arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

use prepare statements for final 3 files where possible

Browse Source
This commit is contained in:
Muad Sakah 2025-02-07 20:17:05 +00:00
parent c47beecc39
commit e4edb741c1
4 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
questions.inc.php
View File

@ -265,14 +265,7 @@ function questions_editor($section, $year, $array_name, $self)
while ($r = $q->fetch(PDO::FETCH_OBJ)) { while ($r = $q->fetch(PDO::FETCH_OBJ)) {
$x++; $x++;
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) $stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
VALUES ( VALUES (?,?,?,?,?,?,?)");
'',?,
'" ?,
'" ?,
'" ?,
'" ?,
'" ?,
'" ?))";
$stmt->execute([$year,$r->section,$r->question,$r->type,$r->required,$r->ord]); $stmt->execute([$year,$r->section,$r->question,$r->type,$r->required,$r->ord]);
} }

8
remote.php
View File

@ -63,8 +63,8 @@ function handle_stats(&$u, $fair, &$data, &$response)
AND year=?"); AND year=?");
$stmt->execute([$u['fairs_id'],$stats['year']]); $stmt->execute([$u['fairs_id'],$stats['year']]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,?) VALUES ('',?)"); $stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',?)");
$stmt->execute([$keys,$vals]); $stmt->execute([$vals]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
$response['message'] = 'Stats saved'; $response['message'] = 'Stats saved';
@ -91,8 +91,8 @@ function handle_getawards(&$u, $fair, &$data, &$response)
/* Load the awards this fair is allowed to download */ /* Load the awards this fair is allowed to download */
$where = "(id='" . join("' OR id='", $ids) . "')"; $where = "(id='" . join("' OR id='", $ids) . "')";
$q = $pdo->prepare("SELECT * FROM award_awards WHERE ? AND year=?"); $q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year=?");
$q->execute([$where, $year]); $q->execute([$year]);
while ($a = $q->fetch(PDO::FETCH_ASSOC)) { while ($a = $q->fetch(PDO::FETCH_ASSOC)) {
$award = array(); $award = array();

8
user.inc.php
View File

@ -365,9 +365,9 @@ function user_set_password($id, $password = NULL)
$set .= "password='" . password_hash($p, PASSWORD_BCRYPT) . "', passwordset=$save_set "; $set .= "password='" . password_hash($p, PASSWORD_BCRYPT) . "', passwordset=$save_set ";
////FIXME This one may be tricky ////FIXME This one may be tricky
$query = "UPDATE users SET ? WHERE id=?"; $query = "UPDATE users SET $set WHERE id=?";
$stmt = $pdo->prepare($query); $stmt = $pdo->prepare($query);
$stmt->execute([$set,$id]); $stmt->execute([$id]);
show_pdo_errors_if_any($pdo); show_pdo_errors_if_any($pdo);
return $password; return $password;
@ -695,8 +695,8 @@ function user_dupe_row($table, $key, $val, $newval)
{ {
global $config, $pdo; global $config, $pdo;
$nullfields = array('id','sex','deleteddatetime'); /* Fields that can be null */ $nullfields = array('id','sex','deleteddatetime'); /* Fields that can be null */
$q = $pdo->prepare("SELECT * FROM ? WHERE ?"); $q = $pdo->prepare("SELECT * FROM $table WHERE $key='$val'");
$q->execute([$table, $key='$val']); $q->execute();
if ($q->rowCount() != 1) { if ($q->rowCount() != 1) {
echo "ERROR duplicating row in $table: $key=$val NOT FOUND.\n"; echo "ERROR duplicating row in $table: $key=$val NOT FOUND.\n";
exit; exit;

4
volunteer_position.php
View File

@ -109,9 +109,7 @@ echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n"; echo "<table>\n";
/* Read current selections */ /* Read current selections */
$q = "SELECT * FROM volunteer_positions_signup WHERE $q = "SELECT * FROM volunteer_positions_signup WHERE users_id =? AND year=?";
\t\tusers_id =?
\t\tAND year=?";
$r = $pdo->prepare($q); $r = $pdo->prepare($q);
$r->execute([$u['id'],$config['FAIRYEAR']]); $r->execute([$u['id'],$config['FAIRYEAR']]);
$checked_positions = array(); $checked_positions = array();