From df608069051d0faaf7cb01f27d1b741ce71f24bc Mon Sep 17 00:00:00 2001
From: Muad Sakah <muadsakah@yahoo.com>
Date: Sun, 2 Feb 2025 07:07:06 +0000
Subject: [PATCH] contact page database is done

---
 contact.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/contact.php b/contact.php
index 2bf9bc3f..56231fb7 100644
--- a/contact.php
+++ b/contact.php
@@ -39,9 +39,8 @@ if (get_value_from_array($_POST, 'action') == 'send') {
 		if (isEmailAddress(get_value_from_array($_POST, 'fromemail'))) {
 			list($id, $md5email) = explode(':', $_POST['to']);
 
-			$q = $pdo->prepare('SELECT * FROM users WHERE uid=.?. ORDER BY year DESC LIMIT 1');
-			$q->bindParam(1, $id);
-			$q->execute();
+			$q = $pdo->prepare('SELECT * FROM users WHERE uid=? ORDER BY year DESC LIMIT 1');
+			$q->execute([$id]);
 			// if a valid selection is made from the list, then this will always match.
 			if ($md5email == md5($r->email)) {
 				$from = cleanify($_POST['from']) . ' <' . cleanify($_POST['fromemail']) . '>';
@@ -99,11 +98,11 @@ while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
 								users.deleted
 							FROM committees_link 
 							LEFT JOIN users ON users.uid = committees_link.users_uid 
-							WHERE committees_id=' . $r['id'] . '
+							WHERE committees_id=?
 							GROUP BY users.uid
 							ORDER BY ord,users.lastname');
 
-	$q2->execute();
+	$q2->execute([$r['id']]);
 
 	// if there's nobody in this committee, then just skip it and go on to the next one.