forked from science-ation/science-ation
use prepare statements for final 3 files where possible
This commit is contained in:
Muad Sakah
parent
c47beecc39
commit
e4edb741c1
@ -265,14 +265,7 @@ function questions_editor($section, $year, $array_name, $self)
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$x++;
|
||||
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
|
||||
VALUES (
|
||||
'',?,
|
||||
'" ?,
|
||||
'" ?,
|
||||
'" ?,
|
||||
'" ?,
|
||||
'" ?,
|
||||
'" ?))";
|
||||
VALUES (?,?,?,?,?,?,?)");
|
||||
$stmt->execute([$year,$r->section,$r->question,$r->type,$r->required,$r->ord]);
|
||||
}
|
||||
|
||||
|
||||
@ -63,8 +63,8 @@ function handle_stats(&$u, $fair, &$data, &$response)
|
||||
AND year=?");
|
||||
$stmt->execute([$u['fairs_id'],$stats['year']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,?) VALUES ('',?)");
|
||||
$stmt->execute([$keys,$vals]);
|
||||
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',?)");
|
||||
$stmt->execute([$vals]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$response['message'] = 'Stats saved';
|
||||
@ -91,8 +91,8 @@ function handle_getawards(&$u, $fair, &$data, &$response)
|
||||
|
||||
/* Load the awards this fair is allowed to download */
|
||||
$where = "(id='" . join("' OR id='", $ids) . "')";
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE ? AND year=?");
|
||||
$q->execute([$where, $year]);
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year=?");
|
||||
$q->execute([$year]);
|
||||
|
||||
while ($a = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$award = array();
|
||||
|
||||
@ -365,9 +365,9 @@ function user_set_password($id, $password = NULL)
|
||||
$set .= "password='" . password_hash($p, PASSWORD_BCRYPT) . "', passwordset=$save_set ";
|
||||
|
||||
////FIXME This one may be tricky
|
||||
$query = "UPDATE users SET ? WHERE id=?";
|
||||
$query = "UPDATE users SET $set WHERE id=?";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute([$set,$id]);
|
||||
$stmt->execute([$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
return $password;
|
||||
@ -695,8 +695,8 @@ function user_dupe_row($table, $key, $val, $newval)
|
||||
{
|
||||
global $config, $pdo;
|
||||
$nullfields = array('id','sex','deleteddatetime'); /* Fields that can be null */
|
||||
$q = $pdo->prepare("SELECT * FROM ? WHERE ?");
|
||||
$q->execute([$table, $key='$val']);
|
||||
$q = $pdo->prepare("SELECT * FROM $table WHERE $key='$val'");
|
||||
$q->execute();
|
||||
if ($q->rowCount() != 1) {
|
||||
echo "ERROR duplicating row in $table: $key=$val NOT FOUND.\n";
|
||||
exit;
|
||||
|
||||
@ -109,9 +109,7 @@ echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
|
||||
echo "<table>\n";
|
||||
|
||||
/* Read current selections */
|
||||
$q = "SELECT * FROM volunteer_positions_signup WHERE
|
||||
\t\tusers_id =?
|
||||
\t\tAND year=?";
|
||||
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id =? AND year=?";
|
||||
$r = $pdo->prepare($q);
|
||||
$r->execute([$u['id'],$config['FAIRYEAR']]);
|
||||
$checked_positions = array();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user