ include "xml.inc.php";
  	global $config;
  	$winners=array();
 
- 	$q=mysql_query("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)==1)
+ 	$q=$pdo->prepare("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()==1)
 	{
-		$award=mysql_fetch_object($q);
-		$pq=mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$award->id'");
-		while($prize=mysql_fetch_object($pq))
+		$award=$q->fetch(PDO::FETCH_OBJ);
+		$pq=$pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$award->id'");
+		while($prize=$pq->fetch(PDO::FETCH_OBJ))
 		{
-			$wq=mysql_query("SELECT 
+			$wq=$pdo->prepare("SELECT 
 						projects.id,
 						projects.projectnumber,
 						projects.title,
@@ -52,13 +53,16 @@ include "xml.inc.php";
 						winners.projects_id=projects.id AND
 						awards_prizes_id='$prize->id' AND 
 						winners.year='".$config['FAIRYEAR']."'");
-						echo mysql_error();
-			while($project=mysql_fetch_object($wq))
+				$wq->execute();
+				
+						echo $pdo->errorInfo();
+			while($project=$wq->fetch(PDO::FETCH_OBJ))
 			{
-				$sq=mysql_query("SELECT * FROM students WHERE registrations_id='$project->registrations_id' AND year='".$config['FAIRYEAR']."'");
+				$sq=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$project->registrations_id' AND year='".$config['FAIRYEAR']."'");
+				$sq->execute();
 				$students=array();
 				$cwsf_agecategory=0;
-				while($s=mysql_fetch_object($sq))
+				while($s=$sq->fetch(PDO::FETCH_OBJ))
 				{
 					if($s->grade>=7 && $s->grade<=8)
 					{
@@ -129,7 +133,8 @@ include "xml.inc.php";
  {
  	foreach($_POST['cwsfdivision'] AS $p=>$d)
 	{
-		mysql_query("UPDATE projects SET cwsfdivisionid='$d' WHERE id='$p'");
+		$q = $pdo->prepare("UPDATE projects SET cwsfdivisionid='$d' WHERE id='$p'");
+		$q->execute();
 	}
 	echo happy(i18n("CWSF Project Divisions saved"));
  }
@@ -166,12 +171,13 @@ include "xml.inc.php";
  }
 
  /* Load the YSC fair */
- $q = mysql_query("SELECT * FROM fairs WHERE abbrv='YSC'");
- if(mysql_num_rows($q) < 1) {
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE abbrv='YSC'");
+ $q->execute();
+ if($q->rowCount() < 1) {
  	echo error(i18n("You have not defined the YSC upstream fair in the Science Fair Management area."));
 	$ok = false;
  } else {
-	 $f = mysql_fetch_assoc($q);
+	 $f = $q->fetch(PDO::FETCH_ASSOC);
 	 $ysc_region_id = $f['username'];
 	 $ysc_region_password = $f['password'];
  }
@@ -188,20 +194,21 @@ include "xml.inc.php";
 
  if($ok)
  {
- 	$q=mysql_query("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
-	if(!mysql_num_rows($q))
+ 	$q=$pdo->prepare("SELECT * FROM award_awards WHERE cwsfaward='1' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if(!$q->rowCount())
 	{
 		echo error(i18n("Cannot find an award that is specified as the Canada-Wide Science Fair Award"));
 		echo i18n("Please go to the awards manager and select which award identifies your CWSF students");
 	}
-	else if(mysql_num_rows($q)>1)
+	else if($q->rowCount()>1)
 	{
 		echo error(i18n("There is more than one award that is identified as your Canada-Wide Science Fair award."));
 		echo i18n("Please go to the awards manager and choose only one award that identifies your CWSF students");
 	}
 	else
 	{
-		$award=mysql_fetch_object($q);
+		$award=$q->fetch(PDO::FETCH_OBJ);
 		echo "<b>".i18n("CWSF Award").":</b> ".$award->name."<br />";
 		echo i18n("Please review the list of winning projects/students below.  If it is all correct then you can click the 'Register for CWSF' button at the bottom of the page to send the information to YSC");
 		echo "<br />";
@@ -258,8 +265,9 @@ include "xml.inc.php";
 
 			echo "</td><td>";
 
-			$t=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$winner['projectdivisions_id']."'");
-			$tr=mysql_fetch_object($t);
+			$t=$q->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$winner['projectdivisions_id']."'");
+			$t->execute();
+			$tr=$t->fetch(PDO::FETCH_OBJ);
 			echo $tr->division;
 			echo "<br />";
 
diff --git a/admin/documentdownloader.php b/admin/documentdownloader.php
index 0efec64..2b23649 100644
--- a/admin/documentdownloader.php
+++ b/admin/documentdownloader.php
@@ -24,8 +24,9 @@
  require("../common.inc.php");
  require_once("../user.inc.php");
  user_auth_required('committee', 'admin');
- $q=mysql_query("SELECT * FROM documents WHERE id='".$_GET['id']."'");
- if($r=mysql_fetch_object($q))
+ $q=$pdo->prepare("SELECT * FROM documents WHERE id='".$_GET['id']."'");
+ $q->execute();
+ if($r=$q->fetch(PDO::FETCH_OBJ))
  {
 	header("Content-type: ".trim(exec("file -bi ../data/documents/$r->filename")));
 	header("Content-disposition: inline; filename=\"".$r->filename."\"");
diff --git a/admin/donations.php b/admin/donations.php
index 9921e8a..dec1d9b 100644
--- a/admin/donations.php
+++ b/admin/donations.php
@@ -143,11 +143,15 @@ function refresh_fundraising_table() {
 <?
 
  //first, insert any defaults
- $q=mysql_query("SELECT * FROM fundraising WHERE year='".$config['FAIRYEAR']."'");
- if(!mysql_num_rows($q)) {
-	 $q=mysql_query("SELECT * FROM fundraising WHERE year='-1'");
-	 while($r=mysql_fetch_object($q)) {
-		 mysql_query("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES ('$r->type','".mysql_real_escape_string($r->name)."','".mysql_real_escape_string($r->description)."','$r->system','$r->goal','".$config['FAIRYEAR']."')");
+ $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ if(!$q->rowCount()) {
+	 $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='-1'");
+
+     $q->execute();
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
+		$q = $pdo->prepare("INSERT INTO fundraising (`type`,`name`,`description`,`system`,`goal`,`year`) VALUES ('$r->type','".$r->name."','".$r->description."','$r->system','$r->goal','".$config['FAIRYEAR']."')");
+        $q->execute();
 	 }
  }
 
diff --git a/admin/donors.php b/admin/donors.php
index 5f311c3..6f93e9f 100644
--- a/admin/donors.php
+++ b/admin/donors.php
@@ -31,8 +31,9 @@ require_once("fundraising_common.inc.php");
 switch($_GET['action']) {
 	case 'organizationinfo_load':
 		$id=intval($_GET['id']);
-		$q=mysql_query("SELECT * FROM sponsors WHERE id='$id'");
-		$ret=mysql_fetch_assoc($q);
+		$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$id'");
+		$q->execute();
+		$ret=$q->fetch(PDO::FETCH_ASSOC);
 		echo json_encode($ret);		
 		exit;
 		break;
@@ -40,8 +41,9 @@ switch($_GET['action']) {
 	case 'organizationinfo_save':
 		$id=intval($_POST['sponsor_id']);
 		if($id==-1) {
-			$q=mysql_query("INSERT INTO sponsors (year) VALUES ('".$config['FAIRYEAR']."')");
-			$id=mysql_insert_id();
+			$q=$pdo->prepare("INSERT INTO sponsors (year) VALUES ('".$config['FAIRYEAR']."')");
+			$q->execute();
+			$id=$pdo->lastInsertId();
 			echo json_encode(array("id"=>$id));
 			save_activityinfo("Created donor/sponsor", $id, $_SESSION['users_uid'],"System");
 			$createnew=true;
@@ -50,26 +52,27 @@ switch($_GET['action']) {
 
 		if($id) {
 			$exec="UPDATE sponsors SET ".
-			"donortype='".mysql_escape_string(stripslashes($_POST['donortype']))."', ".
-			"organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ".
-			"address='".mysql_escape_string(stripslashes($_POST['address']))."', ".
-			"address2='".mysql_escape_string(stripslashes($_POST['address2']))."', ".
-			"city='".mysql_escape_string(stripslashes($_POST['city']))."', ".
-			"province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ".
-			"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ".
-			"phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ".
-			"tollfree='".mysql_escape_string(stripslashes($_POST['tollfree']))."', ".
-			"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
-			"email='".mysql_escape_string(stripslashes($_POST['email']))."', ".
-			"website='".mysql_escape_string(stripslashes($_POST['website']))."', ".
-			"notes='".mysql_escape_string(stripslashes($_POST['notes']))."', ".
-			"donationpolicyurl='".mysql_escape_string(stripslashes($_POST['donationpolicyurl']))."', ".
-			"fundingselectiondate='".mysql_escape_string(stripslashes($_POST['fundingselectiondate']))."', ".
-			"proposalsubmissiondate='".mysql_escape_string(stripslashes($_POST['proposalsubmissiondate']))."', ".
-			"waiveraccepted='".mysql_escape_string(stripslashes($_POST['waiveraccepted']))."' ".
+			"donortype='".stripslashes($_POST['donortype'])."', ".
+			"organization='".stripslashes($_POST['organization'])."', ".
+			"address='".stripslashes($_POST['address'])."', ".
+			"address2='".stripslashes($_POST['address2'])."', ".
+			"city='".stripslashes($_POST['city'])."', ".
+			"province_code='".stripslashes($_POST['province_code'])."', ".
+			"postalcode='".stripslashes($_POST['postalcode'])."', ".
+			"phone='".stripslashes($_POST['phone'])."', ".
+			"tollfree='".stripslashes($_POST['tollfree'])."', ".
+			"fax='".stripslashes($_POST['fax'])."', ".
+			"email='".stripslashes($_POST['email'])."', ".
+			"website='".stripslashes($_POST['website'])."', ".
+			"notes='".stripslashes($_POST['notes'])."', ".
+			"donationpolicyurl='".stripslashes($_POST['donationpolicyurl'])."', ".
+			"fundingselectiondate='".stripslashes($_POST['fundingselectiondate'])."', ".
+			"proposalsubmissiondate='".stripslashes($_POST['proposalsubmissiondate'])."', ".
+			"waiveraccepted='".stripslashes($_POST['waiveraccepted'])."' ".
 			"WHERE id='$id'";
-			mysql_query($exec);
-			echo mysql_error();
+			$q = $pdo->prepare($exec);
+			$q->execute();
+			echo $q->errorInfo();
 
 			//FIXME accept the logo
 			//"logo='".mysql_escape_string(stripslashes($_POST['logo']))."', ".
@@ -89,33 +92,35 @@ switch($_GET['action']) {
 
 
 		//LAST DONATION
-		$q=mysql_query("SELECT * FROM fundraising_donations WHERE sponsors_id='$id' ORDER BY datereceived DESC LIMIT 1");
-		if($r=mysql_fetch_object($q))
+		$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE sponsors_id='$id' ORDER BY datereceived DESC LIMIT 1");
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$lastdonation=i18n("%1 on %2",array(format_money($r->value,false),format_date($r->datereceived)),array("Donation amount","Donation date"));
 		else
 			$lastdonation=i18n("Never");
 
 		//TOTAL THIS YEAR
-		$q=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations 
+		$q=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations 
 				WHERE sponsors_id='$id' 
 				AND status='received'
 				AND fiscalyear={$config['FISCALYEAR']} 
 				");
-
-		if($r=mysql_fetch_object($q))
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$totalthisyear=format_money($r->total,false);
 		else
 			$totalthisyear=format_money(0);
 
 		//TOTAL LAST YEAR
 		$lastyear=$config['FISCALYEAR']-1;
-		$q=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations 
+		$q=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations 
 				WHERE sponsors_id='$id' 
 				AND status='received'
 				AND fiscalyear=$lastyear
 				");
+		$q->execute();
 
-		if($r=mysql_fetch_object($q))
+		if($r=$q->fetch(PDO::FETCH_OBJ))
 			$totallastyear=format_money($r->total,false);
 		else
 			$totallastyear=format_money(0);
@@ -129,7 +134,7 @@ switch($_GET['action']) {
 		echo "<br />\n";
 		echo "<h4>".i18n("Donations/Sponsorships")."</h4>\n";
 		echo "<div id=\"thisyeardonationhistory\">";
-		$q=mysql_query("SELECT fundraising_donations.*, 
+		$q=$pdo->prepare("SELECT fundraising_donations.*, 
 				fundraising_campaigns.name AS campaignname 
 				FROM fundraising_donations 
 				LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
@@ -137,9 +142,10 @@ switch($_GET['action']) {
 				AND status='received' 
 				AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}' 
 				ORDER BY datereceived DESC");
-		echo mysql_Error();
+		$q->execute();
+		echo $pdo->errorInfo();
 
-		if(mysql_num_rows($q)) {
+		if($q->rowCount()) {
 			echo "<table class=\"tableview\">";
 			echo "<thead>";
 			echo "<tr>";
@@ -150,7 +156,7 @@ switch($_GET['action']) {
 			echo " <th>".i18n("Remove")."</th>\n";
 			echo "</tr>";
 			echo "</thead>";
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				echo "<tr>\n";
 				echo " <td>".format_date($r->datereceived)."</td>\n";
 				$goal=getGoal($r->fundraising_goal);
@@ -182,14 +188,15 @@ switch($_GET['action']) {
 		echo "</tr>";
 		echo "</thead>";
 
-		$q=mysql_query("SELECT fundraising_donations.*, 
+		$q=$pdo->prepare("SELECT fundraising_donations.*, 
 				fundraising_campaigns.name AS campaignname 
 				FROM fundraising_donations 
 				LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
 				WHERE sponsors_id='$id' 
 					AND status='received' 
 				ORDER BY datereceived DESC");
-		while($r=mysql_fetch_object($q)) {
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>\n";
 			echo " <td>".format_date($r->datereceived)."</td>\n";
 				$goal=getGoal($r->fundraising_goal);
@@ -215,7 +222,7 @@ switch($_GET['action']) {
 		echo "</td><td>";
 
 			// loop through each contact in the donor
-			$query = mysql_query("SELECT users.id,users.uid,users.deleted,MAX(year) 
+			$query = $pdo->prepare("SELECT users.id,users.uid,users.deleted,MAX(year) 
 				FROM users 
 				LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 				WHERE 
@@ -225,29 +232,32 @@ switch($_GET['action']) {
 				HAVING deleted='no' 
 				ORDER BY users_sponsor.primary DESC,lastname,firstname
 			");
-			echo mysql_error();
+			$query->execute();
+			echo $pdo->errorInfo();
 			$uids=array();
-			while($r=mysql_fetch_object($query)) {
+			while($r=$query->fetch(PDO::FETCH_OBJ)) {
 				$uids[]=$r->uid;
 			}
 
-		$q=mysql_query("SELECT * FROM fundraising_campaigns
+		$q=$pdo->prepare("SELECT * FROM fundraising_campaigns
 				WHERE fiscalyear='{$config['FISCALYEAR']}' 
 				ORDER BY name");
+		$q->execute();
 		$str="";
 		echo "<select id=\"fundraising_campaign_id\" name=\"fundraising_campaigns_id\" onchange=\"campaignchange()\">";
 		echo "<option value=\"\">".i18n("Choose an appeal")."</option>\n";
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				//if there's uids, we can check if this sponsor is in the campaign
 				//if there's no uids, (aka no contacts) then there's no way we could have included them in a cmomunication
 				//but they could still get here fors ome reason, so we still need to show all the campaigns
 
 				if(count($uids)) {
-					$tq=mysql_query("SELECT * FROM fundraising_campaigns_users_link
+					$tq=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link
 						WHERE fundraising_campaigns_id='$r->id'
 						AND users_uid IN (".implode(",",$uids).")
 						");
-					if(mysql_num_rows($tq)) {
+					$tq->execute();
+					if($tq->rowCount()) {
 						$incampaign=i18n("*In Appeal*").": ";
 					}
 					else $incampaign="";
@@ -272,8 +282,9 @@ switch($_GET['action']) {
 		echo "<option value=\"\">".i18n("Choose a purpose")."</option>\n";
 		//FIXME: only show campaigns that they were included as part of
 		//we need a campaigns_users_link or campaigns_sponsors_link or something
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-		while($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<option value=\"$r->goal\">$r->name</option>\n";
 		}
 
@@ -352,9 +363,9 @@ switch($_GET['action']) {
 	case 'newcontactsearch':
 
 		if($_POST['email'])
-		$q=mysql_query("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
-
-		if($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
+		$q->execute();
+		if($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo i18n("There is an exact email address match for %1",array($_POST['email']));
 			echo "<ul>";
 			echo "<li><a href=\"#\" onclick=\"useexistingcontact($r->uid)\">$r->firstname $r->lastname $r->email $r->phonehome</a></li>\n";
@@ -381,15 +392,16 @@ switch($_GET['action']) {
 			if($_POST['email'])
 				$searchstr.=" AND email LIKE '%".$_POST['email']."%'";
 
-			$q=mysql_query("SELECT *,MAX(year) FROM users WHERE $searchstr GROUP BY uid HAVING deleted='no'");
-			$num=mysql_num_rows($q);
+			$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE $searchstr GROUP BY uid HAVING deleted='no'");
+			$q->execute();
+			$num=$q->rowCount();
 			if($num==0) {
 				echo i18n("No existing users match, will create a new user");
 			}
 			else if($num<15) {
 				echo i18n("Did you mean one of these existing users? (click to choose one)")."<br />";
 				echo "<ul>";
-				while($r=mysql_fetch_object($q)) {
+				while($r=$q->fetch(PDO::FETCH_OBJ)) {
 					echo "<li><a href=\"#\" onclick=\"useexistingcontact($r->uid)\">$r->firstname $r->lastname $r->email $r->phonehome</a></li>\n";
 				}
 				echo "</ul>";
@@ -410,22 +422,23 @@ switch($_GET['action']) {
 		$datereceived=$_POST['datereceived'];
 
 		if($goal && $value && $supporttype) {
-			mysql_query("INSERT INTO fundraising_donations (sponsors_id,fundraising_goal,fundraising_campaigns_id,value,status,probability,fiscalyear,thanked,datereceived,supporttype) VALUES (
+			$q = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_goal,fundraising_campaigns_id,value,status,probability,fiscalyear,thanked,datereceived,supporttype) VALUES (
 			'$sponsorid',
-			'".mysql_real_escape_string($goal)."',
+			'".$goal."',
 			'$campaignid',
 			'$value',
 			'received',
 			'100',
 			'{$config['FISCALYEAR']}',
 			'no',
-			'".mysql_real_escape_string($datereceived)."',
-			'".mysql_real_escape_string($supporttype)."'
+			'".$datereceived."',
+			'".$supporttype."'
 			)");
-			$id=mysql_insert_id();
+			$q->execute();
+			$id=$pdo->lastInsertId();
 			$logStr=getDonationString($id);
 			save_activityinfo("Added donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'],"System");
-			echo mysql_error();
+			echo $pdo->errorInfo();
 
 			happy_("Donation/sponsorship added");
 		} else {
@@ -441,8 +454,9 @@ switch($_GET['action']) {
 		if($logStr=getDonationString($id)) {
 			save_activityinfo("Removed donation/sponsorship: $logStr", $sponsorid, $_SESSION['users_uid'],"System");
 			happy_("Donation/sponsorship removed");
-			mysql_query("DELETE FROM fundraising_donations WHERE id='$id' AND sponsors_id='$sponsorid'");
-			echo mysql_error();
+			$q = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='$id' AND sponsors_id='$sponsorid'");
+			$q->execute();
+			echo $pdo->errorInfo();
 		}
 		else {
 			error_("Invalid donation/sponsorship to remove");
@@ -461,8 +475,9 @@ send_header("Donor/Sponsor Management",
 function delete_contact(){
 	if(array_key_exists('userid', $_POST)){
 		$uid = $_POST['userid'];
-		$data = mysql_query("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=" . $uid);
-		$namedata = mysql_fetch_array($data);
+		$data = $pdo->prepare("SELECT CONCAT_WS(' ', users.firstname, users.lastname) AS name FROM users WHERE id=" . $uid);
+		$data->execute();
+		$namedata = $data->fetch();
 		$name = trim($namedata['name']);
 		user_delete($uid,"sponsor");
 		happy_("Deleted contact %1", array($name));
@@ -498,8 +513,9 @@ function save_contact(){
 		if($_POST['recordtype'] == 'new'){
 
 			if($_POST['email']) {
-				$q=mysql_query("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
-				if(mysql_num_rows($q)) {
+				$q=$pdo->prepare("SELECT *,MAX(year) FROM users WHERE email='".trim($_POST['email'])."' GROUP BY uid HAVING deleted='no'");
+				$q->execute();
+				if($q->rowCount()) {
 					error_("A user with that email address already exists");
 					exit;
 				}
@@ -531,15 +547,17 @@ function save_contact(){
 				AND `primary`='yes'
 				AND year='".$config['FAIRYEAR']."'
 				AND users_id!='$id'";
-			$q = mysql_query($query);
-			if(mysql_num_rows($q) == 0) {
+			$q = $pdo->prepare($query);
+			$q->execute();
+			if($q->rowCount() == 0) {
 				/* This has to be the primary since there isn't one already */
 				$p = 'yes';
 			}
 		} else {
 			/* Unset all other primaries */
-			mysql_query("UPDATE users_sponsor SET `primary`='no'
+			$q=$pdo->prepare("UPDATE users_sponsor SET `primary`='no'
 					WHERE sponsors_id='$sponsor_id' AND users_id != '$id'");
+			$q->execute();
 		}
 
 		// we now know whether or not they're the primary user.  Update them with that,
@@ -602,7 +620,7 @@ function draw_contactsinfo_form($contact = null){
 
 
 	// loop through each contact and draw a form with their data in it.
-	$query = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+	$query = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 	WHERE 
 	sponsors_id='" . $sponsor_id . "' 
 	AND types LIKE '%sponsor%'
@@ -610,9 +628,10 @@ function draw_contactsinfo_form($contact = null){
 	HAVING deleted='no' 
 	ORDER BY users_sponsor.primary DESC,lastname,firstname
 	");
-	echo mysql_error();
+	$query->execute();
+	echo $pdo->errorInfo();
 
-	while($contact = mysql_fetch_array($query)){
+	while($contact = $query->fetch()){
 		// draw a header for this user
 		echo "<h3><a href=\"#\">";
 		echo $contact["firstname"] . " " . $contact["lastname"];
@@ -645,8 +664,9 @@ function draw_contact_form($sponsor_id, $contact = null){
 	global $config;
 
 	//grab the sponsor details, so we can do diff things for individual vs organization
-	$q=mysql_query("SELECT * FROM sponsors WHERE id='$sponsor_id'");
-	$sponsor=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM sponsors WHERE id='$sponsor_id'");
+	$q->execute();
+	$sponsor=$q->fetch(PDO::FETCH_OBJ);
 
 	if($contact != null){
 		$id = $contact["id"];
@@ -794,10 +814,11 @@ function draw_activityinfo_form(){
 			</td>
 			<td align="center">
 <?php
-				$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+				$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+				$q->execute();
 				echo "<select name=\"fundraising_campaigns_id\">";
 				echo "<option value=\"\">".i18n("Choose Appeal")."</option>\n";
-				while($r=mysql_fetch_object($q)) {
+				while($r=$q->fetch(PDO::FETCH_OBJ)) {
 					echo "<option value=\"$r->id\">$r->name</option>\n";
 				}
 				echo "</select>\n";
@@ -817,10 +838,11 @@ function draw_activityinfo_form(){
 		  LEFT JOIN fundraising_campaigns ON fdl.fundraising_campaigns_id=fundraising_campaigns.id
 		  WHERE sponsors_id=" . $sponsorid. " ORDER BY dt DESC";
 	//echo "<tr><td colspan=\"3\">" . $query . "</td></tr>";
-	$q = mysql_query($query);
-	echo mysql_error();
-	if(mysql_num_rows($q)) {
-		while($r = mysql_fetch_array($q)) {
+	$q = $pdo->prepare($query);
+	$q->execute();
+	echo $pdo->errorInfo();
+	if($q->rowCount()) {
+		while($r = $q->fetch()) {
 			echo "<tr><td>" . $r["dt"] . "</td>";
 			echo "<td>" . $r["name"] . "</td>";
 			echo "<td>" . $r["type"] . "</td>";
@@ -846,25 +868,27 @@ function save_activityinfo($comment, $donorId, $userId, $type, $campaign_id=null
 		VALUES ($donorId,
 		NOW(),
 		$userId,
-		'".mysql_real_escape_string($comment)."',
-		'".mysql_real_escape_string($type)."',
+		'".$comment."',
+		'".$type."',
 		$cid)";
-	mysql_query($query);
-	echo mysql_error();
+	$q = $pdo->prepare($query);
+	$q->execute();
+	echo $pdo->errorInfo();
 }
 
 function getDonationString($id) {
 	global $config;
-	$q=mysql_query("SELECT fundraising_donations.*, 
+	$q=$pdo->prepare("SELECT fundraising_donations.*, 
 		fundraising_campaigns.name AS campaignname 
 		FROM fundraising_donations 
 		LEFT JOIN fundraising_campaigns ON fundraising_donations.fundraising_campaigns_id=fundraising_campaigns.id 
 		WHERE fundraising_donations.id='$id' 
 		AND fundraising_donations.fiscalyear='{$config['FISCALYEAR']}' 
 		");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	$str="";
-	if($r=mysql_fetch_object($q)) {
+	if($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$str.=format_date($r->datereceived)." - ";
 		$goal=getGoal($r->fundraising_goal);
 		if($goal) {
diff --git a/admin/donors_search.php b/admin/donors_search.php
index 3ad0fe7..adc790d 100644
--- a/admin/donors_search.php
+++ b/admin/donors_search.php
@@ -30,7 +30,7 @@
 		//$q=mysql_query("SELECT * FROM award_sponsors WHERE year='".$config['FAIRYEAR']."' ORDER BY organization");
 		//we want to show all years, infact that year field probably shouldnt even be there.
 		$sql="";
-		if($_POST['search']) $sql.=" AND organization LIKE '%".mysql_real_escape_string($_POST['search'])."%' ";
+		if($_POST['search']) $sql.=" AND organization LIKE '%".$_POST['search']."%' ";
 		if(count($_POST['donortype'])) {
 			$sql.=" AND (0 ";
 			foreach($_POST['donortype'] AS $d) {
@@ -40,19 +40,22 @@
 		}
 		$query="SELECT * FROM sponsors WHERE 1 $sql ORDER BY organization";
 //		echo "query=$query";
-		$q=mysql_query($query);
+		$q=$pdo->prepare($query);
+		$q->execute();
 
 		$thisyear=$config['FISCALYEAR'];
 		$lastyear=$config['FISCALYEAR']-1;
 		$rows=array();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
-			$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
-			$cr=mysql_fetch_object($cq);
+			$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
+			$cq->execute();
+			$cr=$cq->fetch(PDO::FETCH_OBJ);
 			$thisyeartotal=$cr->total;
-			$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$lastyear'");
-			$cr=mysql_fetch_object($cq);
+			$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='$r->id' AND status='received' AND fiscalyear='$lastyear'");
+			$cq->execute();
+			$cr=$cq->fetch(PDO::FETCH_OBJ);
 			$lastyeartotal=$cr->total;
 			if($lastyeartotal)
 				$change=round(($thisyeartotal-$lastyeartotal)/$lastyeartotal*100);
diff --git a/admin/exhibithall_sa.php b/admin/exhibithall_sa.php
index 48beb3d..e80e7cc 100644
--- a/admin/exhibithall_sa.php
+++ b/admin/exhibithall_sa.php
@@ -172,9 +172,10 @@ TRACE("<pre>\n");
 
 /* Load exhibit halls */
 $exhibithall = array();
-$q = mysql_query("SELECT * FROM exhibithall WHERE type='exhibithall'");
+$q = $pdo->prepare("SELECT * FROM exhibithall WHERE type='exhibithall'");
+$q->execute();
 TRACE("Loading exhibit halls...\n");
-while(($r = mysql_fetch_assoc($q))) {
+while(($r = $q->fetch(PDO::FETCH_ASSOC))) {
 	$r['divs'] = unserialize($r['divs']);
 	$r['cats'] = unserialize($r['cats']);
 	$exhibithall[$r['id']] = $r;
@@ -183,9 +184,10 @@ while(($r = mysql_fetch_assoc($q))) {
 
 /* Load objects */
 $objects = array();
-$q = mysql_query("SELECT * FROM exhibithall WHERE type='wall' OR type='project'");
+$q = $pdo->prepare("SELECT * FROM exhibithall WHERE type='wall' OR type='project'");
+$q->execute();
 TRACE("Loading objects...\n");
-while(($r = mysql_fetch_assoc($q))) {
+while(($r = $q->fetch([PDO::FETCH_ASSOC]))) {
 	$r['divs'] = unserialize($r['divs']);
 	$r['cats'] = unserialize($r['cats']);
 	$objects[$r['id']] = $r;
@@ -215,8 +217,9 @@ TRACE("Grid size: {$grid_size}m\n");
 
 $div = array();
 TRACE("Loading Project Divisions...\n");
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+while($r=$q->fetch(PDO::FETCH_OBJ))
+{
 {
 	$divshort[$r->id]=$r->division_shortform;
 	$div[$r->id]=$r->division;
@@ -225,8 +228,9 @@ while($r=mysql_fetch_object($q))
 
 TRACE("Loading Project Age Categories...\n");
 $cat = array();
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
-while($r=mysql_fetch_object($q)) {
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ) {
 	$catshort[$r->id]=$r->category_shortform;
 	$cat[$r->id]=$r->category;
 	TRACE("   {$r->id} - {$r->category}\n");
@@ -234,17 +238,19 @@ while($r=mysql_fetch_object($q)) {
 
 TRACE("Loading Projects...\n");
 $projects = array();
-$q = mysql_query("SELECT projects.* FROM projects, registrations 
+$q = $pdo->prepare("SELECT projects.* FROM projects, registrations 
 				WHERE
 					projects.year='{$config['FAIRYEAR']}' 
 					AND registrations.id = projects.registrations_id
 				".getJudgingEligibilityCode());
-while($p = mysql_fetch_object($q)) {
-	$qq = mysql_query("SELECT grade,schools_id FROM students WHERE registrations_id='{$p->registrations_id}'");
-	$num_students = mysql_num_rows($qq);
+$q->execute();
+while($p = $q->fetch(PDO::FETCH_OBJ)) {
+	$qq = $pdo->prepare("SELECT grade,schools_id FROM students WHERE registrations_id='{$p->registrations_id}'");
+	$qq->execute();
+	$num_students = $qq->rowCouunt();
 	$grade = 0;
 	$schools_id = 0;
-	while($s = mysql_fetch_assoc($qq)) {
+	while($s = $qq->fetch(PDO::FETCH_ASSOC)) {
 		if($s['grade'] > $grade) {
 			$grade = $s['grade'];
 			$schools_id = $s['schools_id'];
@@ -271,7 +277,8 @@ if($action == 'pn') {
 		$n = sprintf("%03d", $p['floornumber']);
 		$pn = "$c $n $d";
 		TRACE("Project {$p['projects_id']} at loc {$p['floornumber']}: $pn\n");
-		mysql_query("UPDATE projects SET projectnumber='$pn' WHERE id='{$p['projects_id']}'");
+		$q=$pdo->prepare("UPDATE projects SET projectnumber='$pn' WHERE id='{$p['projects_id']}'");
+		$q->execute();
 	}
 	TRACE("Done.\n");
 	exit;
@@ -597,10 +604,12 @@ for($x=0;$x<$a->num_buckets; $x++) {
 print_r($projects);
 
 /* Assign floor numbers */
-mysql_query("UPDATE projects SET floornumber=0 WHERE year='{$config['FAIRYEAR']}'");
+$q = $pdo->prepare("UPDATE projects SET floornumber=0 WHERE year='{$config['FAIRYEAR']}'");
+$q->execute();
 
 foreach($projects as $pid=>$p) {
-	mysql_query("UPDATE projects SET floornumber='{$p['floornumber']}' WHERE id='$pid'");
+	$q=$pdo->prepare("UPDATE projects SET floornumber='{$p['floornumber']}' WHERE id='$pid'");
+	$q->execute();
 	TRACE("Project $pid => Floor number {$p['floornumber']}\n");
 }
 
diff --git a/admin/fundraising.php b/admin/fundraising.php
index b122085..04284a2 100644
--- a/admin/fundraising.php
+++ b/admin/fundraising.php
@@ -31,8 +31,8 @@ if($_GET['action']=="refresh") {
 
 <h3><?=i18n("Fundraising Purposes and Progress Year to Date")?></h3>
 <?
-$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY deadline");
-
+$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY deadline");
+$q->execute();
 ?>
 <table class="tableview">
  <thead>
@@ -45,11 +45,12 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
  </tr>
  </thead>
  <?
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
      //lookup all donations made towards this goal
-     $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-     echo mysql_error();
-     $recr=mysql_fetch_object($recq);
+     $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+     $recq->execute();
+     echo $pdo->errorInfo();
+     $recr=$recq->fetch(PDO::FETCH_OBJ);
      $received=$recr->received;
      if($r->budget)
          $percent=round($received/$r->budget*100,1);
@@ -82,15 +83,18 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
  </tr>
  </thead>
 <?
- $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q->execute();
 
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
-    $goalq=mysql_query("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
-    $goalr=mysql_fetch_object($goalq);
-    $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-    echo mysql_error();
-    $recr=mysql_fetch_object($recq);
+    $goalq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
+    $goalq->execute();
+    $goalr=$goalq->fetch(PDO:FETCH_OBJ);
+    $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+    $recq->execute();
+    echo $pdo->errorInfo();
+    $recr=$recq->fetch(PDO::FETCH_OBJ);
     $received=$recr->received;
     if($r->target)
         $percent=round($received/$r->target*100,1);
@@ -119,7 +123,7 @@ $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISC
 <h3><?=i18n("To Do List")?></h3>
 <h4><?=i18n("Thank You's")?></h4>
 <?
-$q=mysql_query("SELECT id,value, thanked, status, sponsors_id, datereceived,
+$q=$pdo->prepare("SELECT id,value, thanked, status, sponsors_id, datereceived,
 	DATE_ADD(datereceived, INTERVAL 1 MONTH) < NOW() AS onemonth,
 	DATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
     FROM fundraising_donations
@@ -127,9 +131,10 @@ $q=mysql_query("SELECT id,value, thanked, status, sponsors_id, datereceived,
     AND fiscalyear='{$config['FISCALYEAR']}' 
     ORDER BY datereceived
     ");
-echo mysql_error();
+$q->execute();
+echo $pdo->errorInfo();
 
-if(mysql_num_rows($q)) {
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<thead><tr><th>".i18n("Name")."</th>\n";
     echo "<th>".i18n("Date Received")."</th>\n";
@@ -138,9 +143,10 @@ if(mysql_num_rows($q)) {
     echo "<th>".i18n("Thanked")."</th>\n";
     echo "</tr></thead>\n";
 
-    while($r=mysql_fetch_object($q)) {
-        $dq=mysql_query("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
-        $dr=mysql_fetch_object($dq);
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
+        $dq=$pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
+        $dq->execute();
+        $dr=$dq->fetch(PDO::FETCH_OBJ);
 		if($r->twomonth) $s="style=\"background-color: ".colour_to_percent(0).";\"";
 		else if($r->onemonth) $s="style=\"background-color: ".colour_to_percent(50).";\"";
 		else $s="";
@@ -171,7 +177,7 @@ if(mysql_num_rows($q)) {
 <br />
 <h4><?=i18n("Receipts to Issue")?></h4>
 <?
-$q=mysql_query("SELECT value, receiptrequired, receiptsent, status, sponsors_id, datereceived,
+$q=$pdo->prepare("SELECT value, receiptrequired, receiptsent, status, sponsors_id, datereceived,
 	DATE_ADD(datereceived, INTERVAL 1 MONTH) < NOW() AS onemonth,
 	DATE_ADD(datereceived, INTERVAL 2 MONTH) < NOW() AS twomonth
     FROM fundraising_donations
@@ -179,8 +185,9 @@ $q=mysql_query("SELECT value, receiptrequired, receiptsent, status, sponsors_id,
     AND fiscalyear='{$config['FISCALYEAR']}' 
     ORDER BY datereceived
     ");
-echo mysql_error();
-if(mysql_num_rows($q)) {
+$q->execute();
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr><th>".i18n("Name")."</th>\n";
     echo "<th>".i18n("Date Received")."</th>\n";
@@ -188,9 +195,10 @@ if(mysql_num_rows($q)) {
     echo "<th>".i18n("Generate Receipt")."</th>\n";
     echo "</tr>\n";
 
-    while($r=mysql_fetch_object($q)) {
-        $dq=mysql_query("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
-        $dr=mysql_fetch_object($dq);
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
+        $dq=$pdo->prepare("SELECT organization AS name FROM sponsors WHERE id='$r->sponsors_id'");
+        $dq->execute();
+        $dr=$dq->fetch(PDO::FETCH_OBJ);
 		if($r->twomonth) $s="style=\"background-color: ".colour_to_percent(0).";\"";
 		else if($r->onemonth) $s="style=\"background-color: ".colour_to_percent(50).";\"";
 		else $s="";
@@ -213,16 +221,17 @@ if(mysql_num_rows($q)) {
 <br />
 <h4><?=i18n("Appeal Follow-Ups")?></h4>
 <?
-$q=mysql_query("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
-echo mysql_error();
-if(mysql_num_rows($q)) {
+$q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE followupdate>=NOW() ORDER BY followupdate LIMIT 5");
+$q->execute();
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<thead><tr>";
     echo " <th>".i18n("Appeal")."</th>\n";
     echo " <th>".i18n("Start Date")."</th>\n";
     echo " <th>".i18n("Follow-Up Date")."</th>\n";
     echo "</tr></thead>\n";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<tr><td>$r->name</td><td>".format_date($r->startdate)."</td><td>".format_date($r->followupdate)."</td></tr>\n";
     }
     echo "</table>\n";
@@ -235,16 +244,17 @@ if(mysql_num_rows($q)) {
 <br />
 <h4>Upcoming Proposals</h4>
 <?
-$q=mysql_query("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
-echo mysql_error();
-if(mysql_num_rows($q)) {
+$q=$pdo->prepare("SELECT * FROM sponsors WHERE fundingselectiondate>=NOW() OR proposalsubmissiondate>=NOW() ORDER BY fundingselectiondate LIMIT 5");
+$q->execute();
+echo $pdo->errorInfo();
+if($q->rowCount()) {
     echo "<table class=\"tableview\">";
     echo "<tr>";
     echo " <th>".i18n("Name")."</th>\n";
     echo " <th>".i18n("Proposal Submission Date")."</th>\n";
     echo " <th>".i18n("Funding Selection Date")."</th>\n";
     echo "</tr>\n";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<tr><td>$r->organization</td>";
         echo "<td>".format_date($r->proposalsubmissiondate)."</td>";
         echo "<td>".format_date($r->fundingselectiondate)."</td>";
@@ -259,7 +269,8 @@ if(mysql_num_rows($q)) {
 }
 else if (count($_POST['thanked'])) {
 	foreach($_POST['thanked'] AS $t) {
-		mysql_query("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
+		$stmt = $pdo->prepare("UPDATE fundraising_donations SET thanked='yes' WHERE id='$t'");
+    $stmt->execute();
 	}
 }
  
diff --git a/admin/fundraising_main.inc.php b/admin/fundraising_main.inc.php
index 8b1587e..02e192e 100644
--- a/admin/fundraising_main.inc.php
+++ b/admin/fundraising_main.inc.php
@@ -2,10 +2,11 @@
 if($_GET['action']=="fundraisingmain") {
 
 //this table is eventually going to be massive, and probably not in a tableview format, it'll show goals as well as all ongoing fund pledges, probabilities, etc as well as over/under, etc, all prettily colour coded.. basically a good overview of the total fundraising status of the fair.
- $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY system DESC,goal");
+ $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY system DESC,goal");
+ $q->execute();
  echo "<table class=\"fundraisingtable\">";
 
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	 echo "<tr>";
 	 echo "<th><a title=\"".i18n("Edit fund details")."\" onclick=\"return popup_fund_editor('fundraising_types.php?id=$r->id')\" href=\"#\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>";
 	 if($r->system=="no") {
@@ -24,7 +25,7 @@ if($_GET['action']=="fundraisingmain") {
 
 	$typetotal=0;
 	$typeprobtotal=0;
-	$sq=mysql_query("
+	$sq=$pdo->prepare("
             SELECT fundraising_donations.id, sponsors.organization AS name, fundraising_donations.value, fundraising_donations.status, fundraising_donations.probability
 		 FROM fundraising_donations
 		 JOIN sponsors ON fundraising_donations.sponsors_id=sponsors.id
@@ -41,8 +42,9 @@ if($_GET['action']=="fundraisingmain") {
 
 		  ORDER BY status DESC, probability DESC, name
             ");
-    echo mysql_error();
-	while($sr=mysql_fetch_object($sq)) {
+	 $sq->execute();
+    echo $pdo->errorInfo();
+	while($sr=$sq->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr id=\"sponsorships_$sr->id\" class=\"fundraising{$sr->status}\">";
 		echo "<td>";
         echo "<img style=\"cursor:pointer;\" onclick=\"delete_sponsorship($sr->id)\" border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\">";
diff --git a/admin/fundraising_reports.php b/admin/fundraising_reports.php
index 0210e76..0add052 100644
--- a/admin/fundraising_reports.php
+++ b/admin/fundraising_reports.php
@@ -52,8 +52,9 @@ $(document).ready( function(){
   <select name="fundraising_campaigns_id">
    <option value="">All appeals</option>
    <?
-   $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-   while($r=mysql_fetch_object($q)) {
+   $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+   $q->execute();
+   while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	   echo "<option value=\"$r->id\">$r->name</option>\n";
    }
    ?>
@@ -82,8 +83,9 @@ $(document).ready( function(){
   <select name="goal">
    <option value="">All purposes</option>
    <?
-   $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-   while($r=mysql_fetch_object($q)) {
+   $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+   $q->execute();
+   while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	   echo "<option value=\"$r->goal\">$r->name</option>\n";
    }
    ?>
diff --git a/admin/fundraising_reports_std.php b/admin/fundraising_reports_std.php
index ff993a7..7e20518 100644
--- a/admin/fundraising_reports_std.php
+++ b/admin/fundraising_reports_std.php
@@ -51,9 +51,10 @@
 				 $sql.=" AND id='".intval($_GET['fundraising_campaigns_id'])."'";
 			 }
 			 $sql.=" ORDER BY name";
-			 $q=mysql_query($sql);
-			 echo mysql_error();
-			 while($r=mysql_fetch_object($q)) {
+			 $q=$pdo->prepare($sql);
+			 $q->execute();
+			 echo $pdo->errorInfo();
+			 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $rep->heading($r->name);
 				 $table=array();
 				 $table['header']=array("Name","Contact","Phone","Address","$ appeal","$ this year","$ last year","%chg");
@@ -63,8 +64,9 @@
 				$thisyear=$config['FISCALYEAR'];
 				$lastyear=$config['FISCALYEAR']-1;
 
-				 $pq=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$r->id'");
-				 while($pr=mysql_fetch_object($pq)) {
+				 $pq=$pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$r->id'");
+				 $pq->execute();
+				 while($pr=$pq->fetch(PDO::FETCH_OBJ)) {
 					 $u=user_load_by_uid($pr->users_uid);
 					 //hopefully this never returns false, but who knows..
 					 if($u) {
@@ -75,14 +77,17 @@
 						//gah i dont know what the heck to do here
 
 						if($u['sponsors_id']) {
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND fundraising_campaigns_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND fundraising_campaigns_id='$r->id' AND status='received' AND fiscalyear='$thisyear'");
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$thisappeal=$cr->total;
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$thisyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$thisyear'");
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$thisyeartotal=$cr->total;
-							$cq=mysql_query("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$lastyear'");
-							$cr=mysql_fetch_object($cq);
+							$cq=$pdo->prepare("SELECT SUM(value) AS total FROM fundraising_donations WHERE sponsors_id='{$u['sponsors_id']}' AND status='received' AND fiscalyear='$lastyear'");
+							$cq->execute();
+							$cr=$cq->fetch(PDO::FETCH_OBJ);
 							$lastyeartotal=$cr->total;
 							if($lastyeartotal)
 								$change=round(($thisyeartotal-$lastyeartotal)/$lastyeartotal*100);
@@ -132,13 +137,14 @@
 			 }
 			 $sql="SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ";
 			 if($_GET['goal']) {
-				 $sql.=" AND goal='".mysql_real_escape_string($_GET['goal'])."'";
+				 $sql.=" AND goal='".$_GET['goal']."'";
 			 }
 			 $sql.=" ORDER BY name";
-			 $q=mysql_query($sql);
-			 echo mysql_error();
+			 $q=$pdo->prepare($sql);
+			 $q->execute();
+			 echo $pdo->errorInfo();
 
-			 while($r=mysql_fetch_object($q)) {
+			 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $rep->heading($r->name)." (".$r->budget.")";
 
 				 $table=array();
@@ -146,8 +152,9 @@
 				 $table['widths']=array(1.5,0.5,0.5,0.75,0.9,0.9,0.9,0.5);
 				 $table['dataalign']=array("left","right","right","center","center","center","center","right");
 
-				 $cq=mysql_query("SELECT * FROM fundraising_campaigns WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-				 while($cr=mysql_fetch_object($cq)) {
+				 $cq=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+				 $cq->execute();
+				 while($cr=$cq->fetch(PDO::FETCH_OBJ)) {
 					 $table['data'][]=array(
 						$cr->name,
 						$cr->target,
diff --git a/admin/fundraising_setup.php b/admin/fundraising_setup.php
index 716ce42..50a6d9e 100644
--- a/admin/fundraising_setup.php
+++ b/admin/fundraising_setup.php
@@ -27,40 +27,47 @@
  user_auth_required('committee', 'admin');
 
  //first, insert any default fundraising donor levels
- $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='".$config['FISCALYEAR']."'");
- if(!mysql_num_rows($q)) {
-     $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='-1'");
-     while($r=mysql_fetch_object($q)) {
-         mysql_query("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
-            '".mysql_real_escape_string($r->level)."',
-            '".mysql_real_escape_string($r->min)."',
-            '".mysql_real_escape_string($r->max)."',
-            '".mysql_real_escape_string($r->description)."',
-            '".$config['FISCALYEAR']."')");
+ $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='".$config['FISCALYEAR']."'");
+ $q->execute();
+ if(!$q->rowCount()) {
+     $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='-1'");
+     $q->execute();
+     while($r=$q->fetch(PDO::FETCH_OBJ)) {
+         $pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
+            '".$r->level."',
+            '".$r->min."',
+            '".$r->max."',
+            '".$r->description."',
+            '".$config['FISCALYEAR'].")')");
+        $pdo->execute();
      }
  }
 
  //first, insert any default fundraising goals
- $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='".$config['FISCALYEAR']."'");
- if(!mysql_num_rows($q)) {
-     $q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
-     while($r=mysql_fetch_object($q)) {
-         mysql_query("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
-            '".mysql_real_escape_string(stripslashes($r->goal))."',
-            '".mysql_real_escape_string(stripslashes($r->name))."',
-            '".mysql_real_escape_string(stripslashes($r->description))."',
-            '".mysql_real_escape_string($r->system)."',
-            '".mysql_real_escape_string($r->budget)."',
+ $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='".$config['FISCALYEAR']."'");
+ $q->execute();
+ if(!$q->rowCount()) {
+     $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='-1'");
+     $q->execute();
+     while($r=$q->fetch(PDO::FETCH_OBJ)) {
+         $stmt = pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`description`,`system`,`budget`,`fiscalyear`) VALUES (
+            '".stripslashes($r->goal)."',
+            '".stripslashes($r->name)."',
+            '".stripslashes($r->description)."',
+            '".$r->system."',
+            '".$r->budget."',
             '".$config['FISCALYEAR']."')");
+        $stmt->execute();
      }
  }
 
 
  switch($_GET['gettab']) {
 	case "levels": 
-		$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY max");
-		echo "<div id=\"levelaccordion\" style=\"width: 75%;\">\n";
-		while($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY max");
+		$q->execute();
+        echo "<div id=\"levelaccordion\" style=\"width: 75%;\">\n";
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<h3><a href=\"#\">$r->level (".format_money($r->min,false)." to ".format_money($r->max,false).")</a></h3>\n";
 			echo "<div id=\"level_$r->id\">\n";
             echo "<form id=\"level_form_$r->id\" onsubmit=\"return level_save($r->id)\">\n";
@@ -112,9 +119,10 @@
 	break;
 
 	case "goals": 
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-		echo "<div id=\"goalaccordion\" style=\"width: 75%;\">\n";
-		while($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+		$q->execute();
+        echo "<div id=\"goalaccordion\" style=\"width: 75%;\">\n";
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<h3><a href=\"#\">$r->name (".format_money($r->budget,false).") Deadline: ".format_date($r->deadline)."</a></h3>\n";
 			echo "<div id=\"goal_$r->id\">\n";
             echo "<form id=\"goal_form_$r->id\" onsubmit=\"return goal_save($r->id)\">\n";
@@ -210,29 +218,33 @@
            }
 
            if($id) {
-                mysql_query("UPDATE fundraising_donor_levels SET
-                    min='".mysql_real_escape_string($_POST['min'])."',
-                    max='".mysql_real_escape_string($_POST['max'])."',
-                    level='".mysql_real_escape_string(stripslashes($_POST['level']))."',
-                    description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
+                $stmt = $pdo->prepare("UPDATE fundraising_donor_levels SET
+                    min='".$_POST['min']."',
+                    max='".$_POST['max']."',
+                    level='".stripslashes($_POST['level'])."',
+                    description='".stripslashes($_POST['description'])."'
                     WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
                     ");
+                $stmt->execute();
                 happy_("Level Saved");
+
             }
             else {
-                mysql_query("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
-                '".mysql_real_escape_string($_POST['level'])."',
-                '".mysql_real_escape_string($_POST['min'])."',
-                '".mysql_real_escape_string($_POST['max'])."',
-                '".mysql_real_escape_string($_POST['description'])."',
+                $stmt = $pdo->prepare("INSERT INTO fundraising_donor_levels (`level`,`min`,`max`,`description`,`fiscalyear`) VALUES (
+                '".$_POST['level']."',
+                '".$_POST['min']."',
+                '".$_POST['max']."',
+                '".$_POST['description']."',
                 '{$config['FISCALYEAR']}')");
+                $stmt->execute();
                 happy_("Level Created");
             }
         exit;
         break;
         case "level_delete":
            $id=$_POST['id'];
-           mysql_query("DELETE FROM fundraising_donor_levels WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt = $pdo->prepare("DELETE FROM fundraising_donor_levels WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt->execute();
            happy_("Level Deleted");
        exit;
        break;
@@ -244,32 +256,35 @@
                 exit;
            }
            if($id) {
-                mysql_query("UPDATE fundraising_goals SET
-                    budget='".mysql_real_escape_string($_POST['budget'])."',
-                    deadline='".mysql_real_escape_string($_POST['deadline'])."',
-                    name='".mysql_real_escape_string(stripslashes($_POST['name']))."',
-                    description='".mysql_real_escape_string(stripslashes($_POST['description']))."'
+                $stmt = $pdo->prepare("UPDATE fundraising_goals SET
+                    budget='".$_POST['budget']."',
+                    deadline='".$_POST['deadline']."',
+                    name='".stripslashes($_POST['name'])."',
+                    description='".stripslashes($_POST['description'])."'
                     WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'
                     ");
+                $stmt->execute();
                 happy_("Purpose Saved");
             }
             else {
                 $goal=strtolower($_POST['name']);
                 $goal=ereg_replace("[^a-z]","",$goal);
-                $q=mysql_query("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-                echo mysql_error();
-                if(mysql_num_rows($q)) {
+                $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+                $q->execute();
+                echo $pdo->errorInfo();
+                if($q->rowCount()) {
                     error_("The automatically generated purpose key (%1) generated from (%2) is not unique.  Please try a different Purpose Name",array($goal,$_POST['name']));
                     exit;
                 }
 
-                mysql_query("INSERT INTO fundraising_goals (`goal`,`name`,`budget`,`deadline`,`description`,`fiscalyear`) VALUES (
-                '".mysql_real_escape_string($goal)."',
-                '".mysql_real_escape_string($_POST['name'])."',
-                '".mysql_real_escape_string($_POST['budget'])."',
-                '".mysql_real_escape_string($_POST['deadline'])."',
-                '".mysql_real_escape_string($_POST['description'])."',
+                $stmt = $pdo->prepare("INSERT INTO fundraising_goals (`goal`,`name`,`budget`,`deadline`,`description`,`fiscalyear`) VALUES (
+                '".$goal."',
+                '".$_POST['name']."',
+                '".$_POST['budget']."',
+                '".$_POST['deadline']."',
+                '".$_POST['description']."',
                 '{$config['FISCALYEAR']}')");
+                $stmt->execute();
                 happy_("Purpose Created");
             }
         exit;
@@ -277,8 +292,9 @@
         case "goal_delete":
            $id=$_POST['id'];
            //they cant delete system ones
-           $q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
-           if(!$r=mysql_fetch_object($q)) {
+           $q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $q->execute();
+           if(!$r=$q->fetch(PDO::FETCH_OBJ)) {
                error_("Invalid goal to delete");
                exit;
            }
@@ -286,22 +302,30 @@
                error_("Fundraising goals created automatically and used by the system cannot be deleted");
                exit;
            }
-           $q=mysql_query("SELECT * FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
-           if(mysql_num_rows($q)) {
+           $q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_goal='$r->goal' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $q->execute();
+           if($q->rowCount()) {
                error_("This goal already has donations assigned to it, it cannot be deleted");
                exit;
            }
 
-           mysql_query("DELETE FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id' AND fiscalyear='{$config['FISCALYEAR']}'");
+           $stmt->execute();
            happy_("Purpose Deleted");
        exit;
        break;
 
        case "setup_save":
        $fye=sprintf("%02d-%02d",intval($_POST['fiscalendmonth']),intval($_POST['fiscalendday']));
-       mysql_query("UPDATE config SET val='$fye' WHERE var='fiscal_yearend' AND year='{$config['FAIRYEAR']}'");
-       mysql_query("UPDATE config SET val='".mysql_real_escape_string($_POST['registeredcharity'])."' WHERE var='registered_charity' AND year='{$config['FAIRYEAR']}'");
-       mysql_query("UPDATE config SET val='".mysql_real_escape_string($_POST['charitynumber'])."' WHERE var='charity_number' AND year='{$config['FAIRYEAR']}'");
+       
+       $stmt = $pdo->prepare("UPDATE config SET val='$fye' WHERE var='fiscal_yearend' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
+
+       $stmt = $pdo->prepare("UPDATE config SET val='".$_POST['registeredcharity']."' WHERE var='registered_charity' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
+
+       $stmt = $pdo->prepare("UPDATE config SET val='".$_POST['charitynumber']."' WHERE var='charity_number' AND year='{$config['FAIRYEAR']}'");
+       $stmt->execute();
        happy_("Fundraising module setup saved");
        exit;
        break;
diff --git a/admin/fundraising_sponsorship.php b/admin/fundraising_sponsorship.php
index d0fb039..8530d9e 100644
--- a/admin/fundraising_sponsorship.php
+++ b/admin/fundraising_sponsorship.php
@@ -28,8 +28,9 @@
 
  if($_GET['id']) {
 	 $id=intval($_GET['id']);
-	 $q=mysql_query("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id='$id' AND fundraising_donations.sponsors_id=sponsors.id");
-	 $sponsorship=mysql_fetch_object($q);
+	 $q=$pdo->prepare("SELECT fundraising_donations.*, sponsors.organization FROM fundraising_donations,sponsors WHERE fundraising_donations.id='$id' AND fundraising_donations.sponsors_id=sponsors.id");
+	 $q->execute();
+	 $sponsorship=$q->fetch(PDO::FETCH_OBJ);
 	 $formaction="sponsorshipedit";
  }
  else
@@ -69,12 +70,13 @@ function typechange() {
          echo "<tr><th>".i18n("Donor")."</th>";
          echo "<td>";
 
-	 $q=mysql_query("SELECT * FROM sponsors ORDER BY organization");
-	 echo mysql_error();
+	 $q=$pdo->prepare("SELECT * FROM sponsors ORDER BY organization");
+	 $q->execute();
+	 echo $pdo->errorInfo();
      echo "<span id=\"sponsor_type_organization\" style=\"display: none;\">";
 	 echo "<select name=\"sponsors_id\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->id==$sponsorship->sponsors_id) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->id\">$r->organization</option>\n";
 	 }
@@ -82,12 +84,13 @@ function typechange() {
      echo "</span>";
 
 
-	 $q=mysql_query("SELECT users.*, MAX(year) AS year FROM users WHERE (firstname!='' AND lastname!='') GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname");
-	 echo mysql_error();
+	 $q=$pdo->prepare("SELECT users.*, MAX(year) AS year FROM users WHERE (firstname!='' AND lastname!='') GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname");
+	 $q->execute();
+	 echo $pdo->errorInfo();
      echo "<span id=\"sponsor_type_individual\" style=\"display: none;\">";
 	 echo "<select name=\"users_uid\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->uid==$sponsorship->users_uid) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->uid\">[$r->year][$r->uid] $r->lastname, $r->firstname ($r->email)</option>\n";
 	 }
@@ -111,11 +114,12 @@ function typechange() {
 
 	 echo "<tr><th>".i18n("Donation Allocation")."</th>";
 	 echo "<td>";
-	 $q=mysql_query("SELECT * FROM fundraising WHERE year='{$config['FAIRYEAR']}' ORDER BY name");
-	 echo mysql_error();
+	 $q=$pdo->prepare("SELECT * FROM fundraising WHERE year='{$config['FAIRYEAR']}' ORDER BY name");
+	 $q->execute();
+	 echo $pdo->errorInfo();
 	 echo "<select name=\"fundraising_type\">";
 	 echo "<option value=\"\">".i18n("Choose")."</option>\n";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		 if($r->type==$sponsorship->fundraising_type || $r->type==$fundraising_type) $sel="selected=\"selected\""; else $sel="";
 		 echo "<option $sel value=\"$r->type\">$r->name</option>\n";
 	 }
diff --git a/admin/fundraising_sponsorship_handler.inc.php b/admin/fundraising_sponsorship_handler.inc.php
index 32cd200..359af63 100644
--- a/admin/fundraising_sponsorship_handler.inc.php
+++ b/admin/fundraising_sponsorship_handler.inc.php
@@ -1,7 +1,8 @@
 <?
 if($_POST['action']=="sponsorshipdelete") {
-	mysql_query("DELETE FROM fundraising_donations WHERE id='".intval($_POST['delete'])."'");
-	if(mysql_affected_rows())
+	$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE id='".intval($_POST['delete'])."'");
+	$stmt->execute();
+	if($pdo->rowCount())
 		happy_("Successfully removed sponsorship");
    exit;
 }
@@ -9,11 +10,11 @@ if($_POST['action']=="sponsorshipdelete") {
 if($_POST['action']=="sponsorshipedit" || $_POST['action']=="sponsorshipadd") {
 	$sponsors_id=intval($_POST['sponsors_id']);
 	$fundraising_donations_id=intval($_POST['fundraising_donations_id']);
-	$fundraising_type=mysql_real_escape_string($_POST['fundraising_type']);
+	$fundraising_type=$_POST['fundraising_type'];
 	
-	$value=mysql_real_escape_string($_POST['value']);
-	$status=mysql_real_escape_string($_POST['status']);
-	$probability=mysql_real_escape_string($_POST['probability']);
+	$value=$_POST['value'];
+	$status=$_POST['status'];
+	$probability=$_POST['probability'];
 
 	if($status=="confirmed" || $status=="received") $probability="100";
 	if($probability==100 && $status=="pending") $status="confirmed";
@@ -22,8 +23,9 @@ if($_POST['action']=="sponsorshipedit" || $_POST['action']=="sponsorshipadd") {
 if($_POST['action']=="sponsorshipedit") {
 
 	if($fundraising_donations_id && $fundraising_type && $value) {
-		$q=mysql_query("SELECT * FROM fundraising_donations WHERE id='$fundraising_donations_id'");
-		$current=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE id='$fundraising_donations_id'");
+		$q->execute();
+		$current=$q->fetch(PDO::FETCH_OBJ);
 
 		unset($log);
 		$log=array();
@@ -40,18 +42,18 @@ if($_POST['action']=="sponsorshipedit") {
 			$log[]="Changed sponsorship probability from $current->probability to $probability";
 
 		if(count($log)) {
-			mysql_query("UPDATE fundraising_donations SET fundraising_type='$fundraising_type', value='$value', status='$status', probability='$probability' WHERE id='$fundraising_donations_id'");
-
+			$stmt = $pdo->prepare("UPDATE fundraising_donations SET fundraising_type='$fundraising_type', value='$value', status='$status', probability='$probability' WHERE id='$fundraising_donations_id'");
+			$stmt->execute();
 			foreach($log AS $l) {
-					mysql_query("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+					$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
 						'$current->sponsors_id',
 						NOW(),
 						'".$_SESSION['users_id']."',
-						'".mysql_real_escape_string($l)."')");
-
+						'".$l."')");
+					$stmt->execute();
 			}
-			if(mysql_error())
-				echo error_(mysql_error());
+			if($pdo->errorInfo())
+				echo error_($pdo->errorInfo());
 			else
                 echo happy_("Saved sponsorship changes");
 		}
@@ -65,18 +67,24 @@ if($_POST['action']=="sponsorshipedit") {
 }
 if($_POST['action']=="sponsorshipadd") {
 	if($sponsors_id && $fundraising_type && $value) {
-		mysql_query("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES ('$sponsors_id','$fundraising_type','$value','$status','$probability','{$config['FISCALYEAR']}')");
-		mysql_query("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+		
+		
+		$stmt = $pdo->prepare("INSERT INTO fundraising_donations (sponsors_id,fundraising_type,value,status,probability,fiscalyear) VALUES ('$sponsors_id','$fundraising_type','$value','$status','$probability','{$config['FISCALYEAR']}')");
+		$stmt->execute();
+
+		
+		$stmt = $pdo->prepare("INSERT INTO fundraising_donor_logs (sponsors_id,dt,users_id,log) VALUES (
+		$stmt->execute();
 			'$sponsors_id',
 			NOW(),
 			'".$_SESSION['users_id']."',
-			'".mysql_real_escape_string("Created sponsorship: type=$fundraising_type, value=\$$value, status=$status, probability=$probability%")."')");
+			'"."Created sponsorship: type=$fundraising_type, value=\$$value, status=$status, probability=$probability%")."')";
 		happy_("Added new sponsorship");
 	}
 	else
 		error_("Required fields were missing, please try again");
-	if(mysql_error())
-		error_(mysql_error());
+	if($pdo->errorInfo())
+		error_($pdo->errorInfo());
    exit;
 }
 
diff --git a/admin/fundraising_types.php b/admin/fundraising_types.php
index b4793cd..c8e2db5 100644
--- a/admin/fundraising_types.php
+++ b/admin/fundraising_types.php
@@ -28,9 +28,10 @@
 
 	if($_GET['id']) {
 		$id=intval($_GET['id']);
-		$q=mysql_query("SELECT * FROM fundraising WHERE id='$id'");
+		$q=$pdo->prepare("SELECT * FROM fundraising WHERE id='$id'");
+		$q->execute();
 	//	echo "<h2>Edit Fund</h2>";
-		$fund=mysql_fetch_object($q);
+		$fund=$q->fetch(PDO::FETCH_OBJ);
 		$formaction="fundedit";
 	}
 	else {
diff --git a/admin/gettranslation.php b/admin/gettranslation.php
index 954c962..b17fbc1 100644
--- a/admin/gettranslation.php
+++ b/admin/gettranslation.php
@@ -28,8 +28,9 @@ user_auth_required('committee', 'admin');
 $ret=array();
 foreach($config['languages'] AS $l=>$ln) {
 	if($l==$config['default_language']) continue;
-	$q=mysql_query("SELECT * FROM translations WHERE lang='$l' AND strmd5='".md5(iconv("ISO-8859-1","UTF-8",$_GET['str']))."'");
-	if($r=mysql_fetch_object($q))
+	$q=$pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='".md5(iconv("ISO-8859-1","UTF-8",$_GET['str']))."'");
+	$q->execute();
+        if($r=$q->fetch(PDO::FETCH_OBJ))
         $ret[$l]=iconv("ISO-8859-1","UTF-8",$r->val);
 	else
         $ret[$l]="";
diff --git a/admin/judges.inc.php b/admin/judges.inc.php
index 2de677b..13e75a6 100644
--- a/admin/judges.inc.php
+++ b/admin/judges.inc.php
@@ -3,7 +3,7 @@ function getJudgingTeams()
 {
 	global $config;
 
-	$q=mysql_query("SELECT 	judges_teams.id,
+	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
 			FROM 
@@ -13,12 +13,13 @@ function getJudgingTeams()
 			ORDER BY 
 				num,name
 				");
+	$q->execute();
 
 	$lastteamid=-1;
 	$lastteamnum=-1;
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	$teams=array();
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJS))
 	{
 		$teams[$r->id]['id']=$r->id;
 		$teams[$r->id]['num']=$r->num;
@@ -28,22 +29,24 @@ function getJudgingTeams()
 
 		/* Load timeslots */
 		$rounds = array();
-		$tq = mysql_query("SELECT * FROM judges_teams_timeslots_link
+		$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
 					LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
 					WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
+		tq->execute();
 		$teams[$r->id]['timeslots'] = array();
 		$teams[$r->id]['rounds'] = array();
-		while($ts = mysql_fetch_assoc($tq)) {
+		while($ts = $tq->fetch(PDO::FETCH_ASSOC)) {
 			$teams[$r->id]['timeslots'][] = $ts;
 			$rounds[$ts['round_id']] = $ts['round_id'];
 		}
 		foreach($rounds as $round_id) {
-			$tq = mysql_query("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
-			$teams[$r->id]['rounds'][] = mysql_fetch_assoc($tq);
+			$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
+			$tq->execute();
+			$teams[$r->id]['rounds'][] = $tq->fetch(PDO::FETCH_ASSOC);
 		}
 
 		//get the members for this team
-		$mq=mysql_query("SELECT 	
+		$mq=$pdo->prepare("SELECT 	
 			users.id AS judges_id,
 			users.firstname,
 			users.lastname,
@@ -59,11 +62,12 @@ function getJudgingTeams()
 			captain DESC,
 			lastname,
 			firstname");
-		echo mysql_error();
+		$mq->execute();
+		echo $pdo->errorInfo();
 
 		
         $teamlangs=array();
-		while($mr=mysql_fetch_object($mq))
+		while($mr=$mq->fetch(PDO::FETCH_OBJ))
 		{
 			$u = user_load($mr->judges_id, false);
 			$judgelangs = join('/', $u['languages']);
@@ -84,14 +88,15 @@ function getJudgingTeams()
         $teams[$r->id]['languages_members']=$teamlangs;
 
 		//we also need to add all the languages that the team must JUDGE to the teams languages.
-		$lq=mysql_query("SELECT projects.language
+		$lq=$pdo->prepare("SELECT projects.language
 			FROM judges_teams_timeslots_projects_link 
 			LEFT JOIN projects ON judges_teams_timeslots_projects_link.projects_id=projects.id
 			WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
 			judges_teams_id='$r->id' AND language!='' ");
-		echo mysql_error();
+		$lq->execute();
+		echo $pdo->errorInfo();
 		$projectlangs=array();
-		while($lr=mysql_fetch_object($lq)) {
+		while($lr=$lq->fetch(PDO::FETCH_OBJ)) {
 			if(!in_array($lr->language,$projectlangs))
 				$projectlangs[]=$lr->language;
 			if(!in_array($lr->language,$teamlangs))
@@ -101,7 +106,7 @@ function getJudgingTeams()
         $teams[$r->id]['languages']=$teamlangs;
 
 		//get the awards for this team
-		$aq=mysql_query("SELECT award_awards.id,
+		$aq=$pdo->prepare("SELECT award_awards.id,
 					award_awards.name,
 					award_awards.criteria,
 					award_awards.award_types_id,
@@ -118,7 +123,8 @@ function getJudgingTeams()
 				ORDER BY
 					name
 				");
-		while($ar=mysql_fetch_object($aq))
+			$aq->execute();
+		while($ar=$aq->fetch(PDO::FETCH_OBJ))
 		{
 			$teams[$r->id]['awards'][]=array(
 					"id"=>$ar->id,
@@ -136,7 +142,7 @@ function getJudgingTeam($teamid)
 {
 	global $config;
 
-	$q=mysql_query("SELECT 	judges_teams.id,
+	$q=$pdo->prepare("SELECT 	judges_teams.id,
 				judges_teams.num,
 				judges_teams.name
 				
@@ -149,18 +155,19 @@ function getJudgingTeam($teamid)
 				num,
 				name
 				");
+	$q->execute();
 
 	$team=array();
 
 	$first=true;
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJS))
 	{
 		$team['id']=$r->id;
 		$team['num']=$r->num;
 		$team['name']=$r->name;
 
 		//get the members for this team
-		$mq=mysql_query("SELECT 	
+		$mq=$pdo->prepare("SELECT 	
 			users.id AS judges_id,
 			users.firstname,
 			users.lastname,
@@ -176,10 +183,11 @@ function getJudgingTeam($teamid)
 			captain DESC,
 			lastname,
 			firstname");
-		echo mysql_error();
+		$mq->execute();
+		echo $pdo->errorInfo();
 
 		
-		while($mr=mysql_fetch_object($mq))
+		while($mr=$mq->fetch(PDO::FETCH_OBJ))
 		{
 			$team['members'][]=array(
 				"id"=>$mr->judges_id,
@@ -191,7 +199,7 @@ function getJudgingTeam($teamid)
 
 
 		//get the awards for this team
-		$aq=mysql_query("SELECT award_awards.id,
+		$aq=$pdo->prepare("SELECT award_awards.id,
 					award_awards.name,
 					award_awards.award_types_id,
 					award_types.type AS award_type
@@ -207,7 +215,8 @@ function getJudgingTeam($teamid)
 				ORDER BY
 					name
 				");
-		while($ar=mysql_fetch_object($aq))
+		$aq->execute();
+		while($ar=$aq->fetch(PDO::OBJ))
 		{
 			$team['awards'][]=array(
 					"id"=>$ar->id,
@@ -254,8 +263,9 @@ function judges_load_all()
 				AND year='{$config['FAIRYEAR']}'
 				AND deleted='no'
 				ORDER BY lastname, firstname";
-	$r = mysql_query($query);
-	while($i = mysql_fetch_assoc($r)) {
+	$r = $pdo->prepare($query);
+	$r->execute();
+	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
 		$u = user_load($i['id']);
 		if($u['judge_complete'] == 'no') continue;
 		if($u['judge_active'] == 'no') continue;
diff --git a/admin/judges_info.php b/admin/judges_info.php
index 5577aa9..6fce86e 100644
--- a/admin/judges_info.php
+++ b/admin/judges_info.php
@@ -105,9 +105,10 @@ echo '<div style="text-align:center; padding: 5px;">';
 // get their availability
 $availabilityText = "";
 if($config['judges_availability_enable'] == 'yes'){
-	$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
+	$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
+	$q->execute();
 	$sel = array();
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$st = substr($r->start, 0, 5);
 		$end = substr($r->end, 0, 5);
 		$availabilityText .= "<li>$st - $end</li>";
@@ -131,8 +132,9 @@ if($judgeinfo['special_award_only'] == "yes"){
 		. " JOIN users ON jss.users_id = users.id"
 		. " JOIN award_awards aa ON aa.id = jss.award_awards_id"
 		. " WHERE users.id=" . $id;
-	$results = mysql_query($query);
-	while($record = mysql_fetch_array($results)){
+	$results = $pdo->prepare($query);
+	$results.execute();
+	while($record = $results.fetch()){
 		$awardList[] = $record['awardname'];
 	}
 	$specialAwardsText .= implode(', ', $awardList);
@@ -142,10 +144,11 @@ if($judgeinfo['special_award_only'] == "yes"){
 }
 
 // get their preference for age category
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}'");
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}'");
+$q->execute();
 
-$catPreferenceText =  mysql_error() . "<ul>";
-while($r=mysql_fetch_object($q)) {
+$catPreferenceText =  $pdo->errorInfo() . "<ul>";
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$p = intval($judgeinfo['cat_prefs'][$r->id]);
 	$catPreferenceText .= "<li><em>" . i18n($r->category)."</em>: {$preferencechoices[$p]}</li>";
 }
@@ -186,9 +189,10 @@ $catPreferenceText .= "</ul>";
 <?php
 
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+$q->execute();
 $divs=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divs[]=$r->id;
 	$divnames[$r->id]=$r->division;
@@ -201,10 +205,11 @@ foreach($divs as $div)
 	echo " <td>$p/5</td>";
 
 	echo "<td>";
-	$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE 
+	$subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE 
 				projectdivisions_id='$div' AND year='{$config['FAIRYEAR']}' ORDER BY subdivision");
+	$subq->execute();
 	$sd = array();
-	while($subr=mysql_fetch_object($subq)) {
+	while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
 		if($u['div_prefs_sub'][$subr->id] == 1) {
 			$sd[] = $subdivr->subdivision;
 		}
@@ -242,7 +247,7 @@ echo "<tr>\n";
 echo " <th valign=\"top\" align=\"right\" colspan=\"2\">".i18n("Time Availability").":</th><td colspan=\"2\">";
 $q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$judgeinfo['id']}\" ORDER BY `start`");
 $sel = array();
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$st = substr($r->start, 0, 5);
 	$end = substr($r->end, 0, 5);
 	echo "$st - $end<br />";
diff --git a/admin/judges_invite.php b/admin/judges_invite.php
index 488fa33..3ce4a9d 100644
--- a/admin/judges_invite.php
+++ b/admin/judges_invite.php
@@ -35,15 +35,17 @@
  echo "<br />";
  if($_POST['action']=="invite" && $_POST['email'])
  {
- 	$q=mysql_query("SELECT id FROM judges WHERE email='".$_POST['email']."'");
-	if(mysql_num_rows($q))
+ 	$q=$pdo->prepare("SELECT id FROM judges WHERE email='".$_POST['email']."'");
+	$q->execute();
+	if($q->rowCount())
 	{
 		echo error(i18n("A judge already exists with that email address"));
 	}
 	else
 	{
 		$pass=generatePassword();
-		mysql_query("INSERT INTO judges (email,password) VALUES ('".mysql_escape_string(stripslashes($_POST['email']))."','$pass')");
+		$pdo->prepare("INSERT INTO judges (email,password) VALUES ('".stripslashes($_POST['email']))."','$pass')";
+		$pdo->execute();
 		email_send("new_judge_invite",stripslashes($_POST['email']),array("FAIRNAME"=>$config['fairname']),array("FAIRNAME"=>$config['fairname'],"EMAIL"=>stripslashes($_POST['email']),"PASSWORD"=>$pass));
 
 		echo happy(i18n("%1 has been invited to be a judge",array($_POST['email'])));
diff --git a/admin/judges_jdiv.php b/admin/judges_jdiv.php
index e5983b7..2e6149b 100644
--- a/admin/judges_jdiv.php
+++ b/admin/judges_jdiv.php
@@ -56,15 +56,17 @@ function newbuttonclicked(jdivs)
 
 	$div = array();
 	$divshort = array();
-	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$divshort[$r->id]=$r->division_shortform;
 		$div[$r->id]=$r->division;
 	}
 
 	$cat = array();
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$cat[$r->id]=$r->category;
 	}
 
@@ -72,9 +74,10 @@ function newbuttonclicked(jdivs)
 	$ckeys = array_keys($cat);
 
 	if($config['filterdivisionbycategory']=="yes") {
-		$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 		$divcat=array();
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 		}
 
@@ -89,8 +92,9 @@ function newbuttonclicked(jdivs)
 	}
 	
 	$langr = array();
-	$q=mysql_query("SELECT * FROM languages WHERE active='Y'");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM languages WHERE active='Y'");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$langr[$r->lang] = $r->langname;
 	}
 
@@ -103,8 +107,9 @@ function get_all_divs()
 
 	$cdlcheck = array();
 	$cdl = array();
-	$q=mysql_query("SELECT * FROM judges_jdiv");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM judges_jdiv");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$cdl[$r->id]['id'] = $r->id;
 		$cdl[$r->id]['jdiv'] = $r->jdiv_id;
 		$cdl[$r->id]['div'] = $r->projectdivisions_id;
@@ -128,13 +133,15 @@ function get_all_divs()
 
 			/* Also, make an entry in the DB, so that this isn't 
 			 * unassigned anymore */
-			mysql_query("INSERT INTO judges_jdiv (id, jdiv_id, projectdivisions_id, projectcategories_id, lang) ".
+			$stmt = $pdo->prepare("INSERT INTO judges_jdiv (id, jdiv_id, projectdivisions_id, projectcategories_id, lang) ".
 					" VALUES('', 0, '$y', '$x', '$z')"); 
-			$q = mysql_query("SELECT id FROM judges_jdiv WHERE ".
+			$stmt->execute();
+			$q = $pdo->prepare("SELECT id FROM judges_jdiv WHERE ".
 					" projectdivisions_id='$y' ".
 					" AND projectcategories_id='$x' ".
 					" AND lang='$z' ");
-			$r = mysql_fetch_object($q);
+			$q->execute();
+			$r = $q->fetch(PDO::FETCH_OBJ);
 
 			$cdl[$r->id]['id'] = $r->id;
 			$cdl[$r->id]['jdiv'] = 0; /* Unassigned */
@@ -153,16 +160,17 @@ function get_all_divs()
 		$x = $cat[$cdl[$id]['cat']];
 		$y = $divshort[$cdl[$id]['div']];
 		$z = $div[$cdl[$id]['div']];
-		$q = mysql_query("SELECT count(projects.id) AS cnt FROM projects,registrations WHERE ".
+		$q = $pdo->prepare("SELECT count(projects.id) AS cnt FROM projects,registrations WHERE ".
 			" projectdivisions_id='{$cdl[$id]['div']}' ".
 			" AND projectcategories_id='{$cdl[$id]['cat']}' ".
 			" AND language='{$cdl[$id]['lang']}' ".
 			" AND registrations.year='{$config['FAIRYEAR']}'".
 			" AND projects.registrations_id=registrations.id".
 			" AND (registrations.status='complete' OR registrations.status='paymentpending')");
+		$q->execute();
 
-		$r = mysql_fetch_object($q);
-		echo mysql_error();
+		$r = $q->fetch(PDO::FETCH_OBJ);
+		echo $pdo->errorInfo();
 		$c = $r->cnt;
 
 		$cdl[$id]['name'] = "$x $y ({$cdl[$id]['lang']}) ($c project".($c==1?'':'s').")";
@@ -175,24 +183,28 @@ function get_all_divs()
 	if($_POST['action']=="add" && $_POST['jdiv_id'] && count($_POST['cdllist'])>0)
 	{
 		foreach($_POST['cdllist'] AS $selectedcdl) {
-			$q=mysql_query("UPDATE judges_jdiv SET jdiv_id='{$_POST['jdiv_id']}' WHERE ".
+			$q=$pdo->prepare("UPDATE judges_jdiv SET jdiv_id='{$_POST['jdiv_id']}' WHERE ".
 						" id='$selectedcdl' ");
+			$q->execute();
 		}
 		echo happy(i18n("Judging Division(s) successfully added"));
 	}
 
 	if($_GET['action']=="del" && $_GET['cdl_id']) {
-		mysql_query("UPDATE judges_jdiv SET jdiv_id=0 WHERE id='{$_GET['cdl_id']}'");
+		$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE id='{$_GET['cdl_id']}'");
+		$stmt->execute();
 	}
 
 	if($_GET['action']=="empty" && $_GET['jdiv_id']) {
-		mysql_query("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id='{$_GET['jdiv_id']}' ");
+		$stmt = $pdo->prepare("UPDATE judges_jdiv SET jdiv_id=0 WHERE jdiv_id='{$_GET['jdiv_id']}' ");
+		$stmt->execute();
 		echo happy(i18n("Emptied all divisions from Judging Division Group %1",array($_GET['jdiv_id'])));
 	}
 
 	if($_GET['action']=="recreate") {
 		//just delete them all, they'll be recreated automagically
-		mysql_query("TRUNCATE TABLE judges_jdiv");
+		$stmt = $pdo->prepare("TRUNCATE TABLE judges_jdiv");
+		$stmt->execute();
 		echo happy(i18n("Recreated all division/category/language options"));
 	}
 
diff --git a/admin/judges_sa.php b/admin/judges_sa.php
index 974ec25..f75c22e 100644
--- a/admin/judges_sa.php
+++ b/admin/judges_sa.php
@@ -57,8 +57,9 @@ $round_divisional2 = NULL;
 function set_status($txt)
 {
 	TRACE("Status: $txt\n");
-	mysql_query("UPDATE config SET val='$txt' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE 
 			var='judge_scheduler_activity' AND year=0");
+	$stmt->execute();
 }
 
 $set_percent_last_percent = -1;
@@ -68,8 +69,9 @@ function set_percent($n)
 	$p = floor($n);
 	if($p == $set_percent_last_percent) return;
 	TRACE("Progress: $p\%\n");
-	mysql_query("UPDATE config SET val='$p' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$p' WHERE 
 			var='judge_scheduler_percent' AND year=0");
+	$stmt->execute();
 	$set_percent_last_percent = $p;
 }
 
@@ -361,8 +363,9 @@ set_status("Loading Data From Database...");
 TRACE("\n\n");
 $div = array();
 TRACE("Loading Project Divisions...\n");
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divshort[$r->id]=$r->division_shortform;
 	$div[$r->id]=$r->division;
@@ -371,16 +374,17 @@ while($r=mysql_fetch_object($q))
 
 TRACE("Loading Project Age Categories...\n");
 $cat = array();
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-while($r=mysql_fetch_object($q)) {
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$cat[$r->id]=$r->category;
 	TRACE("   {$r->id} - {$r->category}\n");
 }
 
 TRACE("Loading Languages...\n");
 $langr = array();
-$q=mysql_query("SELECT * FROM languages WHERE active='Y'");
-while($r=mysql_fetch_object($q)) {
+dddddddddddddddo->prepare("SELECT * FROM languages WHERE active='Y'");
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$langr[$r->lang] = $r->langname;
 	TRACE("   {$r->lang} - {$r->langname}\n");
 }
@@ -388,17 +392,19 @@ while($r=mysql_fetch_object($q)) {
 TRACE("Loading Judging Round time data...\n");
 $round_special_awards = array();
 $round = array();
-$q = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='{$config['FAIRYEAR']}'");
+$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='{$config['FAIRYEAR']}'");
+$q->execute();
 /* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
-while($r = mysql_fetch_assoc($q)) {
+while($r = $q=>fetch(PDO::FETCH_ASSOC)) {
 	TRACE("   id:{$r['id']} type:{$r['type']} name:{$r['name']}\n");
 
-	$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
-	if(mysql_num_rows($qq) == 0) {
+	$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
+	$qq->execute();
+	if($qq->rowCount() == 0) {
 		echo "ERROR: Round type:{$r['type']} name:{$r['name']} has no judging timeslots!  Abort.\n";
 		exit;
 	}
-	while($rr = mysql_fetch_assoc($qq)) {
+	while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
 		TRACE("      Timeslot: {$rr['starttime']}-{$rr['endtime']}\n");
 		$r['timeslots'][] = $rr;
 	}
@@ -416,8 +422,9 @@ if($round_divisional1 == NULL) {
 
 $jdiv = array();
 TRACE("Loading Judging Division Configuration and Projects...\n");
-$q=mysql_query("SELECT * FROM judges_jdiv");
-while($r=mysql_fetch_object($q)) {
+$q=$pdo->prepare("SELECT * FROM judges_jdiv");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	/* Ignore jdiv 0 (all unassigned div/cats) */
 	if($r->jdiv_id == 0) continue;
 
@@ -434,7 +441,7 @@ foreach($keys as $jdiv_id) {
 		$d = $jdiv[$jdiv_id]['config'][$x];
 		if($x > 0) TRACE("\t- ");
 		TRACE($cat[$d['cat']]." ".$div[$d['div']]." - ".$langr[$d['lang']]);
-		$qp = mysql_query("SELECT projects.* FROM projects, registrations WHERE ".
+		$qp = $pdo->prepare("SELECT projects.* FROM projects, registrations WHERE ".
 					" projects.year='".$config['FAIRYEAR']."' AND ".
 					" projectdivisions_id='{$d['div']}' AND ".
 					" projectcategories_id='{$d['cat']}' AND ".
@@ -442,8 +449,9 @@ foreach($keys as $jdiv_id) {
 					" registrations.id = projects.registrations_id " .
 					getJudgingEligibilityCode()
 				);
+		$qp->execute();
 		$count = 0;
-		while($rp = mysql_fetch_object($qp)) {
+		while($rp = $qp->fetch(PDO::FETCH_OBJ)) {
 			$jdiv[$jdiv_id]['projects'][$rp->id] = array( 
 					'div' => $d['div'],
 					'cat' => $d['cat'],
@@ -462,39 +470,56 @@ foreach($keys as $jdiv_id) {
 
 /* Clean out the judging teams that were autocreated in a previous run */
 TRACE("Deleting autocreated divisional and special award judging teams:");
-$q = mysql_query("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
-while($r = mysql_fetch_object($q)) {
+$q = pdo->prepare("SELECT * FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
+$q->execute();
+while($r = $q->fetch(PDO::FETCH_OBJ)) {
 	$id = $r->id;
 	print(" $id");
 	/* Clean out the judges_teams_link */
-	mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
-	print mysql_error();
+	
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Awards */
-	mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
-	print mysql_error();
+	
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Timeslots */
-	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
-	print mysql_error();
+	
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 	/* Timeslots projects */
-	mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
-	print mysql_error();
+	
+	
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$id' AND year={$config['FAIRYEAR']}");
+	$stmt->execute();
+	print $pdo->errorInfo();
 }
 echo "\n";
 
 /* Finally, delete all the autocreated judges teams */
-mysql_query("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
-print mysql_error();
+$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE autocreate_type_id=1 AND year={$config['FAIRYEAR']}");
+$stmt->execute();
+print $pdo->errorInfo();
 
 /* Also delete any judges_teams_link that link to teams that dont exist, just 
  * in case */
-$q=mysql_query("SELECT judges_teams_link.id, judges_teams.id AS judges_teams_id 
+$q=$pdo->prepare("SELECT judges_teams_link.id, judges_teams.id AS judges_teams_id 
 			FROM judges_teams_link 
 			LEFT JOIN judges_teams ON judges_teams_link.judges_teams_id=judges_teams.id 
 			WHERE judges_teams_link.year={$config['FAIRYEAR']}");
+
+$q->execute();
 $n=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if(!$r->judges_teams_id) {
-		mysql_query("DELETE FROM judges_teams_link WHERE id='$r->id'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE id='$r->id'");
+		$stmt->execute();
 		$n++;
 	}
 }
@@ -519,51 +544,54 @@ foreach($judges as &$j) {
 		continue;
 	}
 
-	$q = mysql_query("SELECT users_id FROM judges_teams_link WHERE 
+	$q = $pdo->prepare("SELECT users_id FROM judges_teams_link WHERE 
 				users_id='{$j['id']}'
 				AND year='{$config['FAIRYEAR']}'");
-	if(mysql_num_rows($q) != 0) {
+	$q->execute();
+	if($q->rowCount()!= 0) {
 		TRACE("   {$j['name']} is already on a judging team, skipping.\n");
 		unset($judges[$j['id']]);
 		continue;
 	}
 	if($config['judges_availability_enable']=="yes") {
 		/* Load the judge time availability */
-		$q = mysql_query("SELECT * FROM judges_availability WHERE users_id='{$j['id']}' ORDER BY `start`");
-		if(mysql_num_rows($q) == 0) {
+		$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='{$j['id']}' ORDER BY `start`");
+		if($q->rowCount()== 0) {
 			TRACE("   {$j['name']} hasn't selected any time availability, POTENTIAL BUG (they shouldn't be marked as complete).\n");
 			TRACE("      Ignoring this judge.\n");
 			unset($judges[$j['id']]);
 			continue;
 		}
-		while($r = mysql_fetch_assoc($q)) {
+		$q->execute();
+		while($r = $q=>fetch(PDO::FETCH_ASSOC)) {
 			$j['availability'][] = $r;
 		}
 	}
 
 	/* Load special award preferences */
-	$q = mysql_query("SELECT award_awards.id,award_awards.name FROM 
+	$q = $pdo->prepare("SELECT award_awards.id,award_awards.name FROM 
 				judges_specialaward_sel,award_awards 
 				WHERE
 				award_awards.id=judges_specialaward_sel.award_awards_id
 				AND judges_specialaward_sel.users_id='{$j['id']}'
 				AND award_awards.year='{$config['FAIRYEAR']}'");
-	echo mysql_error();
+	$q->execute();
+		echo $pdo->errorInfo();
 
 	if($j['special_award_only'] == 'yes') {
 		TRACE("   {$j['name']} is a special awards only.\n");
 		/* Find their special award id */
-		if(mysql_num_rows($q) == 0) {
+		if($q->rowCount()== 0) {
 			TRACE("      NO special award selected! (removing special award only request)\n");
 			$j['special_award_only'] = 'no';
-//		} else if(mysql_num_rows($q) > 1) {
+//		} else if($q->rowCount()> 1) {
 //			TRACE("      More than ONE special award selected (removing special award only request):\n");
 //			$j['special_award_only'] = 'no';
 		} 
 	}
 
 	$j['special_awards'] = array();
-	while($r = mysql_fetch_object($q)) {
+	while($r = $q->fetch(PDO::FETCH_OBJ)) {
 		if($j['special_award_only'] == 'yes') {
 			TRACE("      {$r->name}\n");
 		}
@@ -590,9 +618,10 @@ if(count($judges)==0) {
 
 /* Load the numbers for any user-defined judge teams that already exist,
  * these numbers will be off-limits for auto-assigning numbers */
-$q = mysql_query("SELECT * FROM judges_teams WHERE year={$config['FAIRYEAR']}");
+$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year={$config['FAIRYEAR']}");
+$q->execute();
 $used_judges_teams_numbers = array();
-while($i = mysql_fetch_assoc($q)) {
+while($i = $q=>fetch(PDO::FETCH_ASSOC)) {
 	$used_judges_teams_numbers[] = $i['num'];
 }
 echo "The following judge team numbers are already used: \n";
@@ -618,21 +647,23 @@ function next_judges_teams_number()
 function judge_team_create($num, $name)
 {
 	global $config;
-	$name = mysql_escape_string($name);
-	mysql_query("INSERT INTO judges_teams (num,name,autocreate_type_id,year)
+	$name = $name;
+	$stmt = $pdo->prepare("INSERT INTO judges_teams (num,name,autocreate_type_id,year)
 		VALUES ('$num','$name','1','{$config['FAIRYEAR']}')");
-	$id = mysql_insert_id();
+	$stmt->execute();
+	$id = lastInsertId();
 	return $id;
 }
 
 function judge_team_add_judge($team_id, $users_id)
 {
 	global $config, $judges;
-	mysql_query("INSERT INTO judges_teams_link
+	$stmt = $pdo->prepare("INSERT INTO judges_teams_link
 			 (users_id,judges_teams_id,captain,year) 
 		 VALUES ('$users_id','$team_id','{$judges[$users_id]['willing_chair']}',
 				'{$config['FAIRYEAR']}')");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 /****************************************************************************
@@ -812,7 +843,7 @@ for($x=1;$x<count($jteam); $x++) {
 	$jd = $jdiv[$t['jdiv_id']];
 	for($y=0; $y<count($jd['config']); $y++) {
 		$cfg = $jd['config'][$y];
-		$q=mysql_query("SELECT award_awards.id FROM 
+		$q=$pdo->prepare("SELECT award_awards.id FROM 
 						award_awards,
 						award_awards_projectcategories,
 						award_awards_projectdivisions
@@ -824,14 +855,16 @@ for($x=1;$x<count($jteam); $x++) {
 						AND award_awards_projectdivisions.projectdivisions_id='{$cfg['div']}'
 						AND award_awards.award_types_id='1'
 					");
-		if(mysql_num_rows($q)!=1) {
+		$q->execute();
+		if($q->rowCount()!=1) {
 			echo error(i18n("Cannot find award for %1 - %2",array($cat[$cfg['cat']],$div[$cfg['div']])));
 		} else {
-			$r=mysql_fetch_object($q);
-			mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','{$config['FAIRYEAR']}')");
+			$r=$q->fetch(PDO::FETCH_OBJ);
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','{$config['FAIRYEAR']}')");
 			/* Add the award ID to the jdiv, if it's not already there */
 			if(!in_array($r->id, $jdiv[$t['jdiv_id']]['award_ids'])) {
 				$jdiv[$t['jdiv_id']]['award_ids'][] = $r->id;
+			$stmt->execute();
 			}
 		}
 	}
@@ -904,7 +937,8 @@ if($round_divisional2 == NULL) {
 
 		/* Assign all the awards in this jdiv */
 		foreach($jd['award_ids'] as $aid) {
-			mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$aid','$team_id','{$config['FAIRYEAR']}')");
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$aid','$team_id','{$config['FAIRYEAR']}')");
+			$stmt->execute();
 		}
 	}
 
@@ -1028,8 +1062,9 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 			AND award_types.year='{$config['FAIRYEAR']}'
 			AND award_types.type='Special' 
 		";
-	$r = mysql_query($q);
-	print(mysql_error());
+	$r = $stmt->prepare($q);
+	$r->execute();
+	print($pdo->errorInfo());
 	/* sa_jteam for leftover judges, if any */
 	$sa_jteam = array();
 	$sa_jteam[0]['id'] = 0;
@@ -1041,7 +1076,7 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 
 	$x=1;
 	$required_judges = 0;
-	while($i = mysql_fetch_object($r)) {
+	while($i = $r->fetch(PDO::FETCH_OBJ)) {
 		$projects = getProjectsNominatedForSpecialAward($i->id);
 		$languages = getLanguagesOfProjectsNominatedForSpecialAward($i->id);
 
@@ -1063,8 +1098,9 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 		$required_judges += $min;
 		
 		/* Link the award to this team */
-		mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) 
+		$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) 
 				VALUES ('{$i->id}','{$sa_jteam[$x]['id']}','{$config['FAIRYEAR']}')");
+		$stmt->execute();
 
 		TRACE("Created Team: {$i->name}, ".count($projects)." projects => $min judges needed (db id:{$sa_jteam[$x]['id']}) \n");
 		$x++;
@@ -1254,17 +1290,19 @@ if($config['scheduler_enable_sa_scheduling'] == 'yes') {
 			print("\n");
 
 			/* Do timeslot and project timeslot assignment */
-			mysql_query("INSERT INTO judges_teams_timeslots_link 
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link 
 							(judges_teams_id,judges_timeslots_id,year)
-							VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '{$config['FAIRYEAR']}')");
-			echo mysql_error();
+							VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '{$config['FAIRYEAR']}')")
+			$stmt->execute();
+			echo $pdo->errorInfo();
 
 			foreach($t['projects'] as $proj) {
 				$pid = $proj['id'];
-				mysql_query("INSERT INTO judges_teams_timeslots_projects_link 
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link 
 								(judges_teams_id,judges_timeslots_id,projects_id,year)
 								VALUES ('{$t['id']}', '{$r['timeslots'][0]['id']}', '$pid', '{$config['FAIRYEAR']}')");
-				echo mysql_error();
+				$stmt->execute();
+				echo $pdo->errorInfo();
 			}
 			$ids = $a->bucket[$x];
 			foreach($a->bucket[$x] as $jid) {
@@ -1294,13 +1332,14 @@ set_status("Assigning Judging Teams and Projects to Timeslots");
 TRACE("Loading Divisional1 Timeslot Data\n");
 $available_timeslots=array();
 
-$q=mysql_query("SELECT * FROM judges_timeslots WHERE 
+$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE 
 			round_id='{$round_divisional1['id']}' 
 			AND year='{$config['FAIRYEAR']}' 
 			AND type='timeslot'
 			ORDER BY date,starttime");
+$q->execute();
 $x=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
         $available_timeslots[]=array("id"=>$r->id,
 				"date"=>$r->date,
 				"starttime"=>substr($r->starttime,0,-3),
@@ -1464,17 +1503,19 @@ for($k=0; $k<$keys_count; $k++) {
 			if($jteam_id == 0) continue;
 
 			/* if jteam_id isn't 0, instert it into the db */
-			mysql_query("INSERT INTO judges_teams_timeslots_link ".
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link ".
 				" (judges_teams_id,judges_timeslots_id,year)".
 				" VALUES ('{$jteam[$jteam_id]['team_id']}', ".
 				" '{$available_timeslots[$y]['id']}', ".
 				" '{$config['FAIRYEAR']}')");
+			$stmt->execute();
 														 
-			mysql_query("INSERT INTO judges_teams_timeslots_projects_link ".
+			$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link ".
 				" (judges_teams_id,judges_timeslots_id,projects_id,year) ".
 				" VALUES ('{$jteam[$jteam_id]['team_id']}', ".
 				" '{$available_timeslots[$y]['id']}', ".
 				" '$pid', '{$config['FAIRYEAR']}')");
+			$stmt->execute();
 
 		}
 		printf("\n");
diff --git a/admin/judges_schedulerconfig.php b/admin/judges_schedulerconfig.php
index a73aff4..80b748e 100644
--- a/admin/judges_schedulerconfig.php
+++ b/admin/judges_schedulerconfig.php
@@ -48,7 +48,8 @@ ogram; see the file COPYING.  If not, write to
 
  if($_GET['action']=="reset")
  {
- 	mysql_query("UPDATE config SET `val`='-1' WHERE `var`='judge_scheduler_percent' AND `year`=0");
+ 	$stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='judge_scheduler_percent' AND `year`=0");
+	$stmt->execute();
 	$config['judge_scheduler_percent']="-1";
 	echo happy(i18n("Judge scheduler status forcibly reset"));
  }
diff --git a/admin/judges_schedulerconfig_check.inc.php b/admin/judges_schedulerconfig_check.inc.php
index 50f514d..9a12c4f 100644
--- a/admin/judges_schedulerconfig_check.inc.php
+++ b/admin/judges_schedulerconfig_check.inc.php
@@ -4,13 +4,15 @@ function judges_scheduler_check_timeslots()
 {
 	global $config;
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE ".
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE ".
 		" year='".$config['FAIRYEAR']."'".
 		" AND `type`='divisional1'" );
-	if(mysql_num_rows($q)) {
-		$round=mysql_fetch_object($q);
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
-		return mysql_num_rows($q);
+	$q->execute();
+	if($q->rowCount()) {
+		$round=$q->fetch(PDO::FETCH_OBJ);
+		$q=$stmt->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+		$q->execute();
+		return $q->rowCount();
 	}
 	else
 		return 0;
@@ -21,13 +23,15 @@ function judges_scheduler_check_timeslots_sa()
 	global $config;
 	$rows = 0;
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE ".
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE ".
 		" year='".$config['FAIRYEAR']."'".
 		" AND `type`='special'" );
-	if(mysql_num_rows($q)) {
-		while((	$round=mysql_fetch_object($q))) {
-			$rq=mysql_query("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
-			$rows += mysql_num_rows($rq);
+	$q->execute();
+	if($q->rowCount()) {
+		while((	$round=$q->fetch(PDO::FETCH_OBJ))) {
+			$rq=$pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='$round->id' AND type='timeslot'");
+			$rq->execute();
+			$rows += $rq->rowCount();
 		}
 	}
 	return $rows;
@@ -37,21 +41,24 @@ function judges_scheduler_check_awards()
 {
 	global $config;
 
-	$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q))
+	$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 		$div[$r->id]=$r->division;
 
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q))
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 		$cat[$r->id]=$r->category;
 
 	$dkeys = array_keys($div);
 	$ckeys = array_keys($cat);
 
 	if($config['filterdivisionbycategory']=="yes") {
-		$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='".$config['FAIRYEAR']."' ORDER BY projectdivisions_id,projectcategories_id");
+		$q->execute();
 		$divcat=array();
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$divcat[]=array("c"=>$r->projectcategories_id,"d"=>$r->projectdivisions_id);
 		}
 
@@ -70,7 +77,7 @@ function judges_scheduler_check_awards()
 	foreach($divcat AS $dc) {
 		$d=$dc['d'];
 		$c=$dc['c'];
-			$q=mysql_query("SELECT award_awards.id FROM 
+			$q=$pdo->prepare("SELECT award_awards.id FROM 
 							award_awards,
 							award_awards_projectcategories,
 							award_awards_projectdivisions
@@ -84,9 +91,10 @@ function judges_scheduler_check_awards()
 							AND award_awards_projectdivisions.projectdivisions_id='$d'
 							AND award_awards.award_types_id='1'
 						");
-						echo mysql_error();
-			if(mysql_num_rows($q)!=1) {
-				$missing_awards[] = "{$cat[$c]} - {$div[$d]} (".i18n("%1 found",array(mysql_num_rows($q))).")";
+			$q->execute();
+						echo $pdo->errorInfo();
+			if($q->rowCount()!=1) {
+				$missing_awards[] = "{$cat[$c]} - {$div[$d]} (".i18n("%1 found",array($q->rowCount())).")";
 			}
 	}
 	return $missing_awards;
@@ -97,8 +105,9 @@ function judges_scheduler_check_jdivs()
 {
 	global $config;
 
-	$q=mysql_query("SELECT DISTINCT jdiv_id FROM judges_jdiv ");
-	$rows = mysql_num_rows($q);
+	$q=$pdo->prepare("SELECT DISTINCT jdiv_id FROM judges_jdiv ");
+	$q->execute();
+	$rows = $q->rowCount();
 
 	return $rows;
 }
@@ -110,8 +119,9 @@ function judges_scheduler_check_judges()
 	$ok = 1;
 
 	$jdiv = array();
-	$q=mysql_query("SELECT * FROM judges_jdiv ORDER BY jdiv_id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM judges_jdiv ORDER BY jdiv_id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		/* Ignore any div/cat with jdiv 0 */
 		if($r->jdiv_id == 0) continue;
 
@@ -119,7 +129,7 @@ function judges_scheduler_check_judges()
 		$c = $r->projectcategories_id;
 		$l = $r->lang;
 
-		$qp = mysql_query("SELECT COUNT(projects.id) as cnt FROM projects, registrations WHERE ".
+		$qp = $pdo->prepare("SELECT COUNT(projects.id) as cnt FROM projects, registrations WHERE ".
 						" projects.year='".$config['FAIRYEAR']."' AND ".
 						" projectdivisions_id='$d' AND ".
 						" projectcategories_id='$c' AND ".
@@ -127,7 +137,8 @@ function judges_scheduler_check_judges()
 						" registrations.id = projects.registrations_id " .
 						getJudgingEligibilityCode()
 				);
-		$qr = mysql_fetch_object($qp);
+		$qp->execute();
+		$qr = $qp->fetch(PDO::FETCH_OBJ);
 		
 		$jdiv[$r->jdiv_id]['num_projects']['total'] += $qr->cnt;
 		$jdiv[$r->jdiv_id]['num_projects'][$l] += $qr->cnt;
diff --git a/admin/judges_teams.php b/admin/judges_teams.php
index 9f10fd8..068be6e 100644
--- a/admin/judges_teams.php
+++ b/admin/judges_teams.php
@@ -35,35 +35,45 @@
 	if($action=="delete" && $_GET['delete'])
 	{
 		//ALSO DELETE: team members, timeslots, projects, awards
-		mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		mysql_query("DELETE FROM judges_teams WHERE id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
-		message_push(happy(i18n("Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team")));
+		
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
+		$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='".$_GET['delete']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();message_push(happy(i18n("Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team")));
 	}
 
 	if($action=="deletealldivisional")
 	{
-		$q2=mysql_query("SELECT *
+		$q2=$pdo->prepare("SELECT *
 				FROM 	
 					judges_teams
 				WHERE 
 					year='".$config['FAIRYEAR']."'
 					AND autocreate_type_id='1'
 					");
-					echo mysql_error();
+					echo $pdo->errorInfo();
 		$numdeleted=0;
-		while($r2=mysql_fetch_object($q2))
+		while($r2=$q2->fetch(PDO::FETCH_OBJ))
 		{
 			//okay now we can start deleting things! whew!
 			//first delete any linkings to the team
-			mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			$numdeleted++;
+			
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();$numdeleted++;
 		}
 		if($numdeleted)
 			message_push(happy(i18n("Successfully deleted %1 auto-created divisional team(s)",array($numdeleted))));
@@ -73,22 +83,28 @@
 	
 	if($action=="deleteall")
 	{
-		$q2=mysql_query("SELECT *
+		$q2=$pdo->prepare("SELECT *
 				FROM 	judges_teams
 				WHERE 
 					year='".$config['FAIRYEAR']."'
 					");
+		$q2->execute();
 		$numdeleted=0;
-		while($r2=mysql_fetch_object($q2))
+		while($r2=$Q2->FETCH(PDO::FETCH_OBJ))
 		{
 			//okay now we can start deleting things! whew!
 			//first delete any linkings to the team
-			mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			mysql_query("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
-			$numdeleted++;
+			
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='".$config['FAIRYEAR']."'");
+			$stmt->execute();$numdeleted++;
 		}
 		if($numdeleted)
 			message_push(happy(i18n("Successfully deleted %1 team(s)",array($numdeleted))));
@@ -102,11 +118,12 @@
 		//but when we're done, if we're "assign" then go back to edit that team
 		//if we're save, then go back to the team list
 		$err=false;
-		$q=mysql_query("UPDATE judges_teams SET num='".$_POST['team_num']."', name='".mysql_escape_string(stripslashes($_POST['team_name']))."' WHERE id='$edit'");
-		if(mysql_error())
+		$q=$pdo->prepare("UPDATE judges_teams SET num='".$_POST['team_num']."', name='".(stripslashes($_POST['team_name']))."' WHERE id='$edit'");
+		$q->execute();
+		if($pdo->errorInfo())
 		{
 			$err=true;
-			message_push(error(mysql_error()));
+			message_push(error($pdo->errorInfo()));
 		}
 
 		if($_POST['award'])
@@ -116,13 +133,14 @@
 			//the judges wouldnt know which projects to judge for which award.  This doesnt apply for divisions
 			//because the category/division is obvious based on project numbesr.  A divisional judge team could easily
 			//be assigned to do all of Comp Sci - Junior, Intermediate and Senior without any problems.
-			$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='".$_POST['award']."'");
-			$aw=mysql_fetch_object($q);
+			$q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='".$_POST['award']."'");
+			$q->execute();
+			$aw=$q->fetch(PDO::FETCHH_OBJ);
 
 			$addaward=true;
 			if($aw->type=="Special")
 			{
-				$q=mysql_query("SELECT COUNT(*) AS num FROM 
+				$q=$pdo->prepare("SELECT COUNT(*) AS num FROM 
 							judges_teams_awards_link,
 							award_awards,
 							award_types
@@ -132,7 +150,8 @@
 							AND award_awards.award_types_id=award_types.id
 							AND award_types.type='Special'
 						");
-				$r=mysql_fetch_object($q);
+				$q->exxecute();
+				$r=$q->fetch(PDO::FETCHH_OBJ);
 				echo "special awards: $r->num";
 				if($r->num)
 				{
@@ -148,7 +167,8 @@
 			if($addaward)
 			{
 				//link up the award
-				mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('".$_POST['award']."','$edit','".$config['FAIRYEAR']."')");
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('".$_POST['award']."','$edit','".$config['FAIRYEAR']."')");
+				$stmt->execute();
 				message_push(happy(i18n("Award assigned to team")));
 			}
 		}
@@ -171,7 +191,8 @@
 
 	if($action=="unassign")
 	{
-		mysql_query("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='".$_GET['unassign']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='".$_GET['unassign']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		message_push(happy(i18n("Award unassigned from judge team")));
 		//keep editing the same team
 		$action="edit";
@@ -180,8 +201,9 @@
 	if($action=="createall")
 	{
 		//first make sure we dont have any non-divisional award teams (dont want people hitting refresh and adding all the teams twice
-		$q=mysql_query("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCHH_OBJ);
 		if($r->c)
 		{
 			message_push(error(i18n("Cannot 'Create All' teams when any divisional teams currently exist.  Try deleting all existing non-divisional teams first.")));
@@ -189,7 +211,7 @@
 		else
 		{
 			//grab all the awards
-			$q=mysql_query("SELECT 
+			$q=$pdo->prepare("SELECT 
 						award_awards.*, 
 						award_types.type AS award_type, 
 						award_types.order AS award_types_order 
@@ -205,24 +227,28 @@
 						award_types_order, 
 						award_awards.order,
 						name");
+			$q->execute();
 
 			//startat
-			$q2=mysql_query("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
-			$r2=mysql_fetch_object($q2);
+			$q2=$pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+			$q2->execute();
+			$r2=$q2->fetch(PDO::FETCH_OBJ);
 			if($r2->lastnum)
 				$num=$r2->lastnum+1;
 			else
 				$num=1;
 
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCHH_OBJ)) {
 //				print_r($r);
-				$name=mysql_escape_string("($r->award_type) $r->name");
-				mysql_query("INSERT INTO judges_teams(num,name,autocreate_type_id,year) VALUES ('$num','$name','$r->award_types_id','".$config['FAIRYEAR']."')");
-				echo mysql_error();
-				$team_id=mysql_insert_id();
+				$name="($r->award_type) $r->name";
+				$stmt = $pdo->prepare("INSERT INTO judges_teams(num,name,autocreate_type_id,year) VALUES ('$num','$name','$r->award_types_id','".$config['FAIRYEAR']."')");
+				$stmt->execute();
+				echo $pdo->errorInfo();
+				$team_id=$pdo->lastInsertId();
 				if($team_id) {
 					//now link the new team to the award
-					mysql_query("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
+					$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','".$config['FAIRYEAR']."')");
+					$stmt->execute();
 					message_push(happy(i18n("Created team #%1: %2",array($num,$name))));
 				}
 				else {
@@ -235,9 +261,10 @@
 
 	if($action=="add" && $_GET['num'])
 	{
-		mysql_query("INSERT INTO judges_teams(num,year) VALUES ('".$_GET['num']."','".$config['FAIRYEAR']."')");
-		echo mysql_error();
-		$edit=mysql_insert_id();
+		$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES ('".$_GET['num']."','".$config['FAIRYEAR']."')");
+		$stmt->execute();
+		echo $pdo->errorInfo();
+		$edit=$pdo->lastInsertId();
 		$action="edit";
 	}
 
@@ -345,13 +372,14 @@ function addclicked()
 		}
 
 		echo "<tr><td colspan=2>";
-		$q=mysql_query($querystr);
+		$q=$pdo->prepare($querystr);
+		$q->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		echo "<select name=\"award\">";
 		echo "<option value=\"\">".i18n("Choose award to assign to team")."</option>\n";
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCHH_OBJ))
 		{
 			echo "<option value=\"$r->id\">($r->award_type) $r->name</option>\n";
 		}
@@ -394,8 +422,9 @@ function addclicked()
 
 		echo "<table width=\"95%\">";
 		echo "<tr><td>";
-		$q=mysql_query("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
-		$r=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		if(!$r->c) {
 			echo "<a href=\"judges_teams.php?action=createall\">".i18n("Automatically create one new team for every non-divisional award")."</a><br />";
 		}
diff --git a/admin/judges_teams_members.php b/admin/judges_teams_members.php
index 0cb322d..66921c1 100644
--- a/admin/judges_teams_members.php
+++ b/admin/judges_teams_members.php
@@ -108,10 +108,11 @@ jQuery(document).ready(function(){
 
 	if($_POST['action']=="add" && $_POST['team_num'] && count($_POST['judgelist'])>0) {
 		//first check if this team exists.
-		$q=mysql_query("SELECT id,name FROM judges_teams WHERE num='".$_POST['team_num']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q=$pdo->prepare("SELECT id,name FROM judges_teams WHERE num='".$_POST['team_num']."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		if($q->rowCount();)
 		{
-			$r=mysql_fetch_object($q);
+			$r=$q->fetch(PDO::FETCH_OBJ);
 			$team_id=$r->id;
 			$team_name=$r->name;
 
@@ -127,14 +128,16 @@ jQuery(document).ready(function(){
 		foreach($_POST['judgelist'] AS $selectedjudge) {
 			//before we insert them, we need to make sure they dont already belong to this team.  We can not have the same judge assigned to the same team multiple times.
 
-			$q=mysql_query("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
-			if(mysql_num_rows($q)) {
+			$q=$pdo->prepare("SELECT * FROM judges_teams_link WHERE users_id='$selectedjudge' AND judges_teams_id='$team_id'");
+			$q->execute();
+			if($q->rowCount();) {
 				echo notice(i18n("Judge (%1) already belongs to judging team: %2",array($selectedjudge,$team_name)));
 
 			}
 			else {
 				//lets make the first one we add a captain, the rest, non-captains :)
-				mysql_query("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','".$config['FAIRYEAR']."')");	
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$selectedjudge','$team_id','$captain','".$config['FAIRYEAR']."')");	
+				$stmt->execute();
 				$added++;
 			}
 			//if this is alreayd no, then who cares, but if its the first one that is going into the new team, then
@@ -151,18 +154,20 @@ jQuery(document).ready(function(){
 
 	if($_GET['action']=="del" && $_GET['team_num'] && $_GET['team_id'] && $_GET['users_id'])
 	{
-		mysql_query("DELETE FROM judges_teams_link WHERE users_id='".$_GET['users_id']."' AND judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='".$_GET['users_id']."' AND judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		echo happy(i18n("Removed judge from team #%1 (%2)",array($_GET['team_num'],$_GET['team_name'])));
 
 		//if there is still members left in the team, make sure we have a captain still
-		$q=mysql_query("SELECT * FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		if($q->rowCount();)
 		{
 			//make sure the team still has a captain!
 			//FIXME: this might best come from the "i am willing to be a team captain" question under the judges profile
 			$gotcaptain=false;
 			$first=true;
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
 				if($first)
 				{
@@ -179,7 +184,8 @@ jQuery(document).ready(function(){
 			if(!$gotcaptain)
 			{
 				//make the first judge the captain
-				mysql_query("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='$firstjudge' AND year='".$config['FAIRYEAR']."'");	
+				$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='$firstjudge' AND year='".$config['FAIRYEAR']."'");	
+				$stmt->execute();
 				echo notice(i18n("Team captain was removed. A new team captain has been automatically assigned"));
 			}
 		}
@@ -187,7 +193,8 @@ jQuery(document).ready(function(){
 
 	if($_GET['action']=="empty" && $_GET['team_num'] && $_GET['team_id'])
 	{
-		mysql_query("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='".$_GET['team_id']."' AND year='".$config['FAIRYEAR']."'");
+		$stmt->execute();
 		echo happy(i18n("Emptied all judges from team #%1 (%2)",array($_GET['team_num'],$_GET['team_name'])));
 	}
 
@@ -197,7 +204,8 @@ jQuery(document).ready(function(){
 		{
 			foreach($_POST['team_names'] AS $team_id=>$team_name)
 			{
-				mysql_query("UPDATE judges_teams SET name='".mysql_escape_string(stripslashes($team_name))."' WHERE id='$team_id'");
+				$stmt = $pdo->prepare("UPDATE judges_teams SET name='".stripslashes($team_name)."' WHERE id='$team_id'");
+				$stmt->execute();
 			}
 			echo happy(i18n("Team names successfully saved"));
 		}
@@ -208,21 +216,24 @@ jQuery(document).ready(function(){
 	{
 
 		//teams can have as many captains as they want, so just add it.
-		mysql_query("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+		$stmt = $pdo->prepare("UPDATE judges_teams_link SET captain='yes' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+		$stmt->execute();
 		echo happy(i18n("Team captain assigned"));
 	}
 
 	if($_GET['action']=="removecaptain")
 	{
 		//teams must always have at least one captain, so if we only have one, and we are trying to remove it, dont let them!
-		$q=mysql_query("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id='".$_GET['team_id']."'");
-		if(mysql_num_rows($q)<2)
+		$q=$pdo->prepare("SELECT * FROM judges_teams_link WHERE captain='yes' AND judges_teams_id='".$_GET['team_id']."'");
+		$q->execute();
+		if($q->rowCount();<2)
 		{
 			echo error(i18n("A judge team must always have at least one captain"));
 		}
 		else
 		{
-			mysql_query("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+			$pdo->prepare("UPDATE judges_teams_link SET captain='no' WHERE judges_teams_id='".$_GET['team_id']."' AND users_id='".$_GET['judge_id']."'");
+			$pdo->execute();
 			echo happy(i18n("Team captain removed"));
 		}
 	}
@@ -234,15 +245,17 @@ jQuery(document).ready(function(){
 
 		/* Load all the teams */
 		$teams = array();
-		$q = mysql_query("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
-		while($i = mysql_fetch_assoc($q)) {
+		$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 			$teams[$i['id']] = $i;
 		}
 
 		/* And the links */
 		$links = array();
-		$q = mysql_query("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
-		while($i = mysql_fetch_assoc($q)) {
+		$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
+		$q->execute();
+		while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 			$judgelist[$i['users_id']]['teams_links'][] = $i;
 		}
 
@@ -261,10 +274,12 @@ jQuery(document).ready(function(){
 				foreach($j['special_award_selected'] AS $awardid) {
 					echo "Looking for a team for award $awardid <br />";
 					//find the award id linked to a team
-					$q=mysql_query("SELECT * FROM judges_teams_awards_link WHERE award_awards_id='{$awardid}' AND year='{$config['FAIRYEAR']}'");
-					if(mysql_num_rows($q)) {
-						while($r=mysql_fetch_object($q)) {
-							mysql_query("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$jid','$r->judges_teams_id','yes','{$config['FAIRYEAR']}')");
+					$q=$pdo->prepare("SELECT * FROM judges_teams_awards_link WHERE award_awards_id='{$awardid}' AND year='{$config['FAIRYEAR']}'");
+					$q->execute();
+					if($q->rowCount();) {
+						while($r=$q->fetch(PDO::FETCH_OBJ)) {
+							$stmt = $pdo->prepare("INSERT INTO judges_teams_link (users_id,judges_teams_id,captain,year) VALUES ('$jid','$r->judges_teams_id','yes','{$config['FAIRYEAR']}')");
+							$stmt->execute();
 							echo happy(i18n("%1 %2 to their special award(s) team(s)",array($j['firstname'],$j['lastname'])));
 						}
 					}
@@ -321,15 +336,17 @@ jQuery(document).ready(function(){
 
 	/* Load all the teams */
 	$teams = array();
-	$q = mysql_query("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
-	while($i = mysql_fetch_assoc($q)) {
+	$q = $pdo->prepare("SELECT * FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 		$teams[$i['id']] = $i;
 	}
 
 	/* And the links */
 	$links = array();
-	$q = mysql_query("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
-	while($i = mysql_fetch_assoc($q)) {
+	$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_ASSOC)) {
 		$judgelist[$i['users_id']]['teams_links'][] = $i;
 	}
 
@@ -347,7 +364,7 @@ jQuery(document).ready(function(){
 	echo i18n("Listing %1 judges",array(count($jlist)));
 	echo "<br />";
 	echo "</center>";
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	echo "<select name=\"judgelist[]\" onchange=\"switchjudgeinfo()\" multiple=\"multiple\" style=\"width: 250px; height: 600px;\">";
 
 	foreach($jlist as $jid) {
diff --git a/admin/judges_teams_projects.php b/admin/judges_teams_projects.php
index 4cfdc42..acee51b 100644
--- a/admin/judges_teams_projects.php
+++ b/admin/judges_teams_projects.php
@@ -79,7 +79,8 @@ if($_GET['judges_projects_list_eligible'])
 
 if($_GET['action']=="delete" && $_GET['delete'] && $_GET['edit'])
 {
-	mysql_query("DELETE FROM judges_teams_timeslots_projects_link WHERE id='".$_GET['delete']."'");
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE id='".$_GET['delete']."'");
+	$stmt->execute();
 	echo happy(i18n("Judging team project successfully removed"));
 	$action="edit";
 }
@@ -87,12 +88,14 @@ if($_GET['action']=="delete" && $_GET['delete'] && $_GET['edit'])
 
 if($_POST['action']=="assign" && $_POST['edit'] && $_POST['timeslot'] && $_POST['project_id'])
 {
-	mysql_query("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES ('".$_POST['edit']."','".$_POST['timeslot']."','".$_POST['project_id']."','".$config['FAIRYEAR']."')");
+	$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_projects_link (judges_teams_id,judges_timeslots_id,projects_id,year) VALUES ('".$_POST['edit']."','".$_POST['timeslot']."','".$_POST['project_id']."','".$config['FAIRYEAR']."')");
+	$stmt->execute();
 	echo happy(i18n("Project assigned to team timeslot"));
 }
 
-$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-if(mysql_num_rows($q)>1)
+$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+$q->execute();
+if($q-rowCount()>1)
 	$show_date=true;
 else
 	$show_date=false;
@@ -150,7 +153,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 	echo $awardlist;
 
 	//get the timeslots that this team has.
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				judges_timeslots.id,
 				judges_timeslots.date,
 				judges_timeslots.starttime,
@@ -166,9 +169,10 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			ORDER BY
 				date,starttime
 			");
+	$q->execute();
 
 
-	$numslots=mysql_num_rows($q);
+	$numslots=$q-rowCount();
 	if($numslots)
 	{
 
@@ -236,8 +240,9 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					projectnumber";
 		}
-		$pq=mysql_query($querystr);
-		echo mysql_error();
+		$pq=$pdo->($querystr);
+		$pq->execute();
+		echo $pdo->errorInfo();
 	
 		$eligibleprojects=getProjectsEligibleOrNominatedForAwards($award_ids);
 //		echo nl2br(print_r($eligibleprojects,true));
@@ -248,7 +253,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		$numprojects=0;
 		echo "<select name=\"project_id\">";
 		echo "<option value=\"\">".i18n("Choose Project to Assign to Timeslot")."</option>\n";
-		while($pr=mysql_fetch_object($pq)) {
+		while($pr=$pq->fetch(PDO::FETCH_OBJ)) {
 			if($_SESSION['viewstate']['judges_projects_list_eligible']=='true') {
 				if(in_array($pr->projectnumber,$eligibleprojectsnumbers)) {
 					echo "<option value=\"$pr->id\">$pr->projectnumber - $pr->title</option>\n";
@@ -276,7 +281,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		echo "</tr>";
 
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr><td>";
 
 			echo "<nobr>";
@@ -288,7 +293,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			echo "</nobr>";
 			echo "</td><td>";
 			
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 						judges_teams_timeslots_projects_link.id AS link_id,
 						projects.projectnumber,
 						projects.id,
@@ -304,9 +309,10 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 					ORDER BY
 						projectnumber
 					");
+			$projq->execute();
 
-		echo mysql_Error();
-			while($proj=mysql_fetch_object($projq)) {
+		echo $pdo->errorInfo();
+			while($proj=$projq->fetch(PDO::FETCH_OBJ)) {
 				echo "<a onclick=\"return confirmClick('Are you sure you want to remove this project from this team timeslot?')\" href=\"judges_teams_projects.php?action=delete&delete=".$proj->link_id."&edit=".$team['id']."\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
 				echo "$proj->projectnumber - $proj->title <br />";
 
@@ -361,7 +367,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 		echo "</td>";
 		echo "<td>";
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -377,13 +383,14 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q-rowCount();
 
 		echo "<a href=\"judges_teams_projects.php?action=edit&edit=".$team['id']."\">".i18n("Edit team project assignments")."</a>";
 
 		echo "<table class=\"tableview\" style=\"margin-left: 0px; width: 100%; font-size: 1.0em;\">";
 
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr><td width=\"100\" align=\"center\">";
 
 			echo "<nobr>";
@@ -395,7 +402,7 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 			echo "</nobr>";
 			echo "</td><td>";
 
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 					projects.projectnumber,
 					projects.id,
 					projects.title,
@@ -411,9 +418,10 @@ if( ($action=="edit" || $action=="assign" ) && $edit)
 				ORDER BY
 					projectnumber
 				");
+			$projq->execute();
 
-			echo mysql_error();
-			while($proj=mysql_fetch_object($projq)) {
+			echo $pdo->errorInfo();
+			while($proj=$projq->fetch(PDO::FETCH_OBJ)) {
                 if(!in_array($proj->language,$team['languages_members'])) 
                     echo "<span class=\"error\">";
 
diff --git a/admin/judges_teams_timeslots.php b/admin/judges_teams_timeslots.php
index f98219e..e54fbc4 100644
--- a/admin/judges_teams_timeslots.php
+++ b/admin/judges_teams_timeslots.php
@@ -40,13 +40,15 @@
 
  if($action == 'delete' && array_key_exists('delete', $_GET)) {
 	$id = intval($_GET['delete']);
- 	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE id='$id'");
+ 	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE id='$id'");
+	$stmt->execute();
 	message_push(happy(i18n("Judging team timeslot successfully removed")));
  }
 
  if($action == 'empty' && array_key_exists('empty',$_GET)) {
 	$id = intval($_GET['empty']);
- 	mysql_query("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id'");
+ 	$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$id'");
+	$stmt->execute();
 	message_push(happy(i18n("Judging team timeslots successfully removed")));
  }
 
@@ -56,9 +58,9 @@
 	if(count($_POST['teams']) && count($_POST['timeslots'])) {
 		foreach($_POST['teams'] AS $tm) {
 			foreach($_POST['timeslots'] AS $ts) {
-				mysql_query("INSERT INTO judges_teams_timeslots_link (judges_teams_id,judges_timeslots_id,year) 
+				$stmt = $pdo->prepare("INSERT INTO judges_teams_timeslots_link (judges_teams_id,judges_timeslots_id,year) 
 						VALUES ('$tm','$ts','{$config['FAIRYEAR']}')");
-
+				$stmt->execute();
 			}
 		}
 		message_push(happy(i18n("%1 Timeslots assigned to %2 teams",array(count($_POST['timeslots']),count($_POST['teams'])))));
@@ -126,8 +128,9 @@ function checkinvert(what)
 	echo "<a href=\"\" onclick=\"return checkinvert('timeslots')\">invert selection</a>";
 
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
@@ -140,16 +143,18 @@ function checkinvert(what)
 	echo "<th>".i18n("End Time")."</th>";
 	echo "</tr>\n";
 	
-	$q=mysql_query("SELECT * FROM judges_timeslots 
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots 
 			WHERE year='{$config['FAIRYEAR']}' 
 			AND round_id='0' ORDER BY date,starttime");
-	while($r=mysql_fetch_object($q)) {
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
 		$span = $show_date ? 4 : 3;
 		echo "<td colspan=\"$span\">{$r->name} (".$round_str[$r->type].")</td>";
-		$qq = mysql_query("SELECT * FROM judges_timeslots 
+		$qq = $pdo->prepare("SELECT * FROM judges_timeslots 
 					WHERE round_id='{$r->id}' ORDER BY date,starttime");
-		while($rr = mysql_fetch_object($qq)) {
+		$qq->execute();
+		while($rr = $qq->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 			echo "<td><input type=\"checkbox\" name=\"timeslots[]\" value=\"{$rr->id}\" /></td>";
 			if($show_date)	echo "<td>".format_date($r->date)."</td>";
@@ -202,7 +207,7 @@ function checkinvert(what)
 		echo "</td>";
 		echo "<td>";
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_teams_timeslots_link.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -218,9 +223,10 @@ function checkinvert(what)
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<nobr>";
 			if($show_date)
diff --git a/admin/judges_timeslots.php b/admin/judges_timeslots.php
index 28de931..0e28880 100644
--- a/admin/judges_timeslots.php
+++ b/admin/judges_timeslots.php
@@ -76,21 +76,23 @@
 		message_push(error(i18n('Invalid type specified')));
 	}
 
-	$name = mysql_escape_string(stripslashes($_POST['name']));
+	$name = stripslashes($_POST['name']);
 
 	if($save == true) {
 		if($round_id == 0) {
 			/* New entry */
-			mysql_query("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
-			$round_id = mysql_insert_id();
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
+			$stmt->execute();
+			$round_id = $pdo->lastInsertId();
 		}
 
-		mysql_query("UPDATE judges_timeslots SET `date`='$date', 
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`='$date', 
 								starttime='$starttime', endtime='$endtime',
 								`name`='$name',
 								`type`='$type' WHERE id='$round_id'");
+		$stmt->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		message_push(happy(i18n("Round successfully saved")));
 		$action = '';
 	}
@@ -98,14 +100,20 @@
  }
 
  if($action == 'deleteround') {
- 	mysql_query("DELETE FROM judges_timeslots WHERE id='$round_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$round_id'");
+	$stmt->execute();
 	/* Also delete all timeslots */
- 	mysql_query("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
+	$stmt->execute();
 	message_push(happy(i18n("Round successfully removed")));
 	$action = '';
  }
  if($action == 'deletetimeslot') {
- 	mysql_query("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
+	$stmt->execute();
 	message_push(happy(i18n("Timeslot successfully removed")));
 	$action = '';
  } 
@@ -113,8 +121,9 @@
  if($action == 'savetimeslot') {
 	$save = true;
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+	$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	$date = $round_data['date'];
 
@@ -135,15 +144,17 @@
 	if($save == true) {
 		if($timeslot_id == 0) {
 			/* New entry */
-			mysql_query("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
 								'$date','timeslot','{$config['FAIRYEAR']}')");
-			$timeslot_id = mysql_insert_id();
+			$stmt->execute();
+			$timeslot_id = $pdo->lastInsertId();
 		}
 
-		mysql_query("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
 								WHERE id='$timeslot_id'");
+		$stmt->execute();
 
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		message_push(happy(i18n("Timeslot successfully saved")));
 		$action = '';
 	}
@@ -158,8 +169,9 @@
 
 	if(array_key_exists('starttime_hour', $_POST) && array_key_exists('starttime_minute',$_POST) && $addnum && $duration) {
 	    	
-		$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-		$round_data = mysql_fetch_assoc($q);
+		$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+		$q->execute();
+		$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 		$date = $round_data['date'];
 
@@ -169,20 +181,22 @@
 		$tt=$duration+$break;
 
 		for($x=0;$x<$addnum;$x++) {
-			$q=mysql_query("SELECT 	DATE_ADD('$date $hr:$min:00', INTERVAL $duration MINUTE) AS endtime, 
+			$q=$pdo->prepare("SELECT 	DATE_ADD('$date $hr:$min:00', INTERVAL $duration MINUTE) AS endtime, 
 						DATE_ADD('$date $hr:$min:00', INTERVAL $tt MINUTE) AS startnext ");
-			echo mysql_error();
-			$r=mysql_fetch_object($q);
+			$q->execute();
+			echo $pdo->errorInfo();
+			$r=$q->fetch(PDO::FETCH_OBJ);
 			list($ed,$et)=split(" ",$r->endtime);
 			list($nd,$nt)=split(" ",$r->startnext);
 
 			$starttime = sprintf("%02d:%02d:00", $hr, $min);
 
-			mysql_query("INSERT INTO judges_timeslots (date,type,round_id,starttime,endtime,year) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (date,type,round_id,starttime,endtime,year) VALUES (
 					'$date','timeslot','{$round_data['id']}',
 					'$starttime', '$et',
 					'{$config['FAIRYEAR']}')");
-			echo mysql_error();
+			$stmt->execute();
+			echo $pdo->errorInfo();
 			$date=$nd;
 			list($s_h,$s_m,$s_s)=split(":",$nt);
 			list($e_h,$e_m,$e_s)=split(":",$et);
@@ -224,12 +238,13 @@
 		$r['date'] = $config['dates']['fairdate'];
 	} else {
 		echo "<h3>Edit Judging Round</h3>";
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-		if(mysql_num_rows($q) != 1) {
+		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+		$q->execute();
+		if($q->rowCount() != 1) {
 		    	echo "UNKNOWN ROUND $round_id";
 			exit;
 		}
-		$r = mysql_fetch_assoc($q);
+		$r = $q->fetch(PDO::FETCH_ASSOC);
 	}
 
 	echo "<table>";
@@ -269,8 +284,9 @@
 	echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
 	echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+		$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	if($action == 'addtimeslot') {
 		echo "<h3>Add New Judging Timeslot</h3>";
@@ -278,12 +294,13 @@
 		$r['date'] = $round_data['date'];
 	} else {
 		echo "<h3>Edit Judging Timeslot</h3>";
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
-		if(mysql_num_rows($q) != 1) {
+		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
+		$q->execute();
+		if($q->rowCount() != 1) {
 		    	echo "UNKNOWN ROUND $round_id";
 			exit;
 		}
-		$r = mysql_fetch_assoc($q);
+		$r = $q->fetch(PDO::FETCH_ASSOC);
 	}
 
 	echo "<table>";
@@ -313,8 +330,9 @@
 	echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
 	echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE id='$round_id'");
-	$round_data = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
+	$q->execute();
+	$round_data = $q->fetch(PDO::FETCH_ASSOC);
 
 	echo "<table border=\"0\">";
 	echo "<tr><td>".i18n('Round Type').":</td><td>{$round_str[$round_data['type']]}</td></tr>";
@@ -353,11 +371,14 @@
 	echo "<th>".i18n("Actions")."</th>";
 	echo "</tr>";
 
-	$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
-	while($r=mysql_fetch_object($q)) {
+	
+	$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		echo "<tr>";
-		$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
-		$c = mysql_num_rows($qq) +1;
+		$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
+		$qq->execute();
+		$c = $qq->rowCount() +1;
 
 		echo "<td rowspan=\"$c\"><b>".format_date($r->date)."</b></td>";
 		echo "<td align=\"center\"><b>".format_time($r->starttime)."</b><br/>";
@@ -376,7 +397,7 @@
 
 		echo "</tr>";
 
-		while($rr = mysql_fetch_object($qq)) {
+		while($rr = $qq->fetch(PDO::FETCH_OBJ)) {
 			echo "<tr>";
 //			echo "<td></td>";
 			echo "<td align=\"right\">".format_time($rr->starttime)."</td>";
diff --git a/admin/judging_score_edit.php b/admin/judging_score_edit.php
index e12ff46..bc061c3 100644
--- a/admin/judging_score_edit.php
+++ b/admin/judging_score_edit.php
@@ -45,16 +45,17 @@
                          if($score == 0) {
                                  $score = "NULL";
                          } else {
-                                 $score = mysql_real_escape_string($score);
+                                 $score = $score;
                          }
 						 if($score >100.00) {
 							$score_error = "*** ERROR **** You entered a value greater than 100.00";							
 						 }
-		 mysql_query("UPDATE judges_teams_timeslots_projects_link 
+		 $stmt = $pdo->prepare("UPDATE judges_teams_timeslots_projects_link 
 				 					SET score=" . $score . 
-			          " WHERE judges_teams_id = " . mysql_real_escape_string($_POST["team_" . $curr_team . "_id"]) . 
+			          " WHERE judges_teams_id = " . $_POST["team_" . $curr_team . "_id"] . 
 			          " and projects_id =$project_id and year=$year");
-		 echo mysql_error();
+		$stmt->execute();
+		 echo $pdo->errorInfo();
 		 }
 		 $curr_team--;
 	 }
@@ -63,32 +64,36 @@
   ?>
 <?
 if($project_id) {
-$q=mysql_query("SELECT * FROM projects WHERE projects.id = '".$project_id."'");
-$r=mysql_fetch_object($q);
+$q=$pdo->prepare("SELECT * FROM projects WHERE projects.id = '".$project_id."'");
+$q->execute();
+$r=$q->fetch(PDO::FETCH_OBJ);
 $project_number = $r->projectnumber;
 $project_title = $r->title;
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q->execute();
 
 
-	$q=mysql_query("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
+	$q=$pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
 												 score, 
 												 judges_teams.num
 			            FROM judges_teams_timeslots_projects_link, 
 									     judges_teams
 			            WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id 
-									     AND projects_id = ".mysql_real_escape_string($project_id)." ORDER BY judges_teams_id"
+									     AND projects_id = ".$project_id." ORDER BY judges_teams_id"
 								);
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
     echo "Project# ".$project_number."  ".$project_title."<br />";
 	if ($score_error != "") {
 	echo $score_error."<br />";	
 	}
 	echo "<form action=\"judging_score_edit.php\" method=\"post\">";
-	echo "<input type=\"hidden\" name=\"score_count\" value=\"" . mysql_num_rows($q) . "\"/>";
+	echo "<input type=\"hidden\" name=\"score_count\" value=\"" . $q->rowCount() . "\"/>";
 	echo "<input type=\"hidden\" name=\"projectid\" value=\"$project_id\"/>";
 	echo "<table class=\"tableview\">";
 	echo "<tr>";
@@ -99,7 +104,7 @@ $q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
 	echo "</tr>";
 
 	$i = 1;
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$team=getJudgingTeam($r->judges_teams_id);
 		$teamNames=array_map("teamMemberToName", $team['members']);
 		echo "<tr>\n";
diff --git a/admin/judging_score_entry.php b/admin/judging_score_entry.php
index 7ddc8e8..d31d7cd 100644
--- a/admin/judging_score_entry.php
+++ b/admin/judging_score_entry.php
@@ -42,17 +42,19 @@
  }
  ?>
 <?
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.projectnumber";
 
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id as projectid,
 				projects.title,
@@ -76,7 +78,8 @@ $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.
 			ORDER BY
 				$ORDERBY
 			");
-		echo mysql_error();
+	$q->execute();
+		echo $pdo->errorInfo();
 	
 	if($_GET['csv'] != 'yes') {
 		echo "<a href='judging_score_entry.php?csv=yes'>" . i18n("Generate CSV Report") . "</a>\n";
@@ -94,20 +97,21 @@ $ORDERBY="projects.projectcategories_id, projects.projectdivisions_id, projects.
 		echo "Project #\tTitle\tCategory\tDivision\tScore\tNormalized Scores\tJudge Name\tJudges Score\n";
 	}
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($_GET['csv'] == 'yes') {
 			echo "$r->projectnumber \t $r->title \t" . $cats[$r->projectcategories_id] . "\t" . $divs[$r->projectdivisions_id] . " \t $r->score \t $r->norm_score ";
-			$p=mysql_query("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
+			$p=$pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id, 
 								    				 score, 
 												     judges_teams.num
 			                FROM judges_teams_timeslots_projects_link, 
 									         judges_teams
 			                WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id 
-									          AND projects_id = ".mysql_real_escape_string($r->projectid)." ORDER BY judges_teams_id"
+									          AND projects_id = ".$r->projectid." ORDER BY judges_teams_id"
 								);
-	echo mysql_error();
-			while($s=mysql_fetch_object($p)) {
+			$p->execute();
+	echo $pdo->errorInfo();
+			while($s=$p->fetch(PDO::FETCH_OBJ)) {
                                 $team=getJudgingTeam($s->judges_teams_id);
                                 $teamNames=array_map("teamMemberToName", $team['members']);
 				echo "\t " . implode(", ", $teamNames) . " \t $s->score";
diff --git a/admin/registration_list.php b/admin/registration_list.php
index 4ed46dd..dedd4bc 100644
--- a/admin/registration_list.php
+++ b/admin/registration_list.php
@@ -53,24 +53,40 @@ switch($action) {
 case 'load_row':
 	$id = intval($_GET['id']);
 	$q = list_query($year, '', $id);
-	$r = mysql_fetch_object($q);
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	print_row($r);
 	exit;
 
 case 'delete':
 	$regid = intval($_GET['id']);
-	$q = mysql_query("SELECT * FROM projects WHERE registrations_id='$regid'");
-	if(mysql_num_rows($q)) {
-		$p = mysql_fetch_assoc($q);
-		mysql_query("DELETE FROM winners WHERE projects_id='{$p['id']}'");
+	$q = $pdo->prepare("SELECT * FROM projects WHERE registrations_id='$regid'");
+	$q->execute();
+	if($q->rowCount()) {
+		$p = $q->fetch(PDO::FETCH_ASSOC);
+		$stmt = $pdo->prepare("DELETE FROM winners WHERE projects_id='{$p['id']}'");
+		$stmt->execute();
 	}
- 	mysql_query("DELETE FROM registrations WHERE id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM projects WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM safety WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM questions_answers WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM mentors WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+ 	
+	$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM questions_answers WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
 	happy_("Registration and all related data successfully deleted");
 	exit;
 }
@@ -373,7 +389,7 @@ echo  "<th>".i18n("Flagged")."</th>";
 echo  "<th>".i18n("Action")."</th>";
 echo "</tr></thead>";
 
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<tr id=\"row_{$r->reg_id}\">";
 	print_row($r);
 	echo "</tr>";
@@ -454,7 +470,7 @@ function print_row($r)
 	echo "<td $scl>".i18n($cats[$r->projectcategories_id])."</td>";
 	echo "<td $scl>".i18n($divs[$r->projectdivisions_id])."</td>";
 
-	$sq=mysql_query("SELECT students.firstname,
+	$sq=$pdo->prepare("SELECT students.firstname,
 				students.lastname,
 				students.id,
 				schools.school,
@@ -467,12 +483,13 @@ function print_row($r)
 				AND
 				students.schools_id=schools.id
 			");
-			echo mysql_error();
+	$sq->execute();
+			echo $pdo->errorInfo();
 
 	$studnum=1;
 	$schools="";
 	$students="";
-	while($studentinfo=mysql_fetch_object($sq))
+	while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 	{
 		$students.="$studentinfo->firstname $studentinfo->lastname<br />";
 		$schools.="$studentinfo->school <br />";
diff --git a/admin/registration_receivedforms.php b/admin/registration_receivedforms.php
index bfc28bc..1909d8c 100644
--- a/admin/registration_receivedforms.php
+++ b/admin/registration_receivedforms.php
@@ -42,10 +42,11 @@
 $showformatbottom=true;
  if($_POST['action']=="received" && $_POST['registration_number'])
  {
- 	$q=mysql_query("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)==1)
+ 	$q=$pdo->prepare("SELECT * FROM registrations WHERE num='".$_POST['registration_number']."' AND year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()==1)
 	{
-		$r=mysql_fetch_object($q);
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$reg_id=$r->id;
 		$reg_num=$r->num;
 		$reg_status=$r->status;
@@ -76,7 +77,7 @@ $showformatbottom=true;
 				$statusnamecheck == "complete"
 			) {
 				
-				$q=mysql_query("SELECT projects.title,
+				$q=$pdo->prepare("SELECT projects.title,
 							projectcategories.category,
 							projectdivisions.division
 						FROM
@@ -92,9 +93,10 @@ $showformatbottom=true;
 							AND
 							projectdivisions.year=projects.year
 						");
+				$q->execute();
 
-echo mysql_Error();
-				$projectinfo=mysql_fetch_object($q);
+echo $pdo->errorInfo();
+				$projectinfo=$q->fetch(PDO::FETCH_OBJ);
 				echo "<table class=\"summarytable\">";
  				echo "<tr><th colspan=\"2\">".i18n("Registration Summary for %1",array($reg_num))."</th></tr>";
 				switch($reg_status)
@@ -109,7 +111,7 @@ echo mysql_Error();
 				echo "<tr><td><b>".i18n("Project Title")."</b></td><td>$projectinfo->title</td></tr>";
 				echo "<tr><td><b>".i18n("Category / Division")."</b></td><td>$projectinfo->category / $projectinfo->division</td></tr>";
 
-				$q=mysql_query("SELECT students.firstname,
+				$q=$pdo->prepare("SELECT students.firstname,
 							students.lastname,
 							schools.school
 						FROM
@@ -119,9 +121,10 @@ echo mysql_Error();
 							AND
 							students.schools_id=schools.id
 						");
+				$q->execute();
 
 				$studnum=1;
-				while($studentinfo=mysql_fetch_object($q))
+				while($studentinfo=$q->fetch(PDO::FETCH_OBJ))
 				{
 					echo "<tr><td><b>".i18n("School %1",array($studnum))."</b></td><td>$studentinfo->school </td></tr>";
 
@@ -209,22 +212,24 @@ echo mysql_Error();
  else if(($_POST['action']=="receivedyes" || $_POST['action']=="receivedyesnocash") && $_POST['registration_number']) {
  	
 	$regnum = intval($_POST['registration_number']);
- 	$checkNumQuery=mysql_query("SELECT projectnumber
+ 	$checkNumQuery=$pdo->prepare("SELECT projectnumber
 					FROM projects, registrations 
 					WHERE projects.registrations_id = registrations.id 
 						AND num='$regnum'
 						AND registrations.year='{$config['FAIRYEAR']}'");
-	$checkNumResults=mysql_fetch_object($checkNumQuery);
+	$checkNumQuery->execute();
+	$checkNumResults=$checkNumQuery->fetch(PDO::FETCH_OBJ);
  	$projectnum=$checkNumResults->projectnumber;
 
-	$q=mysql_query("SELECT id FROM registrations WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT id FROM registrations WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	$reg_id = $r->id;
 
  	if($projectnum == null)
  	{
 	 	list($projectnumber,$ps,$pns,$pss) = generateProjectNumber($reg_id);
-		mysql_query("UPDATE projects SET projectnumber='$projectnumber',
+		$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber',
 				projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
 				WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
 		echo happy(i18n("Assigned Project Number: %1",array($projectnumber)));
@@ -238,8 +243,8 @@ echo mysql_Error();
  	if($_POST['action']=="receivedyes")
  	{
  		//actually set it to 'complete'
-		mysql_query("UPDATE registrations SET status='complete' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-
+		$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 		foreach($recipients AS $recip) {
 			$to=$recip['to'];
 			$subsub=array();
@@ -260,8 +265,8 @@ echo mysql_Error();
  	else if($_POST['action']=="receivedyesnocash")
  	{
  		//actually set it to 'paymentpending'
-		mysql_query("UPDATE registrations SET status='paymentpending' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
-
+		$stmt = $pdo->prepare("UPDATE registrations SET status='paymentpending' WHERE num='$regnum' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 		foreach($recipients AS $recip) {
 			$to=$recip['to'];
 			$subsub=array();
@@ -287,10 +292,13 @@ echo mysql_Error();
  }
  else if($_GET['action']=="unregister" && $_GET['registration_number']) {
  	$reg_num=intval(trim($_GET['registration_number']));
- 	$q=mysql_query("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
-	$r=mysql_fetch_object($q);
- 	mysql_query("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id='$r->proj_id' AND year='{$config['FAIRYEAR']}'");
- 	mysql_query("UPDATE registrations SET status='open' WHERE id='$r->reg_id' AND year='{$config['FAIRYEAR']}'");
+ 	$q=$pdo-prepare("SELECT registrations.id AS reg_id, projects.id AS proj_id FROM projects,registrations WHERE projects.registrations_id=registrations.id AND registrations.year='{$config['FAIRYEAR']}' AND registrations.num='$reg_num'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
+ 	$stmt=$pdo->prepare("UPDATE projects SET projectnumber=null, projectsort=null, projectnumber_seq=0, projectsort_seq=0 WHERE id='$r->proj_id' AND year='{$config['FAIRYEAR']}'");
+ 	$stmt->execute();
+	$stmt=$pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->reg_id' AND year='{$config['FAIRYEAR']}'");
+	$stmt->execute();
 	echo happy(i18n("Successfully unregistered project"));
  }
 
@@ -331,19 +339,20 @@ echo mysql_Error();
 if ($_POST['action'] == 'recieve_all')
 {	
 	// Grab all projects that don't have project numbers. Status should therefor be open or new but not complete 
-	$query_noprojectnumber = mysql_query("SELECT * FROM projects WHERE projectnumber IS NULL AND year =".$config['FAIRYEAR']."");
+	$query_noprojectnumber = $pdo->prepare("SELECT * FROM projects WHERE projectnumber IS NULL AND year =".$config['FAIRYEAR']."");
 	// Define arrays to append to later
+	$query_noprojectnumber.execute();
 	$completed_students = array();
 	$incomplete_students = array();
 	$newstatus_students = array();
 
 	// loop through each project that doesn't have a project number
-	while($studentproject=mysql_fetch_assoc($query_noprojectnumber))
+	while($studentproject=$query_noprojectnumber->fetch(PDO::FETCH_ASSOC))
 	{	
 		// Grab registration information about the current project
-	 	$q=mysql_query("SELECT * FROM registrations WHERE id='".$studentproject['registrations_id']."' AND year='".$config['FAIRYEAR']."'");
-		
-		$r=mysql_fetch_object($q);
+	 	$q=$pdo->prepare("SELECT * FROM registrations WHERE id='".$studentproject['registrations_id']."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		$reg_id=$r->id;
 		$reg_num=$r->num;
 		$reg_status=$r->status;
@@ -375,17 +384,18 @@ if ($_POST['action'] == 'recieve_all')
 				 	
 				 	// Generate project number and update it in data base
 				 	list($projectnumber,$ps,$pns,$pss) = generateProjectNumber($reg_id);
-					mysql_query("UPDATE projects SET projectnumber='$projectnumber',
+					$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber',
 							projectsort='$ps',projectnumber_seq='$pns',projectsort_seq='$pss'
 							WHERE registrations_id='$reg_id' AND year='{$config['FAIRYEAR']}'");
+					$stmt->execute();
 
 				//email stuff
 					//get all students with this registration number
 					//$recipients=getEmailRecipientsForRegistration($reg_id);
 
 			 		//Set status to 'complete'
-					mysql_query("UPDATE registrations SET status='complete' WHERE num='$reg_num' AND year='{$config['FAIRYEAR']}'");
-
+					$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE num='$reg_num' AND year='{$config['FAIRYEAR']}'");
+					$stmt->execute();
 					/*foreach($recipients AS $recip) {
 						$to=$recip['to'];
 						$subsub=array();