Converted sql to pdo

2024-11-27 10:47:41 -05:00 · 2024-11-27 10:47:41 -05:00 · d6df555fc4
commit d6df555fc4
parent 6af995ce3c
12 changed files with 57 additions and 37 deletions
--- a/admin/cms.php
+++ b/admin/cms.php
@ -177,14 +177,15 @@
 	 echo "<a href=\"cms.php?action=create\">".i18n("or click here to create a new file")."</a><br />\n";

 	 echo "<table class=\"summarytable\">";
-
-	 $q=mysql_query("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename");
+	$q = $pdo->prepare("SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename");
+	
 	 echo "<tr><th>".i18n("Filename")."</th><th>".i18n("Last Update")."</th></tr>";
-	 while($r=mysql_fetch_object($q))
+	 while($r=$q->fetch(PDO::FETCH_ASSOC))
 	 {
 		echo "<tr><td><a href=\"cms.php?filename=".rawurlencode($r->filename)."\">/web/$r->filename</a></td>";
-		$q2=mysql_query("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1");
-		$r2=mysql_fetch_object($q2);
+		$q2 = $pdo->prepare("SELECT dt FROM cms WHERE filename='".mysql_escape_string($r->filename)."' ORDER BY dt DESC LIMIT 1");
+	
+		$r2=$q2->fetch(PDO::FETCH_OBJ);
 		if($r2->dt=="0000-00-00 00:00:00") $dt="Never";
 		else $dt=$r2->dt;
 		echo "<td>$dt</td>";
--- a/admin/committees.php
+++ b/admin/committees.php
@ -247,10 +247,13 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	echo "</select>";

 	echo "</td><td>";
-	$q=mysql_query("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname");
+	$q = $pdo->prepare("SELECT uid,MAX(year),firstname,lastname,email,deleted FROM users WHERE types LIKE '%committee%' GROUP BY uid ORDER BY firstname");
+	$q->execute();
+	
+	
 	echo "<select name=\"users_uid\">";
 	echo "<option value=\"\">".i18n("Select a Member")."</option>\n";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		if($r->deleted != 'no') continue;
 		$displayname = $r->firstname.' '.$r->lastname;
@ -265,7 +268,8 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
 	//The Assign Div
 	echo "<div id=\"assigndiv\">";
 	echo i18n("To Committee").": ";
-	$q=mysql_query("SELECT * FROM committees ORDER BY ord,name");
+	$q = $pdo->prepare("SELECT * FROM committees ORDER BY ord,name");
+	$q->execute();
 	echo "<select name=\"committees_id\">";
 	echo "<option value=\"\">".i18n("Select a Committee")."</option>\n";
 	while($r=mysql_fetch_object($q))
--- a/admin/communication.php
+++ b/admin/communication.php
@ -609,14 +609,15 @@ case "email_send":

 case "email_get_list":

-	 $q=mysql_query("SELECT * FROM emails ORDER BY type,name");
+	$q = $pdo->prepare("SELECT * FROM emails ORDER BY type,name");
+
 	 echo "<table class=\"tableview\">";
 	 echo "<thead><tr>";
 	 echo " <th>".i18n("Name")."</th>";
 	 echo " <th>".i18n("Type")."</th>";
 	 echo " <th>".i18n("Actions")."</th>";
 	 echo "</tr></thead>";
-	 while($r=mysql_fetch_object($q)) {
+	 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		if($r->fundraising_campaigns_id) $fcid=$r->fundraising_campaigns_id;
 		else $fcid='null';
 		if($r->name) $name=$r->name;
--- a/admin/fair_stats.php
+++ b/admin/fair_stats.php
@ -134,19 +134,21 @@


 echo "<form name=\"fairselect\" action=\"$PHPSELF\" method=\"get\">";
- $q=mysql_query("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'");
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE `type`='sfiab' OR `type`='ysc' AND enable_stats='yes'");
+ $q->execute();
 echo "<select name=\"id\">";
 echo "<option value=\"\">".i18n("Choose a destination")."</option>\n";
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($fairs_id==$r->id) $sel="selected=\"selected\""; else $sel="";
 	echo "<option $sel value=\"{$r->id}\">{$r->name} ({$r->abbrv})</option>\n";
 }
 echo "</select>\n";

- $q=mysql_query("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year");
+ $q = $pdo->prepare("SELECT DISTINCT(year) AS year FROM config WHERE year>0 ORDER BY year");
+ $q->execute();
 echo "<select name=\"year\">";
 echo "<option value=\"\">".i18n("Choose a year")."</option>\n";
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	if($year==$r->year) $sel="selected=\"selected\""; else $sel="";
 	echo "<option $sel value=\"$r->year\">$r->year</option>\n";
 }
--- a/admin/registration_list.php
+++ b/admin/registration_list.php
@ -399,7 +399,7 @@ function list_query($year, $wherestatus, $reg_id)
 		$fair = "AND projects.fairs_id='{$_SESSION['fairs_id']}'";
 	}

-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q = pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				registrations.email,
@ -420,7 +420,10 @@ function list_query($year, $wherestatus, $reg_id)
 			ORDER BY
 				registrations.status DESC, projects.title
 			");
-	echo mysql_error();
+
+	
+
+	echo $pdo->erroInfo();
 	return $q;
 }

--- a/admin/schools.php
+++ b/admin/schools.php
@ -346,8 +346,9 @@
 		echo " <th>".i18n("Action")."</th>";
 		echo "</tr></thead>\n";

-		$q=mysql_query("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
-		while($r=mysql_fetch_object($q))
+		$q = $pdo->prepare("SELECT * FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			echo "<tr>\n";
 			echo " <td>$r->school</td>\n";
--- a/admin/user_list.php
+++ b/admin/user_list.php
@ -298,11 +298,14 @@ function update (id)
 				lastname ASC,
 				firstname ASC,
 				year DESC";
-	$q=mysql_query($querystr);
-	echo mysql_error();
+	
+	$q = $pdo->prepare($querystr);
+	$q->execute();
+	
+	echo $pdo->errorInfo();
 //	echo $querystr;
-	$num=mysql_num_rows($q);
-	echo mysql_error();
+	$num=$q->rowCount();
+	echo $pdo->errorInfo();
 	echo i18n("Listing %1 people total.  See the table at the bottom for the totals by status <br><br><br>",array($num));
 	echo i18n(" <lh>Notes:</lh> <ul><li> Deleting users from this list is a permanent operation and cannot be undone.  Consider editing the user and deactivating or deleting roles in their account instead.
 					      		   <li> Updating a user to the current fair year allows you to then complete the user from this list.
@ -330,7 +333,7 @@ function update (id)
 	$tally['active']['incomplete'] = 0;
 	$tally['inactive']['complete'] = 0;
 	$tally['inactive']['incomplete'] = 0;
-	while($r=mysql_fetch_assoc($q))
+	while($r=$q->fetch(PDO::FETCH_ASSOC))
 	{
 		//JAMES - TEMP - due to the previous error with improperly setting judge status to NOT complete when special awards was turned off
 		//we now need to make sure we re-calculate all the judge statuses somehow, so might as well do it here.
@ -353,10 +356,11 @@ function update (id)

 		$name = "{$r['firstname']} {$r['lastname']}";
 		if(in_array('fair', $types)) {
-			$qq = mysql_query("SELECT * FROM users_fair 
+			$qq = $pdo->prepare("SELECT * FROM users_fair 
 							LEFT JOIN fairs ON fairs.id=users_fair.fairs_id
 						WHERE users_id='{$r['id']}'");
-			$rr = mysql_fetch_assoc($qq);
+			
+			$rr = $qq->fetch(PDO::FETCH_ASSOC);
 			$name = "{$rr['name']}".((trim($name)=='') ? '' : "<br />($name)");
 		} 
 		echo "<a href=\"#\" onclick=\"return openeditor({$r['id']})\">$name</a>";
--- a/admin/winners.php
+++ b/admin/winners.php
@ -34,8 +34,9 @@ $action = $_GET['action'];

 /* Load fairs */
 $fairs = array();
-$q = mysql_query("SELECT * FROM fairs WHERE type='feeder' ORDER BY name");
-while(($f = mysql_fetch_assoc($q))) {
+$q=$pdo->prepare("SELECT * FROM fairs WHERE type='feeder' ORDER BY name");
+$q->execute();
+while(($f = $q->fetch(PDO::FETCH_ASSOC))) {
 	$fairs[$f['id']] = $f;
 }

@ -386,7 +387,7 @@ if($auth_type == 'fair') {
 	$fair_where = "AND fairs_awards_link.upload_winners='yes' 
 			AND fairs_awards_link.fairs_id='{$_SESSION['fairs_id']}'";
 }
-$q=mysql_query("SELECT 
+$q = $pdo->prepare("SELECT 
 			award_awards.id,
 			award_awards.name,
 			award_awards.order AS awards_order,
@ -407,9 +408,9 @@ $q=mysql_query("SELECT
 			$fair_where
 		ORDER BY awards_order");

-echo mysql_error();
+echo $pdo->errorInfo();

-if(mysql_num_rows($q) == 0) {
+if($q->rowCount() == 0) {
 	echo i18n('No awards to display.');
 	send_footer();
 	exit;
--- a/committee_main.php
+++ b/committee_main.php
@ -26,12 +26,12 @@
 require_once("common.inc.php");
 require_once("user.inc.php");
 require_once("user_page.inc.php");
- require_once("chat.inc.php");
+ 

 user_auth_required('committee');

 send_header("Committee Main", array());
- draw_chatbox('general');
+
 //only display the named greeting if we have their name
 echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
 echo "<br />";
--- a/config/index.php
+++ b/config/index.php
@ -25,7 +25,7 @@
 require("../common.inc.php");
 require("signaturepage_or_permissionform.php");
 require_once("../user.inc.php");
- require_once("../chat.inc.php");
+ 
 user_auth_required('committee', 'config');

 send_header("SFIAB Configuration",
@ -34,7 +34,6 @@
 		);


-draw_chatbox('general');

 echo "<table class=\"adminconfigtable\">";
 echo " <tr>";
--- a/data/documents/.htaccess
+++ b/data/documents/.htaccess
@ -0,0 +1,2 @@
+Order Deny,Allow
+Deny From All
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@ -993,6 +993,7 @@ class TableEditor
 	{
 		global $icon_path;
 		global $icon_extension;
+		global $pdo;

 		$query="SELECT SQL_CALC_FOUND_ROWS {$this->primaryKey}";

@ -1030,11 +1031,12 @@ class TableEditor
 		}
 		if($this->DEBUG) echo $query;

-//		print("query[$query]");
-		$q=mysql_query($query);
+		print("query[$query]");
+		$q = $pdo->prepare($query);
+		$q->execute();
 		if($q == false) {
 			echo "Sorry, MYSQL query failed: <pre>$query</pre><br />";
-			echo "Error: ".mysql_error(); 
+			echo "Error: ".$pdo->errorInfo(); 
 			exit;
 		}