diff --git a/admin/export_checkin.php b/admin/export_checkin.php
index 456b1d2f..ac549a6d 100644
--- a/admin/export_checkin.php
+++ b/admin/export_checkin.php
@@ -27,8 +27,9 @@
  user_auth_required('committee', 'admin');
  require("../lpdf.php");
 
-$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
-if($catr=mysql_fetch_object($catq))
+$catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' AND id='".$_GET['cat']."'");
+$catq->execute();
+if($catr=$catq->fetch(PDO::FETCH_OBJ))
 {
 
  	$pdf=new lpdf(	i18n($config['fairname']),
@@ -38,7 +39,7 @@ if($catr=mysql_fetch_object($catq))
 
 	$pdf->newPage();
 	$pdf->setFontSize(11);
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				projects.title,
@@ -54,7 +55,8 @@ if($catr=mysql_fetch_object($catq))
 			ORDER BY
 				projects.title
 			");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 
 	$table=array();
 
@@ -72,22 +74,24 @@ if($catr=mysql_fetch_object($catq))
 		$table['dataalign']=array("left","left","left","center");
 
 	}
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
-		$divq=mysql_query("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
-		$divr=mysql_fetch_object($divq);
+		$divq=$pdo->prepare("SELECT division,division_shortform FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' AND id='".$r->projectdivisions_id."'");
+		$divq->execute();
+		$divr=$divq->fetch(PDO::FETCH_OBJ);
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$r->reg_id'
 				");
+		$sq->execute();
 
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";
diff --git a/admin/fair_stats.php b/admin/fair_stats.php
index de5c0da4..6fee0fc2 100644
--- a/admin/fair_stats.php
+++ b/admin/fair_stats.php
@@ -31,8 +31,9 @@
 
  /* Hack so we can jump right to YSC stats */
  if($_GET['abbrv'] == 'YSC') {
- 	$q = mysql_query("SELECT id FROM fairs WHERE abbrv='YSC'");
-	$r = mysql_fetch_assoc($q);
+ 	$q = $pdo->prepare("SELECT id FROM fairs WHERE abbrv='YSC'");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$_GET['id'] = $r['id'];
  }
 
@@ -92,8 +93,9 @@
  else $fairs_id = -1;
 
  if($fairs_id != -1) {
- 	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair = mysql_fetch_assoc($q);
+ 	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
  }
 
  $action = $_POST['action'];
@@ -215,24 +217,26 @@
  /* And now, overwrite all the stuff we pulled down with stats we can compute */
 
  //number of schools
- $q=mysql_query("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM schools WHERE year='$year'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  $stats['schools_total']=$r->num;
 
  //number of schools participating
- $q=mysql_query("SELECT DISTINCT(students.schools_id) AS sid, schools.*
+ $q=$pdo->prepare("SELECT DISTINCT(students.schools_id) AS sid, schools.*
  		 	FROM students 
 				LEFT JOIN registrations ON students.registrations_id=registrations.id 
 				LEFT JOIN schools ON students.schools_id=schools.id
 			WHERE students.year='$year' 
 				AND registrations.year='$year' 
 				AND (registrations.status='complete' OR registrations.status='paymentpending')");
- $stats['schools_active']=mysql_num_rows($q);
+	$q->execute();
+ $stats['schools_active']=$q->rowCount();
  $stats['schools_public'] = 0;
  $stats['schools_private'] = 0;
  $stats['schools_atrisk'] = 0;
  $districts = array();
- while($si=mysql_fetch_assoc($q)) {
+ while($si=$q->fetch(PDO::FETCH_ASSOC)) {
 	if($si['designate'] == 'public') 
 		 $stats['schools_public']++;
 	if($si['designate'] == 'independent') 
@@ -245,15 +249,16 @@
  $stats['schools_districts'] = count($districts);
 
  //numbers of students:
- $q=mysql_query("SELECT students.*,schools.* 
+ $q=$pdo->error("SELECT students.*,schools.* 
 	 		FROM students
 				LEFT JOIN registrations ON students.registrations_id=registrations.id 
 				LEFT JOIN schools on students.schools_id=schools.id
 			WHERE students.year='$year' 
 				AND registrations.year='$year' 
 				AND (registrations.status='complete' OR registrations.status='paymentpending')");
- echo mysql_error();
- $stats['students_total'] = mysql_num_rows($q);
+$q->execute();
+ echo $pdo->errorInfo();
+ $stats['students_total'] = $q->rowCount();
  $stats['students_public'] = 0;
  $stats['students_private'] = 0;
  $stats['students_atrisk'] = 0;
@@ -265,7 +270,7 @@
  	$stats["projects_$g"] = 0;
  }
  $unknown = array();
- while($s=mysql_fetch_assoc($q)) {
+ while($s=$q->fetch(PDO::FETCH_ASSOC)) {
  	if(!in_array($s['sex'], array('male','female'))) 
 		$unknown[$grademap[$s['grade']]]++;
 	else 
@@ -287,7 +292,7 @@
  }
 
  //projects
- $q=mysql_query("SELECT MAX(students.grade) AS grade FROM students
+ $q=$pdo->prepare("SELECT MAX(students.grade) AS grade FROM students
 	 		LEFT JOIN registrations ON students.registrations_id=registrations.id 
 			LEFT JOIN projects ON projects.registrations_id=registrations.id 
 		WHERE  students.year='$year' 
@@ -295,28 +300,31 @@
 			AND projects.year='$year' 
 			AND (registrations.status='complete' OR registrations.status='paymentpending') 
 			GROUP BY projects.id");
- echo mysql_error();
- while($r=mysql_fetch_assoc($q)) {
+$q->execute();
+ echo $pdo->errorInfo();
+ while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 	$stats["projects_{$grademap[$r['grade']]}"]++;
  }
 
 
- $q=mysql_query("SELECT COUNT(id) AS num FROM users 
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM users 
  				LEFT JOIN users_committee ON users_committee.users_id=users.id
 	 		WHERE types LIKE '%committee%' 
 				AND year='$year' 
 				AND users_committee.committee_active='yes'
 				AND deleted='no'");
- $r = mysql_fetch_object($q);
+$q->execute();
+ $r = $q->fetch(PDO::FETCH_OBJ);
  $stats['committee_members'] = $r->num;
 
- $q=mysql_query("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM users LEFT JOIN users_judge ON users_judge.users_id=users.id 
  					WHERE users.year='$year' 
 						AND users.types LIKE '%judge%'
 						AND users.deleted='no'
 						AND users_judge.judge_complete='yes' 
 						AND users_judge.judge_active='yes'");
- $r=mysql_fetch_object($q);
+$q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
  $stats['judges'] = $r->num;
 
 
diff --git a/admin/fair_stats_select.php b/admin/fair_stats_select.php
index 3d9050a2..2f6d61ba 100644
--- a/admin/fair_stats_select.php
+++ b/admin/fair_stats_select.php
@@ -52,8 +52,9 @@
 		}
 	}
 	$s = join(',', $_POST['stats']);
-	$q = mysql_query("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
-	echo mysql_error();
+	$q = $pdo->prepare("UPDATE fairs SET gather_stats='$s' WHERE id='$id'");
+	$q->execute();
+	echo $pdo->errorInfo();
 	echo "UPDATE fairs SET gather_stats='$s' WHERE id='$id'";
 	happy_("Saved");
 	exit;
@@ -62,8 +63,9 @@
  /* Load the user we're editting */
  $u = user_load($_SESSION['embed_edit_id']);
  /* Load the fair attached to the user */
- $q = mysql_query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
- $f = mysql_fetch_assoc($q);
+ $q = $pdo->prepare("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
+ $q->execute();
+ $f = $q->fetch(PDO::FETCH_ASSOC);
 
 ?>
 
diff --git a/admin/fix_judges_autocomplete.php b/admin/fix_judges_autocomplete.php
index dec1036e..291aa6e2 100644
--- a/admin/fix_judges_autocomplete.php
+++ b/admin/fix_judges_autocomplete.php
@@ -5,18 +5,22 @@ require_once("../user.inc.php");
 
 user_auth_required('committee', 'admin');
 
-$q = mysql_query("SELECT * FROM judges WHERE passwordexpiry IS NULL");
-while($i = mysql_fetch_object($q)) {
+$q = $pdo->prepare("SELECT * FROM judges WHERE passwordexpiry IS NULL");
+$q->execute();
+while($i = $q->fetch(PDO::FETCH_OBJ)) {
 	echo "Autocompleting Judge {$i->email}<br />";
 	$id = $i->id;
 
 	$p = generatePassword(12);
-	mysql_query("UPDATE judges SET password='$p',complete='yes'");
-	echo mysql_error();
-	mysql_query("DELETE FROM judges_years WHERE judges_id='$id'");
-	echo mysql_error();
-	mysql_query("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
-	echo mysql_error();
+	$stmt = $pdo->prepare("UPDATE judges SET password='$p',complete='yes'");
+	$stmt->execute();
+	echo $pdo->errorInfo();
+	$stmt = $pdo->prepare("DELETE FROM judges_years WHERE judges_id='$id'");
+	$stmt->execute();
+	echo $pdo->errorInfo();
+	$stmt = $pdo->prepare("INSERT INTO judges_years (`judges_id`,`year`) VALUES ('$id','{$config['FAIRYEAR']}')");
+	$stmt->execute();
+	echo $pdo->errorInfo();
 }
 
 ?>
diff --git a/admin/fundraising_campaigns.php b/admin/fundraising_campaigns.php
index 42fd00fb..bc3e9a01 100644
--- a/admin/fundraising_campaigns.php
+++ b/admin/fundraising_campaigns.php
@@ -34,8 +34,9 @@ switch($_GET['action']){
 
    case "modify":
     echo "<div id=\"campaignaccordion\" style=\"width: 780px;\">\n";
-    $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
-    while($r=mysql_fetch_object($q)) {
+    $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY name");
+   $q->execute();
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         echo "<h3><a href=\"#\">".htmlspecialchars($r->name)."</a></h3>\n";
         echo "<div id=\"campaign_{$r->id}\">\n";
         echo "<form id=\"campaigninfo_{$r->id}\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" onsubmit=\"return campaigninfo_save($r->id)\">\n";
@@ -91,15 +92,17 @@ switch($_GET['action']){
  </tr>
  </thead>
 <?
- $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+ $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE fiscalyear='{$config['FISCALYEAR']}'");
+$q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
- while($r=mysql_fetch_object($q)) {
-
-    $goalq=mysql_query("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
-    $goalr=mysql_fetch_object($goalq);
-    $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-    echo mysql_error();
-    $recr=mysql_fetch_object($recq);
+    $goalq=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='{$r->fundraising_goal}' AND fiscalyear='{$config['FISCALYEAR']}'");
+    $goalq->execute();
+    $goalr=$goalq->fetch(PDO::FETCH_OBJ);
+    $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+    $recq->execute();
+    echo $pdo->errorInfo();
+    $recr=$recq->fetch(PDO::FETCH_OBJ);
     $received=$recr->received;
     if($r->target)
         $percent=round($received/$r->target*100,1);
@@ -133,8 +136,9 @@ switch($_GET['action']){
         exit;
     }
     $id=intval($_GET['id']);
-    $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$id'");
-    $campaign=mysql_fetch_object($q);
+    $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$id'");
+    $q->execute();
+    $campaign=$q->fetch(PDO::FETCH_OBJ);
     echo "<h3>$campaign->name</h3>\n";
     ?>
     <div id="campaign_tabs">
@@ -164,14 +168,15 @@ switch($_GET['action']){
 
    case "manage_tab_overview":
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-
-         if($r=mysql_fetch_object($q)) {
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+        $q->execute();
+         if($r=$q->fetch(PDO::FETCH_OBJ)) {
 
 			$goalr=getGoal($r->fundraising_goal);
-            $recq=mysql_query("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
-            echo mysql_error();
-            $recr=mysql_fetch_object($recq);
+            $recq=$pdo->prepare("SELECT SUM(value) AS received FROM fundraising_donations WHERE fundraising_campaigns_id='$r->id' AND fiscalyear='{$config['FISCALYEAR']}' AND status='received'");
+            $recq->execute();
+            echo $pdo->errorInfo();
+            $recr=recq->fetch(PDO::FETCH_OBJ);
             $received=$recr->received;
             if($r->target)
                 $percent=round($received/$r->target*100,1);
@@ -202,8 +207,9 @@ switch($_GET['action']){
 
    case "manage_tab_donations":
          $campaign_id=intval($_GET['id']);
-         $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-         if($campaign=mysql_fetch_object($q)) {
+         $q=$pdo->prepare("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
+        $q->execute();
+         if($campaign=$q->fetch(PDO::FETCH_OBJ)) {
 			echo "<table class=\"tableview\">";
 			echo "<thead>";
 			echo "<tr>";
@@ -215,9 +221,9 @@ switch($_GET['action']){
 			echo "</tr>";
 			echo "</thead>\n";
 
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE fundraising_campaigns_id='$campaign_id'
 			AND status='received' ORDER BY datereceived DESC");
-			while($r=mysql_fetch_object($q)) {
+			while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				$goal=getGoal($r->fundraising_goal);
 				$sq=mysql_query("SELECT * FROM sponsors WHERE id='{$r->sponsors_id}'");
 				$sponsor=mysql_fetch_object($sq);
@@ -251,7 +257,7 @@ switch($_GET['action']){
 				);
          $campaign_id=intval($_GET['id']);
          $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
-		 $campaign=mysql_fetch_object($q);
+		 $campaign=$q->fetch(PDO::FETCH_OBJ);
 		 if($campaign->filterparameters) {
 			echo "<h4>".i18n("User List")."</h4>\n";
 			$params=unserialize($campaign->filterparameters);
@@ -299,7 +305,7 @@ switch($_GET['action']){
 			echo "<form id=\"prospectremoveform\" onsubmit=\"return removeselectedprospects()\">\n";
 			echo "<input type=\"hidden\" name=\"fundraising_campaigns_id\" value=\"$campaign_id\" />\n";
 			 $q=mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaign_id'");
-			 while($r=mysql_fetch_object($q)) {
+			 while($r=$q->fetch(PDO::FETCH_OBJ)) {
 				 $u=user_load_by_uid($r->users_uid);
 				 //hopefully this never returns false, but who knows..
 				 if($u) {
@@ -350,7 +356,7 @@ switch($_GET['action']){
         <tr><td><?=i18n("Donation Level")?>:</td><td>
             <?
             $q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE fiscalyear='{$config['FISCALYEAR']}' ORDER BY min");
-            while($r=mysql_fetch_object($q)) {
+            while($r=$q->fetch(PDO::FETCH_OBJ)) {
                 echo "<label><input onchange=\"return prospect_search()\" disabled=\"disabled\" type=\"checkbox\" name=\"donationlevel[]\" value=\"$r->level\" >".i18n($r->level)." (".format_money($r->min,false)." - ".format_money($r->max,false).")</label><br />\n";
             }
 			echo "(disabled until the logic requirements can be established)";
@@ -400,7 +406,7 @@ switch($_GET['action']){
          $campaign_id=intval($_GET['id']);
          $q=mysql_query("SELECT * FROM fundraising_campaigns WHERE id='$campaign_id' AND fiscalyear='{$config['FISCALYEAR']}'");
 
-         if($r=mysql_fetch_object($q)) {
+         if($r=$q->fetch(PDO::FETCH_OBJ)) {
 
          }
 		 $communications=array("initial"=>"Initial Communication",
@@ -410,7 +416,7 @@ switch($_GET['action']){
 					echo "<h4>".i18n($name)."</h4>\n";
 			//check if they have one in the emails database
 			$q=mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$campaign_id' AND val='$key'");
-			if($email=mysql_fetch_object($q)) {
+			if($email=$q->fetch(PDO::FETCH_OBJ)) {
 				echo "<div style=\"float: right; margin-right: 15px;\">";
 				echo "<a title=\"Edit\" href=\"#\" onclick=\"return opencommunicationeditor(null,$email->id,$campaign_id)\"><img src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\" border=0></a>";
 				echo "&nbsp;&nbsp;";
@@ -460,11 +466,11 @@ switch($_GET['action']){
 			$uidlist=implode(",",$_POST['prospectremovefromlist']);
 			$query="DELETE FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid' AND users_uid IN ($uidlist)";
 			mysql_query($query);
-			echo mysql_error();
+			echo $pdo->errorInfo();
 		}
 		//if theres nobody left in the list we need to reset the filter params as well
 		$q=mysql_query("SELECT COUNT(*) AS num FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$campaignid'");
-		$r=mysql_fetch_object($q);
+		$r=$q->fetch(PDO::FETCH_OBJ);
 		if($r->num==0) {
 			mysql_query("UPDATE fundraising_campaigns SET filterparameters=NULL WHERE id='$campaignid'");
 		}
@@ -485,7 +491,7 @@ switch($_GET['action']){
 		$emails_id=$_POST['id'];
 		//check if its been sent, if so, it cannot be deleted, sorry!
 		$q=mysql_query("SELECT * FROM emails WHERE id='$emails_id'");
-		$e=mysql_fetch_object($q);
+		$e=$q->fetch(PDO::FETCH_OBJ);
 		if($e->lastsent) {
 			error_("Cannot remove an email that has already been sent");
 		}
diff --git a/admin/fundraising_campaigns_prospecting.php b/admin/fundraising_campaigns_prospecting.php
index fabf0270..c8695bd1 100644
--- a/admin/fundraising_campaigns_prospecting.php
+++ b/admin/fundraising_campaigns_prospecting.php
@@ -30,8 +30,10 @@
     $otherlist=array();
 
 if($_POST['donortype']=="organization") {
-    $q=mysql_query("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
-    echo mysql_error();
+    $q=$pdo->prepare("SELECT id, organization AS name, address, address2, city, province_code, postalcode FROM sponsors ORDER BY name");
+   
+	$q->execute();
+	echo $pdo->errorInfo();
 
     if(!$_POST['contacttype'])
         $contacttype=array("primary","secondary");
@@ -39,7 +41,7 @@ if($_POST['donortype']=="organization") {
         $contacttype=$_POST['contacttype'];
 
     $primary="";
-    while($r=mysql_fetch_object($q)) {
+    while($r=$q->fetch(PDO::FETCH_OBJ)) {
         foreach($contacttype AS $ct) {
             switch($ct) {
                 case "primary":
@@ -49,7 +51,7 @@ if($_POST['donortype']=="organization") {
                     $primary="no";
                     break;
             }
-			$cq = mysql_query("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+			$cq = $pdo->prepare("SELECT *,MAX(year) FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 			WHERE 
 			sponsors_id='" . $r->id . "' 
 			AND `primary`='$primary' 
@@ -58,9 +60,10 @@ if($_POST['donortype']=="organization") {
 			HAVING deleted='no' 
 			ORDER BY users_sponsor.primary DESC,lastname,firstname
 			");
+			$cq->execute();
 
-            echo mysql_error();
-            while($cr=mysql_fetch_object($cq)) {
+            echo $pdo->errorInfo();
+            while($cr=m$cq->fetch(PDO::FETCH_OBJ)) {
                 if(!$userslist[$cr->uid])
                     $userslist[$cr->uid]=user_load($cr->users_id);
             }
@@ -76,9 +79,10 @@ else if($_POST['donortype']=="individual") {
 
     foreach($individual_type AS $t) {
 		$query="SELECT *,MAX(year) FROM users WHERE types LIKE '%$t%' GROUP BY uid HAVING deleted='no' ORDER BY lastname,firstname";
-		$q=mysql_query($query);
-		echo mysql_error();
-		while($r=mysql_fetch_object($q)) {
+		$q=$pdo->prepare($query);
+		$q->execute();
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if(!$userslist[$r->uid])
 				$userslist[$r->uid]=user_load_by_uid($r->uid);
         }
@@ -140,8 +144,9 @@ $thisyearlist=$userslist;
 
 	foreach($neverlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
-			if(mysql_num_rows($q)) {
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
+			$q->execute();
+			if($q->rowCount()) {
 		//		echo "removing $uid because they have donated in the past <br />";
 				unset($neverlist[$uid]);
 			}
@@ -154,8 +159,9 @@ $thisyearlist=$userslist;
 	
 	foreach($pastlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
-			if(!mysql_num_rows($q)) {
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}'");
+			$q->execute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated in the past <br />";
 				unset($pastlist[$uid]);
 			}
@@ -171,8 +177,9 @@ $thisyearlist=$userslist;
 
 	foreach($lastyearlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
-			if(!mysql_num_rows($q)) {
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='$lastyear'");
+			$q->execute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated last year <br />";
 				unset($lastyearlist[$uid]);
 			}
@@ -186,8 +193,9 @@ $thisyearlist=$userslist;
 
 	foreach($thisyearlist AS $uid=>$u) {
 		if($u['sponsors_id']) {
-			$q=mysql_query("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
-			if(!mysql_num_rows($q)) {
+			$q=$pdo->prepare("SELECT * FROM fundraising_donations WHERE status='received' AND sponsors_id='{$u['sponsors_id']}' AND fiscalyear='{$config['FISCALYEAR']}'");
+			$q->execcute();
+			if(!$q->rowCount()) {
 		//		echo "removing $uid because they have NOT donated this year <br />";
 				unset($thisyearlist[$uid]);
 			}
@@ -218,11 +226,13 @@ if($_GET['generatelist']) {
 	$campaignid=$_POST['fundraising_campaigns_id'];
 	$params=serialize($_POST);
 	echo "params=$params";
-	mysql_query("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
+	$stmt = $pdo->prepare("UPDATE fundraising_campaigns SET filterparameters='{$params}' WHERE id='$campaignid'");
+	$stmt->execute();
 	$uids=array_keys($userslist);
 	foreach($uids AS $u) {
-		mysql_query("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
-	}
+		$stmt = $pdo->prepare("INSERT INTO fundraising_campaigns_users_link (fundraising_campaigns_id, users_uid) VALUES ('$campaignid','$u')");
+	$stmt->execute();}
+
 	echo "List created";
 }
 else {
diff --git a/admin/fundraising_common.inc.php b/admin/fundraising_common.inc.php
index 62b25095..cddf0e31 100644
--- a/admin/fundraising_common.inc.php
+++ b/admin/fundraising_common.inc.php
@@ -4,8 +4,9 @@ $salutations=array("Mr.","Mrs.","Ms","Dr.","Professor");
 
 function getGoal($goal) {
 	global $config;
-	$q=mysql_query("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
-	return mysql_fetch_object($q);
-}
+	$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE goal='$goal' AND fiscalyear='{$config['FISCALYEAR']}' LIMIT 1");
+	$q->execute();
+	return $q->rowCount();
+
 
 ?>
diff --git a/admin/fundraising_goals_handler.inc.php b/admin/fundraising_goals_handler.inc.php
index 665ad477..115ca9b1 100644
--- a/admin/fundraising_goals_handler.inc.php
+++ b/admin/fundraising_goals_handler.inc.php
@@ -2,14 +2,17 @@
 if($_POST['action']=="funddelete" && $_POST['delete']) {
 	//first lookup all the sponsorships inside the fund
 	$id=intval($_POST['delete']);
-	$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
-	$f=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$id' AND year='".$config['FISCALYEAR']."'");
+	$q->execute();
+	$f=$q->fetch(PDO::FETCH_OBJ);
 	//hold yer horses, no deleting system funds!
 	if($f) {
 		if($f->system=="no") {
-			mysql_query("DELETE FROM fundraising_donations WHERE fundraising_goal='".mysql_real_escape_string($f->type)."' AND fiscalyear='".$config['FISCALYEAR']."'");
-			mysql_query("DELETE FROM fundraising_goals WHERE id='$id'");
-			if(mysql_affected_rows())
+			$stmt = $pdo->prepare("DELETE FROM fundraising_donations WHERE fundraising_goal='".$f->type."' AND fiscalyear='".$config['FISCALYEAR']."'");
+			$stmt->execute();
+			$stmt = $pdo->prepare("DELETE FROM fundraising_goals WHERE id='$id'");
+			$stmt->execute();
+			if($pdo->rowCount())
 				happy_("Successfully removed fund %1",array($f->name));
 		}
 		else {
@@ -21,26 +24,31 @@ if($_POST['action']=="funddelete" && $_POST['delete']) {
 if($_POST['action']=="fundedit" || $_POST['action']=="fundadd") {
 	$fundraising_id=intval($_POST['fundraising_id']);
 	if($fundraising_id) {
-		$q=mysql_query("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
-		$f=mysql_fetch_object($q);
+		$q=$pdo->prepare("SELECT * FROM fundraising_goals WHERE id='$fundraising_id'");
+		$q->execute();
+		$f=$q->fetch(PDO::FETCH_OBJ);
 		$system=$f->system;
 	}
-	$name=mysql_real_escape_string($_POST['name']);
-	$goal=mysql_real_escape_string($_POST['goal']);
-	$description=mysql_real_escape_string($_POST['description']);
+	$name=$_POST['name'];
+	$goal=$_POST['goal'];
+	$description=$_POST['description'];
 	$budget=intval($_POST['budget']);
 }
 
 if($_POST['action']=="fundedit") {
 	if( ($system=="yes" && $budget) || ($system=="no" && $budget && $goal && $name) ) {
 		if($system=="yes") {
-			mysql_query("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
+			$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description' WHERE id='$fundraising_id'");
+		$stmt->execute();
 		}
+
 		else {
-			mysql_query("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
+			$stmt = $pdo->prepare("UPDATE fundraising SET budget='$budget', description='$description', goal='$goal', name='$name' WHERE id='$fundraising_id'");
+		$stmt->execute();
 		}
-		if(mysql_error())
-			error_("MySQL Error: %1",array(mysql_error()));
+
+		if($pdo->errorInfo())
+			error_("MySQL Error: %1",array($pdo->errorInfo()));
 		else
 			happy_("Saved fund changes");
 	}
@@ -52,13 +60,14 @@ if($_POST['action']=="fundedit") {
 }
 if($_POST['action']=="fundadd") {
 	if( $goal && $type && $name) {
-		mysql_query("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
+		$stmt = $pdo->prepare("INSERT INTO fundraising_goals (goal,name,description,system,budget,fiscalyear) VALUES ('$goal','$name','$description','no','$budget','{$config['FISCALYEAR']}')");
+		$stmt->execute();
 		happy_("Added new fund");
 	}
 	else
 		error_("Required fields were missing, please try again");
-	if(mysql_error())
-		error_("MySQL Error: %1",array(mysql_error()));
+	if($pdo->errorInfo())
+		error_("MySQL Error: %1",array($pdo->errorInfo()));
     exit;
 }
 
diff --git a/admin/project_editor.php b/admin/project_editor.php
index cabaa329..9cdde025 100644
--- a/admin/project_editor.php
+++ b/admin/project_editor.php
@@ -46,11 +46,14 @@ if($auth_type == 'fair') {
 	} else {
 		/* Make sure they have permission to laod this student, check
 		the master copy of the fairs_id in the project */
-		$q=mysql_query("SELECT * FROM projects WHERE 
+		$q=$pdo>prepare("SELECT * FROM projects WHERE 
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND fairs_id=$fairs_id");
-		if(mysql_num_rows($q) != 1) {
+
+
+		$q->execute();
+		if($q->rowCount()!= 1) {
 			echo "permission denied.";
 			exit;
 		} 
@@ -68,19 +71,22 @@ case 'project_regenerate_number':
 	project_save();
 
 	/* Now generate */
-	$q=mysql_query("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
-	$i=mysql_fetch_assoc($q);
+	$q=$pdo->prepare("SELECT id FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	$i=$q->fetch(PDO::FETCH_ASSOC);;
 	$id = $i['id'];
 
-	mysql_query("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
+	$pdo->prepare("UPDATE projects SET projectnumber=NULL,projectsort=NULL,
 				projectnumber_seq='0',projectsort_seq='0'
 				WHERE id='$id'");
-	echo mysql_error();
+	$pdo->execute();
+	echo $pdo->errorInfo();
  	list($pn,$ps,$pns,$pss) = generateProjectNumber($registrations_id);
 //	print("Generated Project Number [$pn]");
-	mysql_query("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
+	$pdo->prepare("UPDATE projects SET projectnumber='$pn',projectsort='$ps',
 				projectnumber_seq='$pns',projectsort_seq='$pss'
 				WHERE id='$id'");
+	$pdo->execute();
 	happy_("Generated and Saved Project Number: $pn");
 	break;
 
@@ -98,8 +104,9 @@ function project_save()
 	global $registrations_id, $config;
 
 	//first, lets make sure this project really does belong to them
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
-	$projectinfo=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='{$registrations_id}' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	$projectinfo = $q->fetch(PDO::FETCH_OBJ);
 	if(!projectinfo) {
 		echo error(i18n("Invalid project to update"));
 	}
@@ -114,15 +121,17 @@ function project_save()
 	//check if it is flagged then update it
 
 	if(empty($_POST['feedback'])) {
-		mysql_query("UPDATE projects SET ".
+		$stmt = $pdo->prepare("UPDATE projects SET ".
 			"flagged='0'".
 			"WHERE id='".intval($_POST['id'])."'");
+		$stmt->execute();
 	} else {
-		mysql_query("UPDATE projects SET ".
+		$stmt = $pdo->prepare("UPDATE projects SET ".
 			"flagged='1'".
 			"WHERE id='".intval($_POST['id'])."'");
+		$stmt->execute();
 	}
-	echo mysql_error();
+	echo $pdo->errorInfo();
 	happy_("Flagging process successfully updated");
 	
 	if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) {  //0 for no limit, eg 255 database field limit 
@@ -131,34 +140,36 @@ function project_save()
 	} else
 		$title=stripslashes($_POST['title']);
 
-	mysql_query("UPDATE projects SET ".
-			"title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",$title))."', ".
-			"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ".
-			"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ".
-			"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
-			"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
-			"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
-			"req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special'])))."', ".
-			"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ".
-			"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ".
-			"summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary'])))."', ".
+	$stmt = $pdo->prepare("UPDATE projects SET ".
+			"title='".iconv("UTF-8","ISO-8859-1//TRANSLIT",$title)."', ".
+			"projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
+			"projecttype='".stripslashes($_POST['projecttype'])."', ".
+			"language='".stripslashes($_POST['language'])."', ".
+			"req_table='".stripslashes($_POST['req_table'])."', ".
+			"req_electricity='".stripslashes($_POST['req_electricity'])."', ".
+			"req_special='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['req_special']))."', ".
+			"human_participants='".stripslashes($_POST['human_participants'])."', ".
+			"animal_participants='".stripslashes($_POST['animal_participants'])."', ".
+			"summary='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['summary']))."', ".
 			"summarycountok='$summarycountok',".
-			"feedback='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback'])))."', ".
-			"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
-			"WHERE id='".intval($_POST['id'])."'");
-			echo mysql_error();
+			"feedback='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['feedback']))."', ".
+			"projectsort='".stripslashes($_POST['projectsort'])."'".
+			"WHERE id='".intval($_POST['id']))."'");
+			echo $pdo->errorInfo();
 	happy_("Project information successfully updated");
 
 	//check if they changed the project number
 	if($_POST['projectnumber']!=$projectinfo->projectnumber) {
 		//check if hte new one is available
-		$q=mysql_query("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
-		if(mysql_num_rows($q)) {
+		$q=$pdo->prepare("SELECT * FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber='".$_POST['projectnumber']."'");
+		$q->execute();
+		if($q->rowCount()) {
 			error_("Could not change project number.  %1 is already in use",array($_POST['projectnumber']));
 		} else {
-			mysql_query("UPDATE projects SET
+			$stmt = $pdo->prepare("UPDATE projects SET
 					projectnumber='".$_POST['projectnumber']."'
 					WHERE id='".$_POST['id']."'");
+			$stmt->execute();
 			happy_("Project number successfully changed to %1",array($_POST['projectnumber']));
 		}
 	}
@@ -169,12 +180,14 @@ function project_load()
 {
 	global $registrations_id, $config;
 	//now lets find out their MAX grade, so we can pre-set the Age Category
-	$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
-	$gradeinfo=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$registrations_id."'");
+	$q->execute();
+	$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
 
 	//now lets grab all the age categories, so we can choose one based on the max grade
-	$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	while($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	$q->execute();
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
 		$agecategories[$r->id]['category']=$r->category;
 		$agecategories[$r->id]['mingrade']=$r->mingrade;
@@ -185,20 +198,24 @@ function project_load()
 	}
 
 	//now select their project info
-	$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
 	//check if it exists, if we didnt find any record, lets insert one
-	$projectinfo=mysql_fetch_object($q);
+	$q->execute();
+	$projectinfo=$q->fetch(PDO::FETCH_OBJ);
 	if(!$projectinfo) {
-		mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
+		$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$registrations_id."','$projectcategories_id','".$config['FAIRYEAR']."')"); 
 		//and then pull it back out
-		$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
-		$projectinfo=mysql_fetch_object($q);
+		$stmt->execute();
+		$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$registrations_id."' AND year='".$config['FAIRYEAR']."'");
+		$q->execute();
+		$projectinfo=$q->fetch(PDO::FETCH_OBJ);
 	}
 
 	//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
 	if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id) {
 		echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
-		mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
+		$stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
+		$stmt->execute();
 	}
 
 	//output the current status
@@ -252,12 +269,13 @@ function countwords()
 
 <?
 if($config['project_type'] == 'yes'){
- $q=mysql_query("SELECT * FROM projecttypes ORDER BY type");
+ $q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
+ $q->execute();
  echo "<tr><td>".i18n("Project Type").": </td><td>";
  echo "<select name=\"projecttype\">\n";
  echo "<option value=\"\">".i18n("Select a project type")."</option>\n";
  //FIXME: need to fix the loading glitch
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
  {	
  	if($r->type == $projectinfo->projecttype)
 	{
@@ -282,15 +300,17 @@ if($config['project_type'] == 'yes'){
 <?
 	//###### Feature Specific - filtering divisions by category
 	if($config['filterdivisionbycategory']=="yes"){
-		$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
-		echo mysql_error();
+		$q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); 
+		$q->execute();
+		echo $pdo->errorInfo();
 	//###
 	} else
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+$q->execute();
 
 	echo "<select name=\"projectdivisions_id\">";
 	echo "<option value=\"\">".i18n("Select a division")."</option>\n";
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
 		echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division),null,"ISO8859-1")."</option>\n";
 	}
diff --git a/admin/registration_stats.php b/admin/registration_stats.php
index 2f20fa73..0805558d 100644
--- a/admin/registration_stats.php
+++ b/admin/registration_stats.php
@@ -61,12 +61,15 @@
  echo "</select>";
  echo "</form>";
 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
+
+
+while($r=$q->fetch(PDO::FETCH_OBJ)
 	$cats[$r->id]=$r->category;
 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 	$divs[$r->id]=$r->division;
 
 if($showstatus) {
@@ -90,7 +93,7 @@ else $wherestatus="";
 		default:	$ORDERBY="registrations.status DESC, projects.title"; break;
 	}
 
-	$q=mysql_query("SELECT  registrations.id AS reg_id,
+	$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				registrations.status,
 				registrations.email,
@@ -109,7 +112,8 @@ else $wherestatus="";
 			ORDER BY
 				$ORDERBY
 			");
-		echo mysql_error();
+		$q->execute();
+		echo $pdo->errorInfo();
 	
 	$stats_totalprojects=0;
 	$stats_totalstudents=0;
@@ -123,7 +127,7 @@ else $wherestatus="";
 	$schools_names=array();
 	$languages=array();
 
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$stats_totalprojects++;
 		$stats_divisions[$r->projectdivisions_id]++;
@@ -142,7 +146,7 @@ else $wherestatus="";
 		$status_text=i18n($status_text);
 
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname,
 					students.id,
 					schools.school,
@@ -155,12 +159,12 @@ else $wherestatus="";
 					AND
 					students.schools_id=schools.id
 				");
-				echo mysql_error();
+				echo $pdo->errorInfo();
 
 		$studnum=1;
 		$schools="";
 		$students="";
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			$stats_totalstudents++;
 			$stats_students_catdiv[$r->projectcategories_id][$r->projectdivisions_id]++;
diff --git a/admin/registration_webconsent.php b/admin/registration_webconsent.php
index 075c7c8c..2de79a9c 100644
--- a/admin/registration_webconsent.php
+++ b/admin/registration_webconsent.php
@@ -45,7 +45,7 @@
 			$webfirst=$_POST['webfirst'][$id]=="yes"?"yes":"no";
 			$weblast=$_POST['weblast'][$id]=="yes"?"yes":"no";
 			$webphoto=$_POST['webphoto'][$id]=="yes"?"yes":"no";
-			mysql_query("UPDATE students SET 
+			$stmt = $pdo->prepare("UPDATE students SET 
 					webfirst='$webfirst',
 					weblast='$weblast',
 					webphoto='$webphoto'
@@ -71,7 +71,7 @@
 
  <?
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname,
 					students.id,
 					projects.projectnumber,
@@ -91,7 +91,8 @@
 				AND 	students.year='".$config['FAIRYEAR']."' 
 				ORDER BY projectnumber
 				");
-				echo mysql_error();
+		$sq->execute();
+				echo $pdo->errorInfo();
 
 	echo "<form method=\"post\" action=\"registration_webconsent.php\">";
 	echo "<table class=\"tableview\">";
@@ -102,7 +103,7 @@
 	echo " <th>".i18n("Last")."</th>";
 	echo " <th>".i18n("Photo")."</th>";
 	echo "</tr></thead>";
-	while($r=mysql_fetch_object($sq))
+	while($r=$sq->fetch(PDO::FETCH_OBJ))
 	{
 		echo "<tr>";
 		echo "<td>$r->projectnumber<input id=\"changed_$r->id\" type=\"hidden\" name=\"changed[$r->id]\" value=\"0\"></td>";
diff --git a/admin/reports.inc.php b/admin/reports.inc.php
index 4e0665ef..d9825f33 100644
--- a/admin/reports.inc.php
+++ b/admin/reports.inc.php
@@ -345,9 +345,10 @@ foreach($report_stock as $n=>$v) {
 	$allow_fields = array_keys($$fieldvar);
 
 	/* First delete all existing fields */
-	mysql_query("DELETE FROM reports_items 
+	$stmt = $pdo->prepare("DELETE FROM reports_items 
 			WHERE `reports_id`='{$report['id']}'
 			AND `type`='$type'");
+	$stmt->execute();
 	/* Now add new ones */
 
 	if(count($report[$type]) == 0) return;
@@ -357,12 +358,12 @@ foreach($report_stock as $n=>$v) {
 	foreach($report[$type] as $k=>$v) {
 		if($type == 'option') {
 			/* field, value, x, y, w, h, lines, face, align, valign, fn, fs, fsize, overflow */
-			$vals = "'".mysql_real_escape_string($k)."','".mysql_real_escape_string($v)."','0','0','0','0','0','','','','','','0','truncate'";
+			$vals = "'".$k."','".$v."','0','0','0','0','0','','','','','','0','truncate'";
 		} else {
 			if($v['lines'] == 0) $v['lines'] =1;
 			$fs = is_array($v['fontstyle']) ? implode(',',$v['fontstyle']) : '';
 			$opts = "{$v['align']} {$v['valign']}";
-			$vals = "'{$v['field']}','".mysql_real_escape_string($v['value'])."',
+			$vals = "'{$v['field']}','".$v['value']."',
 				'{$v['x']}','{$v['y']}','{$v['w']}',
 				'{$v['h']}','{$v['lines']}','{$v['face']}',
 				'$opts','{$v['valign']}',
@@ -374,13 +375,14 @@ foreach($report_stock as $n=>$v) {
 		$x++;
 	}
 	
-	mysql_query("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
+	$stmt = $pdo->prepare("INSERT INTO reports_items(`reports_id`,`type`,`ord`,
 				`field`,`value`,`x`, `y`, `w`, `h`,
 				`lines`, `face`, `align`,`valign`,
 				`fontname`,`fontstyle`,`fontsize`,`on_overflow`) 
 			VALUES $q;");
 
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->erroInfo();
 	
  }
 	
@@ -394,8 +396,9 @@ foreach($report_stock as $n=>$v) {
 
 	$report = array();
 
-	$q = mysql_query("SELECT * FROM reports WHERE id='$report_id'");
-	$r = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM reports WHERE id='$report_id'");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$report['name'] = $r['name'];
 	$report['id'] = $r['id'];
 	$report['system_report_id'] = $r['system_report_id']; 
@@ -417,14 +420,15 @@ foreach($report_stock as $n=>$v) {
 	else
 		$allow_fields=array();
 
- 	$q = mysql_query("SELECT * FROM reports_items 
+ 	$q = $pdo->prepare("SELECT * FROM reports_items 
 			WHERE reports_id='{$report['id']}' 
 			ORDER BY `ord`");
-	print(mysql_error());
+	$q->execute();
+	print($pdo->erroInfo());
 	
-	if(mysql_num_rows($q) == 0) return $report;
+	if($q->rowCount() == 0) return $report;
 
-	while($a = mysql_fetch_assoc($q)) {
+	while($a = $q->fetch(PDO::FETCH_ASSOC)) {
 		$f = $a['field'];
 		$t = $a['type'];
 		switch($t) {
@@ -472,13 +476,15 @@ foreach($report_stock as $n=>$v) {
  {
  	if($report['id'] == 0) {
 		/* New report */
-		mysql_query("INSERT INTO reports (`id`) VALUES ('')");
-		$report['id'] = mysql_insert_id();
+		$stmt = $pdo->prepare("INSERT INTO reports (`id`) VALUES ('')");
+		$stmt->execute();
+		$report['id'] = $pdo->lastInsertId();
 	} else {
 		/* if the report['id'] is not zero, see if this is a
 		 * systeim report before doing anything. */
-		$q = mysql_query("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
-		$i = mysql_fetch_assoc($q);
+		$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='{$report['id']}'");
+		$q->execute();
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 		if(intval($i['system_report_id']) != 0) {
 			/* This is a system report, the editor (should)
 			 * properly setup the editor pages so that the user
@@ -497,12 +503,13 @@ foreach($report_stock as $n=>$v) {
 	print("</pre>");
 */
 
- 	mysql_query("UPDATE reports SET 
-			`name`='".mysql_escape_string($report['name'])."',
-			`desc`='".mysql_escape_string($report['desc'])."',
-			`creator`='".mysql_escape_string($report['creator'])."',
-			`type`='".mysql_escape_string($report['type'])."'
+ 	$stmt = $pdo->prepare("UPDATE reports SET 
+			`name`='".$report['name']."',
+			`desc`='".$report['desc']."',
+			`creator`='".$report['creator']."',
+			`type`='".$report['type']."'
 			WHERE `id`={$report['id']}");
+	$stmt->execute();
 
 	report_save_field($report, 'col', $report['loc']);
 	report_save_field($report, 'group', array());
@@ -516,9 +523,9 @@ foreach($report_stock as $n=>$v) {
  function report_load_all() 
  {
  	$ret = array();
- 	$q = mysql_query("SELECT * FROM reports ORDER BY `name`");
+ 	$q = $pdo->prepare("SELECT * FROM reports ORDER BY `name`");
 
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$report = array();
 	        $report['name'] = $r['name'];
 	        $report['id'] = $r['id'];
@@ -535,8 +542,9 @@ foreach($report_stock as $n=>$v) {
  	$r = intval($report_id);
 	/* if the report['id'] is not zero, see if this is a
 	 * systeim report before doing anything. */
-	$q = mysql_query("SELECT system_report_id FROM reports WHERE id='$r'");
-	$i = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE id='$r'");
+	$q->execute();
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	if(intval($i['system_report_id']) != 0) {
 		/* This is a system report, the editor (should)
 		 * properly setup the editor pages so that the user
@@ -546,9 +554,11 @@ foreach($report_stock as $n=>$v) {
 		echo "ERROR: attempt to delete a system report (reports.id=$r)";
 		exit;
 	}
- 	mysql_query("DELETE FROM reports WHERE `id`=$r");
-	mysql_query("DELETE FROM reports_items WHERE `reports_id`=$r");
- }
+ 	$stmt = $pdo->prepare("DELETE FROM reports WHERE `id`=$r");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM reports_items WHERE `reports_id`=$r");
+ $stmt->execute();}
+
 
  function report_gen($report) 
  {
@@ -792,7 +802,8 @@ foreach($report['col'] as $v)
 	$q = call_user_func_array($func, array($report, $components));
 
 	$q = "SELECT $sel  $q  $filter_query $group_query ORDER BY $order";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
+	$r->execute();
  
 //	print_r($report);
 //	print_r($report['filter']);
@@ -807,18 +818,18 @@ foreach($report['col'] as $v)
 		a bug report so we can get this fixed.<br />"; 
 		echo "<pre>";
 		echo "Query: [$q]<br />";
-		echo "Error: [".mysql_error()."]<br />";
+		echo "Error: [".$pdo->erroInfo()."]<br />";
 		echo "</pre>";
 		exit;
 	}
-	echo mysql_error();
+	echo $pdo->erroInfo();
 
 	$ncols = count($report['col']);
 	$n_groups = count($report['group']);
 	$last_group_data = array();
 
 //	echo "<pre>";print_r($rep);
-	while($i = mysql_fetch_assoc($r)) {
+	while($i = $r->fetch(PDO::FETCH_ASSOC)) {
 		
 		if($n_groups > 0) {
 			$group_change = false;
diff --git a/admin/reports.php b/admin/reports.php
index 617e3e2e..9cab0b5e 100644
--- a/admin/reports.php
+++ b/admin/reports.php
@@ -35,8 +35,9 @@ $option_keys = array('type','stock');
 switch($_GET['action']) {
 case 'remove_report':
  	$id = intval($_GET['id']);
-	mysql_query("DELETE FROM reports_committee WHERE
+	$stmt = $pdo->prepare("DELETE FROM reports_committee WHERE
 			users_id='{$_SESSION['users_uid']}' AND id='$id'");
+	$stmt->execute();
 	happy_('Report successfully removed');
 	exit;
 case 'reload':
@@ -60,16 +61,17 @@ case 'load_report':
 		$ret['name'] = $report['name'];
 		$ret['category'] = '';
 	} else {
-		$q = mysql_query("SELECT * FROM reports_committee WHERE id='$id'");
-		$ret = mysql_fetch_assoc($q);
+		$q = $pdo->prepare("SELECT * FROM reports_committee WHERE id='$id'");
+		$ret = $q->fetch(PDO::FETCH_ASSOC);
 		$ret['type'] = $ret['format'];
 	}
 
 	/* Load available categories */
-	$q = mysql_query("SELECT DISTINCT category FROM reports_committee
+	$q = $pdo->prepare("SELECT DISTINCT category FROM reports_committee
  			WHERE users_id='{$_SESSION['users_uid']}'
 			ORDER BY category");
-	while($i = mysql_fetch_object($q))
+	$q->execute();
+	while($i = $q->fetch(PDO::FETCH_OBJ))
 		$ret['cat'][] = $i->category;
 	echo json_encode($ret);
 	exit;
@@ -81,19 +83,20 @@ case 'save':
  	$reports_id = intval($_POST['reports_id']);
 	if($id == -1) {
 		/* New entry */
-		mysql_query("INSERT INTO `reports_committee` (`users_id`,`reports_id`) 
+		$stmt = $pdo->prepare("INSERT INTO `reports_committee` (`users_id`,`reports_id`) 
 			VALUES('{$_SESSION['users_uid']}','$reports_id');");
-		echo mysql_error();
-		$id = mysql_insert_id();
+		$stmt->execute();
+		echo $pdo->errorInfo();
+		$id = $pdo->lastInsertId();
 	}
 
 	/* Update entry */
 	$category = $_POST['category'];
 	$category_exist = $_POST['category_exist'];
-	$comment = mysql_real_escape_string(stripslashes($_POST['comment']));
+	$comment = stripslashes($_POST['comment']);
 
 	if($category_exist != '') $category = $category_exist;
-	$category = mysql_real_escape_string(stripslashes(trim($category)));
+	$category = stripslashes(trim($category));
 
 	if($category == '') $category = 'default';
 
@@ -115,12 +118,13 @@ case 'save':
 		$stock = '';
 	}
 
-	mysql_query("UPDATE `reports_committee` SET
+	$stmt = $pdo->prepare("UPDATE `reports_committee` SET
 			`category`='$category',
 			`comment`='$comment',
 			`format`='$type',
 			`stock`='$stock'
 			WHERE id='$id'");
+	$stmt->execute();
 	happy_("Saved");
 	exit;
  }
@@ -237,20 +241,21 @@ $(document).ready(function() {
 <?
 
  /* Load all the users reports */
- $q = mysql_query("SELECT reports_committee.*,reports.name
+ $q = $pdo->prepare("SELECT reports_committee.*,reports.name
  			FROM reports_committee 
 				LEFT JOIN reports ON reports.id=reports_committee.reports_id
  			WHERE users_id='{$_SESSION['users_uid']}'
 			ORDER BY category,id");
- echo mysql_error();
- if(mysql_num_rows($q) == 0) {
+$q->execute();
+ echo $pdo->errorInfo();
+ if($q->rowCount()== 0) {
  	echo i18n('You have no reports saved');
  } else {
 
 	$last_category = '';
 	$x=0;
 	echo "<table class=\"tableview\" style=\"border:0px;\">";
-	while($i = mysql_fetch_object($q)) {
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$x++;
 		if($last_category != $i->category) {
 			/* New category */
diff --git a/admin/reports_acscript.php b/admin/reports_acscript.php
index 0bc9c157..656bc915 100644
--- a/admin/reports_acscript.php
+++ b/admin/reports_acscript.php
@@ -9,7 +9,7 @@
  else $foryear=$config['FAIRYEAR'];
 
  if($_GET['awardtype']=="All") $awardtype="";
- else if($_GET['awardtype']) $awardtype=" AND award_types.type='".mysql_escape_string($_GET['awardtype'])."'";
+ else if($_GET['awardtype']) $awardtype=" AND award_types.type='".$_GET['awardtype']."'";
  else $awardtype="";
 
  if($_GET['show_unawarded_awards']=="on") $show_unawarded_awards="yes";
@@ -56,7 +56,7 @@ if(!$scriptformat) $scriptformat="default";
 	else if($type=="csv") {
 		$rep=new lcsv(i18n("Awards Ceremony Script"));
 	}
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.presenter,
@@ -77,18 +77,19 @@ if(!$scriptformat) $scriptformat="default";
 				AND	award_awards.excludefromac='0'
 				$awardtype
 			ORDER BY awards_order");
+		$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 //	echo "<pre>";
-	if(!mysql_num_rows($q)) {
+	if(!$q->rowCount()) {
 		$rep->output();
 		exit;
 	}
 	$awards = array();
 
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 
-		$pq=mysql_query("SELECT 
+		$pq=$pdo->prepare("SELECT 
 						award_prizes.prize,
 						award_prizes.number,
 						award_prizes.id,
@@ -111,11 +112,12 @@ if(!$scriptformat) $scriptformat="default";
 					ORDER BY 
 						`order`,
 						projects.projectnumber");
-					echo mysql_error();
+		$pq->execute();
+					echo $pdo->errorInfo();
 
 		$r->winners = array();
 		$r->awarded_count = 0;
-		while($w = mysql_fetch_object($pq)) {
+		while($w = $pq->fetch(PDO::FETCH_OBJ)) {
 			if($w->projects_id)
 			{
 				$r->awarded_count++;
@@ -229,7 +231,7 @@ if(!$scriptformat) $scriptformat="default";
 						if($scriptformat=="default") 
 							$rep->addText( "    ($pr->projectnumber) $pr->title");
 
-						$sq=mysql_query("SELECT students.firstname,
+						$sq=$pdo->prepare("SELECT students.firstname,
 									students.lastname,
 									students.pronunciation,
 									students.schools_id,
@@ -241,12 +243,13 @@ if(!$scriptformat) $scriptformat="default";
 									students.registrations_id='$pr->reg_id'
 									AND students.schools_id=schools.id
 								");
+						$sq->execute();
 	
 						$students="       Students: ";
 						$studnum=0;
 						$pronounce = "";
 						$rawpronounce = "";
-						while($studentinfo=mysql_fetch_object($sq)) {
+						while($studentinfo=$sq->fetch(PDO::FETCH_OBJ)) {
 							if($studnum>0) $students.=", ";
 							$students.="$studentinfo->firstname $studentinfo->lastname";
 
diff --git a/admin/reports_appeal_letters.php b/admin/reports_appeal_letters.php
index 5c181a97..0d79d48b 100644
--- a/admin/reports_appeal_letters.php
+++ b/admin/reports_appeal_letters.php
@@ -30,7 +30,7 @@ require_once('../tcpdf/tcpdf_sfiab_config.php');
 require_once('../tcpdf/tcpdf.php');
 
 $fcid = intval($_GET['fundraising_campaigns_id']);
-$key = mysql_real_escape_string($_GET['key']);
+$key = $_GET['key'];
 
 /* Start an output PDF */
 $pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
@@ -69,16 +69,17 @@ $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
 
 /* Load the users */
 $users = array();
-$q = mysql_query("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
-while($l = mysql_fetch_assoc($q)) {
+$q = $pdo->prepare("SELECT * FROM fundraising_campaigns_users_link WHERE fundraising_campaigns_id='$fcid'");
+while($l = $q->fetch(PDO::FETCH_ASSOC))) {
 	$uid = $l['users_uid'];
 	$users[$uid] = user_load_by_uid($uid);
 }
 
 /* Grab all the emails */
-$q = mysql_query("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
+$q = $pdo->prepare("SELECT * FROM emails WHERE fundraising_campaigns_id='$fcid' AND val='$key'");
+$q->execute();
 
-while($e = mysql_fetch_assoc($q)) {
+while($e = $q->fetch(PDO::FETCH_ASSOC))) {
 
 	foreach($users as $uid=>&$u) {
 	 	$subject = communication_replace_vars($e['subject'], $u);
diff --git a/admin/reports_ceremony.php b/admin/reports_ceremony.php
index 573f4557..b0c6da6f 100644
--- a/admin/reports_ceremony.php
+++ b/admin/reports_ceremony.php
@@ -38,10 +38,11 @@
  echo "<tr><td><b>".i18n("Year").":</b></td><td>";
 
  //get the year information, use fairname since it should be there for all years[right?]
- $results = mysql_query("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
+ $results = $pdo->prepare("SELECT year FROM config WHERE var='fairname' AND year > 0 ORDER BY year DESC");
+ $results->execute();
  
  echo "<select name=\"year\" size=1>";
- while($r=mysql_fetch_object($results)) {
+ while($r=$results->fetch(PDO::FETCH_OBJ)) {
  	echo "<option>$r->year</option>";
  }
  echo "</select></td></tr>";
@@ -60,9 +61,10 @@
  echo "<tr>";
  //list award subsets to output
  echo "<td><b>".i18n("Award Type").":</b></td> <td> <select name=\"awardtype\" size=1>";
- $results = mysql_query("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
+ $results = $pdo->prepare("SELECT type FROM award_types WHERE year=".$config['FAIRYEAR']." ORDER BY type");
+ $results->execute();
  echo "<option value=\"All\">".i18n("All")."</option>";
- while($r=mysql_fetch_object($results)) {
+ while($r=$results->fetch(PDO::FETCH_OBJ)) {
  	echo "<option value=\"$r->type\">".i18n("$r->type")."</option>";
  }
  echo "</select></td>";
@@ -92,8 +94,9 @@
 
  echo "<tr><td><b>".i18n("Include the following age categories").":</b></td>";
  echo "<td>";
- $q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
- while($r=mysql_fetch_object($q)) {
+ $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY id");
+ $q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	echo "<input name=\"show_category[{$r->id}]\" type=\"checkbox\" checked=\"checked\" />";
 	echo "".i18n($r->category)."<br />";
  }
diff --git a/admin/reports_editor.php b/admin/reports_editor.php
index 349a7d71..b4830c8c 100644
--- a/admin/reports_editor.php
+++ b/admin/reports_editor.php
@@ -323,13 +323,14 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 
  if($repaction == 'export') {
  	echo "<pre>";
-	$q = mysql_query("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
-	$r = mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT system_report_id FROM reports WHERE 1 ORDER BY system_report_id DESC");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_ASSOC);
 	$sid = $r['system_report_id'] + 1;
-	$n = mysql_escape_string($report['name']);
-	$c = mysql_escape_string($report['creator']);
-	$d = mysql_escape_string($report['desc']);
-	$t = mysql_escape_string($report['type']);
+	$n = $report['name'];
+	$c = $report['creator'];
+	$d = $report['desc'];
+	$t = $report['type'];
 
  	echo "INSERT INTO `reports` (`id`, `system_report_id`, `name`, `desc`, `creator`, `type`) VALUES\n";
 	echo "\t('', '$sid', '$n', '$d', '$c', '$t');\n";
@@ -339,7 +340,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 	/* Do the options */
 	$x = 0;
 	foreach($report['option'] as $k=>$v) {
-		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".mysql_real_escape_string($v)."', 0, 0, 0, 0, 0, '', ''),";
+		echo "\n\t('', LAST_INSERT_ID(), 'option', $x, '$k', '".$v."', 0, 0, 0, 0, 0, '', ''),";
 		$x++;
 	}
 	/* Do the fields */
@@ -356,7 +357,7 @@ function createDataTCPDF(x,y,w,h,align,valign,fontname,fontstyle,fontsize,value)
 			if($vlines == 0) $vlines = 1;
 			$face = $v['face'];
 			$align = $v['align']. ' ' . $v['valign'];
-			$value=mysql_escape_string(stripslashes($v['value']));
+			$value= stripslashes($v['value']);
 			if(!$first) echo ',';
 			$first = false;
 			echo "\n\t('', LAST_INSERT_ID(), '$f', $x, '$k', '$value', $vx, $vy, $vw, $vh, $vlines, '$face', '$align')";
diff --git a/admin/reports_gen.php b/admin/reports_gen.php
index 48857cb7..e02ab843 100644
--- a/admin/reports_gen.php
+++ b/admin/reports_gen.php
@@ -39,8 +39,9 @@
  /* If it's a system report, turn that into the actual report id */
  if(array_key_exists('sid', $_GET)) {
  	$sid = intval($_GET['sid']);
- 	$q = mysql_query("SELECT id FROM reports WHERE system_report_id='$sid'");
-	$r = mysql_fetch_assoc($q);
+ 	$q = $pdo->prepare("SELECT id FROM reports WHERE system_report_id='$sid'");
+	$q->execute();
+	$r = $q->fetch(PDO::FETCH_OBJ);
 	$id = $r['id'];
  }
  
@@ -88,11 +89,12 @@ case 'dialog_gen':
 	</tr><tr>
 	<?
 	/* See if the report is in this committee member's list */
-	$q = mysql_query("SELECT * FROM reports_committee 
+	$q = $pd->prepare("SELECT * FROM reports_committee 
  				WHERE users_id='{$_SESSION['users_uid']}'
 				AND reports_id='{$report['id']}'");
-	if(mysql_num_rows($q) > 0) {
-		$i = mysql_fetch_assoc($q);
+	$q->execute();
+	if($q->rowCount() > 0) {
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 		?>
 		<td colspan="2"><hr /><h3><?=i18n('My Reports Info')?></h3></td>
 		</tr><tr>
@@ -125,10 +127,11 @@ case 'dialog_gen':
 		echo "</select></td></tr>\n";
 	}
 	/* Find all the years */
-	$q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+	$q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+	$q->execute();
 	echo "<tr><td  class=\"label\"><b>".i18n('Year')."</b>:</td>";
 	echo "<td class=\"input\"><select name=\"year\" id=\"year\">";
-	while($i = mysql_fetch_assoc($q)) {
+	while($i =$q->fetch(PDO::FETCH_ASSOC)) {
 		$y = $i['year'];
 		$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
 		echo "<option value=\"$y\" $sel>$y</option>";
@@ -215,13 +218,14 @@ case 'dialog_gen':
 
  echo '<tr><td colspan="2"><hr /></td></tr>';
  /* See if the report is in this committee member's list */
- $q = mysql_query("SELECT * FROM reports_committee 
+ $q = $pdo->prepare("SELECT * FROM reports_committee 
  			WHERE users_id='{$_SESSION['users_uid']}'
 			AND reports_id='{$report['id']}'");
+	$q->execute();
  echo "<tr><td colspan=\"2\"><h3>".i18n('My Reports Info')."</h3></td></tr>";
- if(mysql_num_rows($q) > 0) {
+ if($q->rowCount() > 0) {
  	/* Yes, it is */
-	$i = mysql_fetch_object($q);
+	$i = $q->fetch(PDO::FETCH_OBJ);
 	echo "<tr><td><b>".i18n('Category')."</b>:</td>";
 	echo "<td>{$i->category}</td></tr>";
 	echo "<tr><td><b>".i18n('Comment')."</b>:</td>";
@@ -249,10 +253,11 @@ case 'dialog_gen':
 	echo "</select></td></tr>";
  }
  /* Find all the years */
- $q = mysql_query("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+ $q = $pdo->prepare("SELECT DISTINCT year FROM config WHERE year>1000 ORDER BY year DESC");
+ $q->execute();
  echo "<tr><td><b>".i18n('Year')."</b>:</td>";
  echo "<td><select name=\"year\" id=\"year\">";
- while($i = mysql_fetch_assoc($q)) {
+ while($i =$q->fetch(PDO::FETCH_ASSOC)) {
  	$y = $i['year'];
 	$sel = ($config['FAIRYEAR'] == $y) ? 'selected="selected"' : '';
 	echo "<option value=\"$y\" $sel>$y</option>";
diff --git a/admin/reports_judges.inc.php b/admin/reports_judges.inc.php
index 09cf0cdc..c1e1a72f 100644
--- a/admin/reports_judges.inc.php
+++ b/admin/reports_judges.inc.php
@@ -130,15 +130,17 @@ function report_judges_custom_question($report, $field, $text)
 	$users_id = $text;
 
 	/* Find the actual question ID */
-	$q = mysql_query("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
-	if(mysql_num_rows($q) != 1)
+	$q = $pdo->prepare("SELECT * FROM questions WHERE year='$year' AND ord='$q_ord'");
+	$q->execute();
+	if($q->rowCount() != 1)
 		return 'Question not specified';
-	$question = mysql_fetch_assoc($q);
+	$question = $q->fetch(PDO::FETCH_ASSOC);
 
-	$q = mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
-	if(mysql_num_rows($q) != 1)
+	$q = $pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='{$question['id']}'");
+	$q->execute();
+	if($q->rowCount() != 1)
 		return '';
-	$answer = mysql_fetch_assoc($q);
+	$answer = $q->fetch(PDO::FETCH_ASSOC);
 	return $answer['answer'];
 }
 
@@ -174,12 +176,13 @@ function report_judges_team_members($report, $field, $text)
 {
 	$year = $report['year'];
 	$judges_teams_id = $text;
-	$q = mysql_query("SELECT * FROM judges_teams_link 
+	$q = $pdo->prepare("SELECT * FROM judges_teams_link 
 						LEFT JOIN users ON judges_teams_link.users_id=users.id
 						WHERE judges_teams_link.year='$year'
 						AND judges_teams_link.judges_teams_id='$judges_teams_id'");
+	$q->execute();
 	$ret = '';
-	while( ($m = mysql_fetch_assoc($q))) {
+	while( ($m = $q->fetch(PDO::FETCH_ASSOC))) {
 		$add = false;
 		switch($field) {
 		case 'team_captain':
@@ -216,9 +219,10 @@ function report_judges_load_rounds($year)
 	global $config, $report_judges_rounds;
 	if(count($report_judges_rounds)) return ;
 
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='0' AND `year`='$year'");
+	$q->execute();
 	/* Loads judges_timeslots.id, .starttime, .endtime, .date, .name */
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
         	$report_judges_rounds[] = $r;
 
 		if($r['type'] == 'divisional1') $report_judges_rounds['divisional1'] = $r;
@@ -232,8 +236,9 @@ function report_judges_specialaward($report, $field, $text)
 	global $config, $report_judges_rounds;
 	$year = $report['year'];
 	$award_id = $text;
-	$q=mysql_query("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
-	$r=mysql_fetch_object($q);
+	$q=$pdo->prepare("SELECT * FROM award_awards WHERE id='".intval($award_id)."'");
+	$q->execute();
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	return $r->name;
 
 }
@@ -258,9 +263,10 @@ function report_judges_time_availability($report, $field, $text)
 		exit;
 	}
 
-	$q = mysql_query("SELECT * FROM judges_availability WHERE users_id='$users_id'");
+	$q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id='$users_id'");
+	$q->execute();
 //	echo mysql_error();
-	while(($r = mysql_fetch_assoc($q))) {
+	while(($r = $q->fetch(PDO::FETCH_ASSOC))) {
 		 if($r['start'] <= $round['starttime'] 
                   && $r['end'] >= $round['endtime'] 
                   && $r['date'] == $round['date'] ) {
diff --git a/admin/reports_judges.php b/admin/reports_judges.php
index 6c7613e4..673ba592 100644
--- a/admin/reports_judges.php
+++ b/admin/reports_judges.php
@@ -78,18 +78,20 @@ foreach($keys as $qid) {
 
 
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-$numcats=mysql_num_rows($q);
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+$numcats=$q->rowCount();
 $catheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$cats[]=$r->id;
 	$catheadings[]="$r->category (out of 5)";
 }
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
 $divheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divs[]=$r->id;
 	$divheadings[]="$r->division (out of 5)";
@@ -103,9 +105,10 @@ $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadi
 	$datetimeheadings=array();
 
 	/* Load the judging rounds */
-	$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+	$q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
+	$q->execute();
 	$x = 0;
-	while($r = mysql_fetch_object($q)) {
+	while($r = $q->fetch(PDO::FETCH_OBJ)) {
 		$found = false;
 		foreach($times as $xx => $t) {
 			if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
@@ -132,7 +135,7 @@ $table['header']=array_merge($table['header'],$datetimeheadings);
 $table['widths']=array();
 $table['dataalign']=array();
 
-$q=mysql_query("SELECT 
+$q=$pdo->prepare("SELECT 
 				users.*,
 				users_judge.*
 			FROM 
@@ -146,8 +149,9 @@ $q=mysql_query("SELECT
 			ORDER BY 
 				lastname,
 				firstname");
-echo mysql_error();
-while($r=mysql_fetch_object($q)) {
+$q->execute();
+echo $pdo->errorInfo();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$u=user_load($r->id);
 
 	$expertise_other=str_replace("\n"," ",$r->expertise_other);
@@ -180,11 +184,12 @@ while($r=mysql_fetch_object($q)) {
 	}
 
 
-	$tq = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
+	$tq = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"".$r->id."\" ORDER BY `start`");
+	$tq->execute();
 
 	$sel = array();
 	$timedata=array();
-	while($tr=mysql_fetch_object($tq)) {
+	while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 		foreach($times as $x=>$t) {
 			if($tr->start == $t['starttime'] && $tr->end == $t['endtime'] && $tr->date == $t['date']) {
 				$sel[$x] = true;
diff --git a/admin/reports_judges_allyears.php b/admin/reports_judges_allyears.php
index fd5add21..19e13fdc 100644
--- a/admin/reports_judges_allyears.php
+++ b/admin/reports_judges_allyears.php
@@ -79,18 +79,20 @@ foreach($keys as $qid) {
 
 
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-$numcats=mysql_num_rows($q);
+$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
+$numcats=$q->rowCount();
 $catheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$cats[]=$r->id;
 	$catheadings[]="$r->category (out of 5)";
 }
 //grab the list of divisions, because the last fields of the table will be the sub-divisions 
-$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+$q->execute();
 $divheadings=array();
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	$divs[]=$r->id;
 	$divheadings[]="$r->division (out of 5)";
@@ -105,7 +107,7 @@ $table['header']=array_merge($table['header'],array_merge($catheadings,$divheadi
 $table['widths']=array();
 $table['dataalign']=array();
 
-$q=mysql_query("SELECT 
+$q=$pdo->prepare("SELECT 
 				users.*,
 				users_judge.*
 			FROM 
@@ -118,8 +120,9 @@ $q=mysql_query("SELECT
 				lastname,
 				firstname,
 				year");
-echo mysql_error();
-while($r=mysql_fetch_object($q)) {
+$q->execute();
+echo $pdo->errorInfo();
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$u=user_load($r->id);
 
 	$expertise_other=str_replace("\n"," ",$r->expertise_other);
diff --git a/admin/reports_judges_teams_projects.php b/admin/reports_judges_teams_projects.php
index e7de2cb1..90636a99 100644
--- a/admin/reports_judges_teams_projects.php
+++ b/admin/reports_judges_teams_projects.php
@@ -49,8 +49,9 @@
 
 	$teams=getJudgingTeams();
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
@@ -91,10 +92,11 @@
 				$rep->addText(i18n("Criteria").": ".$award['criteria']);
 
 				//get category eligibility
-				$q=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
-				echo mysql_error();
+				$q=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories WHERE award_awards_projectcategories.projectcategories_id=projectcategories.id AND award_awards_projectcategories.award_awards_id='{$award['id']}' AND award_awards_projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}' ORDER BY category");
+				$q->execute();
+				echo $pdo->erroInfo();
 				$cats="";
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					if($cats) $cats.=", ".i18n($r->category);
 					else $cats=i18n($r->category);
@@ -103,10 +105,11 @@
 
 
 				//get division eligibility
-				$q=mysql_query("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
-				echo mysql_error();
+				$q=$pdo->prepare("SELECT projectdivisions.division_shortform FROM projectdivisions, award_awards_projectdivisions WHERE award_awards_projectdivisions.projectdivisions_id=projectdivisions.id AND award_awards_projectdivisions.award_awards_id='{$award['id']}' AND award_awards_projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}' ORDER BY division_shortform");
+				$q->execute();
+				echo $pdo->erroInfo();
 				$divs="";
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::FETCH_OBJ))
 				{
 					if($divs) $divs.=", ".i18n($r->division_shortform);
 					else $divs=i18n($r->division_shortform);
@@ -119,7 +122,7 @@
 		$rep->nextLine();
 
 		//get the timeslots that this team has.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.id,
 					judges_timeslots.date,
 					judges_timeslots.starttime,
@@ -135,9 +138,10 @@
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($show_date)
 				$timeslot=format_date($r->date)." ";
@@ -145,7 +149,7 @@
 				$timeslot="";
 			$timeslot.=format_time($r->starttime)." - ".format_time($r->endtime);
 
-			$projq=mysql_query("SELECT
+			$projq=$pdo->prepare("SELECT
 					projects.projectnumber,
 					projects.id,
 					projects.title
@@ -160,8 +164,9 @@
 				ORDER BY
 					projectnumber
 				");
+			$projq->execute(;)
 
-			while($proj=mysql_fetch_object($projq))
+			while($proj=$projq->fetch(PDO::FETCH_OBJ))
 			{
 				$table['data'][]=array($timeslot, $proj->projectnumber,$proj->title);
 				//make the timeslot empty so we dont list it each time if there's more than one project in the timeslot
diff --git a/admin/reports_mailinglabels_generator.php b/admin/reports_mailinglabels_generator.php
index 5b585fc1..8cfa16ad 100644
--- a/admin/reports_mailinglabels_generator.php
+++ b/admin/reports_mailinglabels_generator.php
@@ -66,7 +66,7 @@ if($report)
 	{
 		//IF(schools.sciencehead=\"\",\"Science Department Head\",schools.sciencehead) AS co,
 		case "schools":
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							schools.school AS name,
 							schools.board AS board,
 							schools.schoollang,
@@ -82,11 +82,12 @@ if($report)
 						ORDER BY
 							school
 						");
+				$q->execute();
 		break;
 
 		case "sponsors":
 
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							award_sponsors.organization AS name,
 							award_sponsors.address AS address,
 							award_sponsors.city AS city,
@@ -105,10 +106,11 @@ if($report)
 						ORDER BY
 							organization
 						");
+				$q->execute();
 			break;
 
 			case "judges":
-				$q=mysql_query("SELECT  
+				$q=$pdo->prepare("SELECT  
 							CONCAT(judges.firstname,' ',judges.lastname) AS name,
 							IF(judges.address2=\"\",
 								judges.address,
@@ -127,6 +129,7 @@ if($report)
 						ORDER BY
 							lastname,firstname
 						");
+				$q->execute();
 			break;
 
 	}
@@ -144,7 +147,7 @@ if($report)
 					i18n($config['postalzip']));
 	}
 	
-	while($r=mysql_fetch_object($q))
+	while($r=$q-.fetch(PDO::FETCH_OBJ))
 	{
 		//handle C/O differently for schools, becuase, well, french schools are picky!
 		if($report=="schools") {
diff --git a/admin/reports_program_awards.php b/admin/reports_program_awards.php
index d56114cc..caaaf9b4 100644
--- a/admin/reports_program_awards.php
+++ b/admin/reports_program_awards.php
@@ -23,7 +23,7 @@
 	{
 		$rep=new lcsv(i18n("Program Awards"));
 	}
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -40,27 +40,29 @@
 				AND	award_awards.excludefromac='0'
 				AND	(award_types.type='special' OR award_types.type='grand')
 			ORDER BY awards_order");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q))
+	if($q->rowCCount())
 	{
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$rep->heading(i18n($r->name));
 
 			//get teh age categories
-			$acq=mysql_query("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories  WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
-			echo mysql_error();
+			$acq=$pdo->prepare("SELECT projectcategories.category FROM projectcategories, award_awards_projectcategories  WHERE projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.year='".$config['FAIRYEAR']."' AND award_awards_projectcategories.award_awards_id='$r->id' AND award_awards_projectcategories.projectcategories_id=projectcategories.id ORDER BY projectcategories.id");
+			$acq->execute();
+			echo $pdo->errorInfo();
 			$cats="";
-			while($acr=mysql_fetch_object($acq))
+			while($acr=$acq->fetch(PDO::FETCH_OBJ))
 			{
 				$cats.=i18n($acr->category).", ";
 			}
 			$cats=substr($cats,0,-2);
 			$rep->addText("$cats: ".i18n($r->criteria));
 
-			$pq=mysql_query("SELECT 
+			$pq=$pdo->prepare("SELECT 
 						award_prizes.prize,
 						award_prizes.number,
 						award_prizes.id,
@@ -74,9 +76,10 @@
 						AND award_prizes.excludefromac='0'
 					ORDER BY 
 						`order`");
-					echo mysql_error();
+			$pq->execute();
+					echo $pdo->errorInfo();
 			$prevprizeid=-1;
-			while($pr=mysql_fetch_object($pq))
+			while($pr=$pq->fetch(PDO::FETCH_OBJ))
 			{
 				if($prevprizeid!=$pr->id)
 				{
diff --git a/admin/reports_projects_details.php b/admin/reports_projects_details.php
index 9817fe9d..82e186b5 100644
--- a/admin/reports_projects_details.php
+++ b/admin/reports_projects_details.php
@@ -47,7 +47,7 @@
 		$rep=new lcsv(i18n("Project Details"));
 	}
 
-	$projq=mysql_query("SELECT  
+	$projq=$pdo->prepare("SELECT  
 				registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id,
@@ -77,25 +77,25 @@
 			ORDER BY
 				projects.projectnumber
 			");
-			echo mysql_error();
+			echo $pdo->errorInfo();
 
-	$totalprojects=mysql_num_rows($projq);
+	$totalprojects=$projq->rowCount();
 	$projectcount=0;
 	
-	while($proj=mysql_fetch_object($projq))
+	while($proj=$projq->fetch(PDO::FETCH_OBJ))
 	{
 		$projectcount++;
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$proj->reg_id'
 				");
-
+		$sq->execute();
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::FETCH_OBJ))
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";
@@ -120,14 +120,15 @@
 		$rep->addTable($table);
 		unset($table);
 
-		$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
+		$q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$proj->reg_id."'");
+		$q->execute();
 		$rep->nextline();
 		$rep->heading(i18n("Mentor Information"));
 		$rep->nextline();
 
-		if(mysql_num_rows($q))
+		if($q->rowCount())
 		{
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$rep->addText(i18n("%1 %2 from %3",array($r->firstname,$r->lastname,$r->organization)));
 			$rep->addText(i18n("Phone: %1 Email: %2",array($r->phone,$r->email)));
diff --git a/admin/reports_projects_judges_teams.php b/admin/reports_projects_judges_teams.php
index a7088b3f..fe14c7d8 100644
--- a/admin/reports_projects_judges_teams.php
+++ b/admin/reports_projects_judges_teams.php
@@ -49,14 +49,15 @@
 
 	$teams=getJudgingTeams();
 
-	$q=mysql_query("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
-	if(mysql_num_rows($q)>1)
+	$q=$pdo->prepare("SELECT DISTINCT(date) AS d FROM judges_timeslots WHERE year='".$config['FAIRYEAR']."'");
+	$q->execute();
+	if($q->rowCount()>1)
 		$show_date=true;
 	else
 		$show_date=false;
 
 
-	$projq=mysql_query("SELECT  
+	$projq=$pdo->prepare("SELECT  
 				registrations.id AS reg_id,
 				registrations.num AS reg_num,
 				projects.id,
@@ -81,24 +82,26 @@
 			ORDER BY
 				projects.projectnumber
 			");
-			echo mysql_error();
+		$projq->execute();
+			echo $pdo->errorInfo();
 	
-	while($proj=mysql_fetch_object($projq))
+	while($proj=$projq->fetch(PDO::FETCH_OBJ))
 	{
 		$rep->heading("(".$proj->projectnumber.") ".$proj->title);
 
-		$sq=mysql_query("SELECT students.firstname,
+		$sq=$pdo->prepare("SELECT students.firstname,
 					students.lastname
 				FROM
 					students
 				WHERE
 					students.registrations_id='$proj->reg_id'
 				");
+		$sq->execute();
 
 
 		$students="";
 		$studnum=0;
-		while($studentinfo=mysql_fetch_object($sq))
+		while($studentinfo=$sq->fetch(PDO::fETCH_OBJ)
 		{
 			if($studnum>0) $students.=", ";
 			$students.="$studentinfo->firstname $studentinfo->lastname";
@@ -117,7 +120,7 @@
 		$table['dataalign']=array("center","left");
 
 		//get the timeslots that this project has assigned to been judged.
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					judges_timeslots.date,
 					judges_timeslots.starttime,
 					judges_timeslots.endtime,
@@ -132,9 +135,10 @@
 				ORDER BY
 					date,starttime
 				");
-		$numslots=mysql_num_rows($q);
+		$q->execute();
+		$numslots=$q->rowCount();
 
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($show_date)
 				$timeslot=format_date($r->date)." ";
diff --git a/admin/reports_students.inc.php b/admin/reports_students.inc.php
index 760c75d9..db23a0eb 100644
--- a/admin/reports_students.inc.php
+++ b/admin/reports_students.inc.php
@@ -67,14 +67,15 @@ function report_student_safety_question($report, $field, $text) {
 	//safetyquestions start counting 1-10, but when we LIMIT, we need to index on 0-9
 	$q_ord--;
 
-		$q=mysql_query("SELECT safetyquestions.question,
+		$q=$pdo->prepare("SELECT safetyquestions.question,
 			safety.answer
 		FROM safetyquestions
 		JOIN safety ON safetyquestions.id=safety.safetyquestions_id
 		WHERE safety.registrations_id='".$regid."' 
 		ORDER BY safetyquestions.ord LIMIT $q_ord,1");
+		$q->execute();
 
-	$r=mysql_fetch_object($q);
+	$r=$q->fetch(PDO::FETCH_OBJ);
 	return $r->answer;
 }
 
@@ -82,16 +83,17 @@ function report_student_safety_question($report, $field, $text) {
 function reports_students_numstudents($report, $field, $text)
 {
 	$year = $report['year'];
-	$q = mysql_query("SELECT students.id FROM students 
+	$q = $pdo->prepare("SELECT students.id FROM students 
 				WHERE students.registrations_id='$text'
 					AND students.year='$year'");
-	return mysql_num_rows($q);
+	$q->execute();
+	return $q->rowCount();
 }
 
 function reports_students_award_selfnom_num($report, $field, $text, $n)
 {
 	$year = $report['year'];
-	$q = mysql_query("SELECT award_awards.name FROM 
+	$q = $pdo->prepare("SELECT award_awards.name FROM 
 				projects 
 				LEFT JOIN project_specialawards_link ON project_specialawards_link.projects_id=projects.id
 				LEFT JOIN award_awards ON award_awards.id=project_specialawards_link.award_awards_id
@@ -99,8 +101,9 @@ function reports_students_award_selfnom_num($report, $field, $text, $n)
 					AND projects.year='$year'
 					AND project_specialawards_link.year='$year'
 				LIMIT $n,1");
-	echo mysql_error();
-	$i = mysql_fetch_assoc($q);
+	$q->execute();
+	echo $pdo->errorInfo();
+	$i = $q->fetch(PDO::FETCH_OBJ);
 	return $i['name'];
 }
 function reports_students_award_selfnom_1($report, $field, $text)
@@ -136,9 +139,10 @@ function reports_students_school_principal($report, $field, $text)
 function report_student_regfee_item($report, $field, $text) {
 	$year = $report['year'];
 	$id=intval(substr($field,12));
-	$q=mysql_query("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
-	echo mysql_error();
-	if($r=mysql_fetch_object($q)) {
+	$q=$pdo->prepare("SELECT regfee_items_id FROM regfee_items_link WHERE students_id='$text' AND regfee_items_id='$id'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	if($r=$q->fetch(PDO::FETCH_OBJ)) {
 		return i18n("Yes");
 	}
 	else {
diff --git a/admin/reports_volunteers.inc.php b/admin/reports_volunteers.inc.php
index bf90b408..142db256 100644
--- a/admin/reports_volunteers.inc.php
+++ b/admin/reports_volunteers.inc.php
@@ -112,7 +112,7 @@ $report_volunteers_fields = array(
 		'name' => 'Fair -- Name',
 		'header' => 'Fair Name',
 		'width' => 3,
-		'table' => "'".mysql_escape_string($config['fairname'])."'"),
+		'table' => "'".$config['fairname'])."'",
 
 	'static_text' => array (
 		'name' => 'Static Text (useful for labels)',
diff --git a/admin/rerollprizes.php b/admin/rerollprizes.php
index f0ba3fb8..31f6c831 100644
--- a/admin/rerollprizes.php
+++ b/admin/rerollprizes.php
@@ -15,113 +15,132 @@
 	{
 
 	//make sure the number of awards are identical (aka they havent added any new ones)
-	$nq1=mysql_query("SELECT * FROM award_awards WHERE year='$newfairyear'");
-	$nq2=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
-	if(mysql_num_rows($nq1)==mysql_num_rows($nq2)) 
+	$nq1=$pdo->prepare("SELECT * FROM award_awards WHERE year='$newfairyear'");
+	$nq1->execute();
+	$nq2=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+	$nq2->execute();
+	if($nq1->rowCount()==$nq2->rowcount()) 
 	{
-		$npq1=mysql_query("SELECT * FROM award_prizes WHERE year='$newfairyear'");
-		$npq2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
+		$npq1=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$newfairyear'");
+		$npq1->execute();
+		$npq2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear'");
+		$npq2->execute();
 
-		if(mysql_num_rows($npq2)>0 && mysql_num_rows($npq1)==0) 
+		if($npq2->rowCount()>0 && $npq1->rowCount()==0) 
 		{
 
 
 	echo "<br />";
 	echo notice(i18n("A BUG WAS IDENTIFIED IN YOUR PREVIOUS YEAR ROLLOVER WHICH CAUSED AWARD PRIZES TO NOT BE ROLLED OVER PROPERLY.  THEY ARE NOW BEING RE-ROLLED OVER WITH THE PROPER PRIZE INFORMATION.  THIS WILL ONLY HAPPEN ONCE."))."<br />";
-	mysql_query("DELETE FROM award_awards WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_prizes WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_contacts WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_types WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
-	mysql_query("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
+	$stmt = $pdo->prepare("DELETE FROM award_awards WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_prizes WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_contacts WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_types WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_awards_projectcategories WHERE year='$newfairyear'");
+	$stmt->execute();
+	$stmt = $pdo->prepare("DELETE FROM award_awards_projectdivisions WHERE year='$newfairyear'");
+$stmt->execute();
 
 	echo i18n("Rolling awards")."<br />";
 		//awards
-		$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
-		echo mysql_error();
-		while($r=mysql_fetch_object($q))
+		$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+		$q->execute();
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
-			mysql_query("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
-				'".mysql_escape_string($r->award_sponsors_id)."',
-				'".mysql_escape_string($r->award_types_id)."',
-				'".mysql_escape_string($r->name)."',
-				'".mysql_escape_string($r->criteria)."',
-				'".mysql_escape_string($r->presenter)."',
-				'".mysql_escape_string($r->order)."',
-				'".mysql_escape_string($newfairyear)."',
-				'".mysql_escape_string($r->excludefromac)."',
-				'".mysql_escape_string($r->cwsfaward)."')");
-			$award_awards_id=mysql_insert_id();
+			$stmt = $pdo->prepare("INSERT INTO award_awards (award_sponsors_id,award_types_id,name,criteria,presenter,`order`,year,excludefromac,cwsfaward) VALUES (
+				'".$r->award_sponsors_id."',
+				'".$r->award_types_i)."',
+				'".$r->name."',
+				'".$r->criteria."',
+				'".$r->presenter."',
+				'".$r->order."',
+				'".$newfairyear."',
+				'".$r->excludefromac."',
+				'".$r->cwsfaward."')");
+			$award_awards_id=$pdo->lastInsertId();
 			
-			$q2=mysql_query("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
-			while($r2=mysql_fetch_object($q2))
+			$q2=$pdo->prepare("SELECT * FROM award_awards_projectcategories WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2->execute();
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->projectcategories_id)."',
-				'".mysql_escape_string($newfairyear)."')");
+				$stmt = $pdo->prepare("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) VALUES (
+				'".$award_awards_id."',
+				'".$r2->projectcategories_id."',
+				'".$newfairyear."')");
+				$stmt->execute();
 
 			}
 
-			$q2=mysql_query("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
-			while($r2=mysql_fetch_object($q2))
+			$q2=$pdo->prepare("SELECT * FROM award_awards_projectdivisions WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2->execute();
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->projectdivisions_id)."',
-				'".mysql_escape_string($newfairyear)."')");
+				$stmt = $pdo->prepare("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) VALUES (
+				'".$award_awards_id."',
+				'".$r2->projectdivisions_id."',
+				'".$newfairyear."')");
+				$stmt->execute();
 
 			}
 
 			echo i18n("&nbsp; Rolling award prizes")."<br />";
-			$q2=mysql_query("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
-			echo mysql_error();
-			while($r2=mysql_fetch_object($q2))
+			$q2=$pdo->prepare("SELECT * FROM award_prizes WHERE year='$currentfairyear' AND award_awards_id='$r->id'");
+			$q2->execute();
+			echo $pdo->errorInfo();
+			while($r2=$q2->fetch(PDO::FETCH_OBJ))
 			{
-				mysql_query("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
-				'".mysql_escape_string($award_awards_id)."',
-				'".mysql_escape_string($r2->cash)."',
-				'".mysql_escape_string($r2->scholarship)."',
-				'".mysql_escape_string($r2->value)."',
-				'".mysql_escape_string($r2->prize)."',
-				'".mysql_escape_string($r2->number)."',
-				'".mysql_escape_string($r2->order)."',
-				'".mysql_escape_string($newfairyear)."',
-				'".mysql_escape_string($r2->excludefromac)."')");
+				$stmt = $pdo->prepare("INSERT INTO award_prizes (award_awards_id,cash,scholarship,`value`,prize,number,`order`,year,excludefromac) VALUES (
+				'".$award_awards_id."',
+				'".$r2->cash."',
+				'".$r2->scholarship."',
+				'".$r2->value."',
+				'".$r2->prize."',
+				'".$r2->number."',
+				'".$r2->order."',
+				'".$newfairyear."',
+				'".$r2->excludefromac."')");
 			}
 		}
 
 		echo i18n("Rolling award contacts")."<br />";
 		//award contacts
-		$q=mysql_query("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
-		echo mysql_error();
-		while($r=mysql_fetch_object($q))
-			mysql_query("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
-				'".mysql_escape_string($r->award_sponsors_id)."',
-				'".mysql_escape_string($r->salutation)."',
-				'".mysql_escape_string($r->firstname)."',
-				'".mysql_escape_string($r->lastname)."',
-				'".mysql_escape_string($r->position)."',
-				'".mysql_escape_string($r->email)."',
-				'".mysql_escape_string($r->phonehome)."',
-				'".mysql_escape_string($r->phonework)."',
-				'".mysql_escape_string($r->phonecell)."',
-				'".mysql_escape_string($r->fax)."',
-				'".mysql_escape_string($r->notes)."',
-				'".mysql_escape_string($newfairyear)."')");
+		$q=$pdo->prepare("SELECT * FROM award_contacts WHERE year='$currentfairyear'");
+		$q->execute();
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
+			$stmt = $pdo->prepare("INSERT INTO award_contacts (award_sponsors_id,salutation,firstname,lastname,position,email,phonehome,phonework,phonecell,fax,notes,year) VALUES (
+				'".$r->award_sponsors_id."',
+				'".$r->salutation."',
+				'".$r->firstname."',
+				'".$r->lastname."',
+				'".$r->position."',
+				'".$r->email."',
+				'".$r->phonehome."',
+				'".$r->phonework."',
+				'".$r->phonecell."',
+				'".$r->fax."',
+				'".$r->notes."',
+				'".$newfairyear."')");
 
 		echo i18n("Rolling award types")."<br />";
 		//award types
-		$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
-		echo mysql_error();
-		while($r=mysql_fetch_object($q))
-			mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
-				'".mysql_escape_string($r->id)."',
-				'".mysql_escape_string($r->type)."',
-				'".mysql_escape_string($r->order)."',
-				'".mysql_escape_string($newfairyear)."')");
+		$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
+		$q->execute();
+		echo $pdo->errorInfo();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
+			$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
+				'".$r->id."',
+				'".$r->type."',
+				'".$r->order."',
+				'".$newfairyear."')");
+			$stmt->execute();
 
 		}
 	}
diff --git a/admin/schools.php b/admin/schools.php
index 064dc775..43c16203 100644
--- a/admin/schools.php
+++ b/admin/schools.php
@@ -31,8 +31,9 @@
 	{
 		if($_POST['save']=="add")
 		{
-			$q=mysql_query("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
-			$id=mysql_insert_id();
+			$q=$pdo->prepare("INSERT INTO schools (year) VALUES ('".$config['FAIRYEAR']."')");
+			$q->execute();
+			$id=$pdo->lastInsertId();
 		}
 		else
 			$id=intval($_POST['id']);
@@ -47,8 +48,9 @@
 */
 
 		/* Get the uids for principal/science head */
-		$q = mysql_query("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
-		$i = mysql_fetch_assoc($q);
+		$q = $pdo->prepare("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
+		$q->execute();
+		$i = $q->fetch(PDO::FETCH_ASSOC);
 
 		$principal_update = '';
 		$sciencehead_update = '';
@@ -120,29 +122,30 @@
 		}
 
 		$exec="UPDATE schools SET ".
-			"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
-			"schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ".
-			"designate='".mysql_escape_string(stripslashes($_POST['schooldesignate']))."', ".
-			"schoollevel='".mysql_escape_string(stripslashes($_POST['schoollevel']))."', ".
-			"school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
-			"board='".mysql_escape_string(stripslashes($_POST['board']))."', ".
-			"district='".mysql_escape_string(stripslashes($_POST['district']))."', ".
-			"address='".mysql_escape_string(stripslashes($_POST['address']))."', ".
-			"city='".mysql_escape_string(stripslashes($_POST['city']))."', ".
-			"province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', ".
-			"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', ".
-			"schoolemail='".mysql_escape_string(stripslashes($_POST['schoolemail']))."', ".
-			"phone='".mysql_escape_string(stripslashes($_POST['phone']))."', ".
-			"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
-			"registration_password='".mysql_escape_string(stripslashes($_POST['registration_password']))."', ".
-			"projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ".
-			"projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ".
-			"accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ".
+			"school='".stripslashes($_POST['school'])."', ".
+			"schoollang='".stripslashes($_POST['schoollang'])."', ".
+			"designate='".stripslashes($_POST['schooldesignate'])."', ".
+			"schoollevel='".stripslashes($_POST['schoollevel'])."', ".
+			"school='".stripslashes($_POST['school'])."', ".
+			"board='".stripslashes($_POST['board'])."', ".
+			"district='".stripslashes($_POST['district'])."', ".
+			"address='".stripslashes($_POST['address'])."', ".
+			"city='".stripslashes($_POST['city'])."', ".
+			"province_code='".stripslashes($_POST['province_code'])."', ".
+			"postalcode='".stripslashes($_POST['postalcode'])."', ".
+			"schoolemail='".stripslashes($_POST['schoolemail'])."', ".
+			"phone='".stripslashes($_POST['phone'])."', ".
+			"fax='".stripslashes($_POST['fax'])."', ".
+			"registration_password='".stripslashes($_POST['registration_password'])."', ".
+			"projectlimit='".stripslashes($_POST['projectlimit'])."', ".
+			"projectlimitper='".stripslashes($_POST['projectlimitper'])."', ".
+			"accesscode='".stripslashes($_POST['accesscode'])."', ".
 			$sciencehead_update.$principal_update.
 			"atrisk='$atrisk' ".
 			"WHERE id='$id'";
-		mysql_query($exec);
-		echo mysql_error();
+		$stmt = $pdo->prepare($exec);
+		$stmt->execute();
+		echo $pdo->errorInfo();
 
 		if($_POST['save']=="add")
 			$notice = 'added';
@@ -152,23 +155,27 @@
 
 	if($_GET['action']=="delete" && $_GET['delete'])
 	{
-		mysql_query("DELETE FROM schools WHERE id='".$_GET['delete']."'");
+		$stmt = $pdo->prepare("DELETE FROM schools WHERE id='".$_GET['delete']."'");
+		$stmt->execute();
 		$notice = 'deleted';
 	}
 
 	if($_GET['action']=="clearaccesscodes")
 	{
-		mysql_query("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
+		$stmt = $pdo->prepare("UPDATE schools SET accesscode=NULL WHERE year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 		$notice = 'clearaccess';
 	}
 
 	if($_GET['action']=="makeaccesscodes")
 	{
-		$q=mysql_query("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
-		while($r=mysql_fetch_object($q))
+		$q=$pdo->prepare("SELECT id FROM schools WHERE year='{$config['FAIRYEAR']}' AND (accesscode IS NULL OR accesscode='')");
+		$q->execute();
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$ac=generatePassword(5);
-			mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
+			$stmt = $pdo->prepare("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND year='{$config['FAIRYEAR']}'");
+			$stmt->execute();
 
 		}
 		$notice = 'makeaccess';
@@ -186,8 +193,9 @@
 		if($_GET['action']=="edit")
 		{
 			$buttontext="Save School";
-			$q=mysql_query("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
-			$r=mysql_fetch_object($q);
+			$q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_GET['edit']."'");
+			$q->execute();
+			$r=$q->fetch(PDO::FETCH_OBJ);
 		}
 		else if($_GET['action']=="add")
 		{
diff --git a/admin/schoolsimport.php b/admin/schoolsimport.php
index 10a079b8..2a5dd75d 100644
--- a/admin/schoolsimport.php
+++ b/admin/schoolsimport.php
@@ -49,7 +49,8 @@
 				if($_POST['emptycurrent']==1)
 				{
 					echo happy(i18n("Old school data erased"));
-					mysql_query("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
+					$stmt = $pdo->prepare("DELETE FROM schools WHERE year='".$config['FAIRYEAR']."'");
+					$stmt->execute();
 				}
 
 				$loaded=0;
@@ -86,30 +87,31 @@
 						$principal['phonework'] = $row[13];
 						user_save($principal);
 					}
-					mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
-						'".mysql_escape_string(stripslashes($row[0]))."',
-						'".mysql_escape_string(stripslashes($row[1]))."',
-						'".mysql_escape_string(stripslashes($row[2]))."',
-						'".mysql_escape_string(stripslashes($row[3]))."',
-						'".mysql_escape_string(stripslashes($row[4]))."',
-						'".mysql_escape_string(stripslashes($row[5]))."',
-						'".mysql_escape_string(stripslashes($row[6]))."',
-						'".mysql_escape_string(stripslashes($row[7]))."',
-						'".mysql_escape_string(stripslashes($row[8]))."',
-						'".mysql_escape_string(stripslashes($row[9]))."',
-						'".mysql_escape_string(stripslashes($row[10]))."',
-						'".mysql_escape_string(stripslashes($row[14]))."',
-						'".mysql_escape_string(stripslashes($row[18]))."',
-						'".mysql_escape_string(stripslashes($row[19]))."',
-						'".mysql_escape_string(stripslashes($row[20]))."',
-						'".mysql_escape_string(stripslashes($row[21]))."',
+					$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,schoolemail,accesscode,registration_password,projectlimit,projectlimitper,year,principal_uid,sciencehead_uid) VALUES (
+						'".stripslashes($row[0])."',
+						'".stripslashes($row[1])."',
+						'".stripslashes($row[2])."',
+						'".stripslashes($row[3])."',
+						'".stripslashes($row[4])."',
+						'".stripslashes($row[5])."',
+						'".stripslashes($row[6])."',
+						'".stripslashes($row[7])."',
+						'".stripslashes($row[8])."',
+						'".stripslashes($row[9])."',
+						'".stripslashes($row[10])."',
+						'".stripslashes($row[14])."',
+						'".stripslashes($row[18])."',
+						'".stripslashes($row[19])."',
+						'".stripslashes($row[20])."',
+						'".stripslashes($row[21])."',
 						'".$config['FAIRYEAR']."',
 						'".$principal['uid']."',
 						'".$scienceHead['uid']."')");
-					if(!mysql_Error())
+					$stmt->execute();
+										if(!$pdo->errorInfo())
 						$loaded++;
 					else
-						echo mysql_error();
+						echo $pdo->errorInfo();
 				}
 				echo happy(i18n("Successfully loaded %1 schools",array($loaded)));
 				echo "<a href=\"schools.php\">".i18n("School Management")."</a> <br />";
diff --git a/admin/send_emailqueue.php b/admin/send_emailqueue.php
index f983759b..73d582db 100644
--- a/admin/send_emailqueue.php
+++ b/admin/send_emailqueue.php
@@ -28,15 +28,18 @@ $sleepmax=2000000; // 2.0 second
 
 echo date("r")."\n";
 if(!$config['emailqueue_lock'])  {
-	mysql_query("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
+	$stmt = $pdo->prepare("UPDATE config SET val='".date("r")."' WHERE var='emailqueue_lock'");
+	$stmt->execute();
 
 	//loop forever, but not really, it'll get break'd as soon as there's nothing left to send
 	while(true) {
-		$q=mysql_query("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
-		if(mysql_num_rows($q)) {
-			$r=mysql_fetch_object($q);
-			$eq=mysql_query("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
-			$email=mysql_fetch_object($eq);
+		$q=$pdo->prepare("SELECT * FROM emailqueue_recipients WHERE sent IS NULL AND result IS NULL LIMIT 1");
+		$q->execute();
+		if($q->rowCount()) {
+			$r=$q->fetch(PDO::FETCH_OBJ);
+			$eq=$pdo->prepare("SELECT * FROM emailqueue WHERE id='$r->emailqueue_id'");
+			$eq->execute();
+			$email=$eq->fetch(PDO::FETCH_OBJ);
 
 			$blank=array();
 			$replacements=(array)json_decode($r->replacements);
@@ -66,33 +69,40 @@ if(!$config['emailqueue_lock'])  {
 			$result=email_send_new($to,$email->from,$email->subject,$body,$bodyhtml);
 
 			if($result) {
-				mysql_query("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
-				echo mysql_error();
+				$stmt = $pdo->prepare("UPDATE emailqueue_recipients SET sent=NOW(), `result`='ok' WHERE id='$r->id'");
+				$stmt->execute()
+				echo $pdo->errorInfo();
 				$newnumsent=$email->numsent+1;
-				mysql_query("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
-				echo mysql_error();
+				$stmt = $pdo->prepare("UPDATE emailqueue SET numsent=$newnumsent WHERE id='$email->id'");
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				echo "ok\n";
 			}
 			else {
-				mysql_query("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
-				echo mysql_error();
+				$stmt = Spdo->prepare("UPDATE emailqueue_recipients SET `sent`=NOW(), `result`='failed' WHERE id='$r->id'");
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				$newnumfailed=$email->numfailed+1;
-				mysql_query("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
-				echo mysql_error();
+				$stmt = $pdo->prepare("UPDATE emailqueue SET numfailed=$newnumfailed WHERE id='$email->id'");
+				$stmt->execute();
+				echo $pdo->errorInfo();
 				echo "failed\n";
 			}
 			//now check if we're done yet
-			$rq=mysql_query("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
-			$rr=mysql_fetch_object($rq);
+			$rq=$pdo->prepare("SELECT COUNT(*) AS num FROM emailqueue_recipients WHERE sent IS NULL AND emailqueue_id='$email->id'");
+			$rq->execute();
+			$rr=$rq;->fetch(PDO::FETCH_OBJ)
 			if($rr->num==0) {
-				mysql_query("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
+				$stmt = $pdo->prepare("UPDATE emailqueue SET finished=NOW() WHERE id='$email->id'");
+				$stmt->execute();
 			}
 			usleep(rand($sleepmin,$sleepmax));
 		}
 		else
 			break;
 	}
-	mysql_query("UPDATE config SET val='' WHERE var='emailqueue_lock'");
+	$stmt = $pdo->prepare("UPDATE config SET val='' WHERE var='emailqueue_lock'");
+	$stmt->execute();
 }
 else {
 	echo "Already locked\n";
diff --git a/admin/settranslation.php b/admin/settranslation.php
index c3fe921b..302fe861 100644
--- a/admin/settranslation.php
+++ b/admin/settranslation.php
@@ -32,15 +32,19 @@ foreach($config['languages'] AS $l=>$ln) {
     $m=md5($_POST['translate_str_hidden']);
 
     if($_POST['translate_'.$l]) {
-        $q=mysql_query("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
-        if(mysql_num_rows($q))
-            mysql_query("UPDATE translations SET val='".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."' WHERE lang='$l' AND strmd5='$m'");
-        else
-            mysql_query("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".mysql_real_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden'])))."','".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l])))."')");
-    }
+        $q=$pdo->prepare("SELECT * FROM translations WHERE lang='$l' AND strmd5='$m'");
+        $q->execute();
+        if($q->rowCount())
+            $stmt = $pdo->prepare("UPDATE translations SET val='".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."' WHERE lang='$l' AND strmd5='$m'");
+        $stmt->execute();else
+
+            $stmt = $pdo->prepare("INSERT INTO translations (lang,strmd5,str,val) VALUES ('$l','$m','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_str_hidden']))."','".iconv("UTF-8","ISO-8859-1",stripslashes($_POST['translate_'.$l]))."')");
+    $stmt->execute();}
+
     else {
-        mysql_query("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
-    }
+        $stmt = $pdo->prepare("DELETE FROM translations WHERE lang='$l' AND strmd5='$m'");
+    $stmt->execute();}
+
 }
 echo "ok";
 
diff --git a/admin/sponsor_contacts.php b/admin/sponsor_contacts.php
index 5c9a9ee1..17efdaeb 100644
--- a/admin/sponsor_contacts.php
+++ b/admin/sponsor_contacts.php
@@ -38,11 +38,12 @@
 ?>
 
 <?
-	$q=mysql_query("SELECT id,organization FROM sponsors ORDER BY organization");
+	$q=$pdo->prepare("SELECT id,organization FROM sponsors ORDER BY organization");
+	$q->execute();
 	echo "<form method=\"get\" action=\"sponsor_contacts.php\" name=\"sponsorchange\">";
 	echo "<select name=\"sponsors_id\" onchange=\"document.forms.sponsorchange.submit()\">";
 	echo "<option value=\"\">".i18n("Choose a sponsor to view contacts")."</option>";
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::fETCH_OBJ))
 	{
 		if($r->id == $sponsors_id)
 		{
@@ -73,7 +74,7 @@
 
 			if($p == 'no') {
 				/* Make sure this sponsor ($sponsors_id) has a primary */
-				$q = mysql_query("SELECT users_id 
+				$q = $pdo->prepare("SELECT users_id 
 							FROM users_sponsor, users 
 							WHERE
 							users_sponsor.users_id=users.id
@@ -81,14 +82,16 @@
 							AND `primary`='yes'
 							AND year='".$config['FAIRYEAR']."'
 							AND users_id!='$id'");
-				if(mysql_num_rows($q) == 0) {
+					$q->execute();
+				if($q->rowCount() == 0) {
 					/* This must be the primary */
 					$p = 'yes';
 				} 
 			} else {
 				/* Unset all other primaries */
-				mysql_query("UPDATE users_sponsor SET `primary`='no'
+				$stmt = $pdo->prepare("UPDATE users_sponsor SET `primary`='no'
 						WHERE  sponsors_id='$sponsors_id'");
+				$stmt->execute();
 			}
 
 			$u['primary']=$p;
@@ -125,7 +128,7 @@
 				echo "<h3>".i18n("Edit %1 Contact",array($sponsors_organization))."</h3>\n";
 				$buttontext="Save Contact";
 //				$q=mysql_query("SELECT * FROM sponsor_contacts WHERE id='".$_GET['edit']."'");
-//				$r=mysql_fetch_object($q);
+//				$r=$q->fetch(PDO::fETCH_OBJ);
 				$u=user_load(intval($_GET['edit']));
 			}
 			else if($_GET['action']=="add")
@@ -171,14 +174,15 @@
 			echo "<a href=\"sponsor_contacts.php?sponsors_id=$sponsors_id&action=add\">".i18n("Add New Contact to %1",array($sponsors_organization))."</a>\n";
 			echo "<br />";
 
-			$q=mysql_query("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
+			$q=$pdo->prepare("SELECT * FROM users LEFT JOIN users_sponsor ON users_sponsor.users_id=users.id
 					 WHERE year='".$config['FAIRYEAR']."' 
 					 AND sponsors_id='$sponsors_id' 
 					 AND deleted='no' 
 					 ORDER BY lastname,firstname");
-			echo mysql_Error();
+			$q->execute();
+			echo $pdo->errorInfo();
 
-			if(mysql_num_rows($q))
+			if($q->rowCount())
 			{
 				echo "<table class=\"tableview\">";
 				echo "<thead><tr>";
@@ -191,7 +195,7 @@
 				echo "</tr></thead>\n";
 
 
-				while($r=mysql_fetch_object($q))
+				while($r=$q->fetch(PDO::fETCH_OBJ))
 				{
 					echo "<tr>\n";
 					echo " <td>";
diff --git a/admin/student_editor.php b/admin/student_editor.php
index 47a711e5..e8a90bc0 100644
--- a/admin/student_editor.php
+++ b/admin/student_editor.php
@@ -38,11 +38,12 @@ if($auth_type == 'fair') {
 	} else {
 		/* Make sure they have permission to laod this student, check
 		the master copy of the fairs_id in the project */
-		$q=mysql_query("SELECT * FROM projects WHERE 
+		$q=$pdo->prepare("SELECT * FROM projects WHERE 
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND fairs_id=$fairs_id");
-		if(mysql_num_rows($q) != 1) {
+		$q->execute();
+		if($q->rowCount() != 1) {
 			echo "permission denied.";
 			exit;
 		} 
@@ -70,20 +71,53 @@ case 'students_save':
 
 case 'student_remove':
 	$remove_id = intval($_GET['students_id']);
-	$q=mysql_query("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
-	if(mysql_num_rows($q)!=1) {
+	$q=$pdo->prepare("SELECT id FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$q->execute();
+	if($q->rowCount()!=1) {
+		error_("Invalid student to remove");
+		exit;
+	}
+	if($q->rowCount()!=1) {
 		error_("Invalid student to remove");
 		exit;
 	}
 
-	mysql_query("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
 
 	//now see if they have an emergency contact that also needs to be removed
-	$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
 	//no need to error message if this doesnt exist
-	if(mysql_num_rows($q)==1)
-		mysql_query("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	if($q->rowCount()==1)
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
+	if($q->rowCount()!=1) {
+		error_("Invalid student to remove");
+		exit;
+	}
 
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
+
+	//now see if they have an emergency contact that also needs to be removed
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	//no need to error message if this doesnt exist
+	if($q->rowCount()==1)
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
+
+	$stmt = $pdo->prepare("DELETE FROM students WHERE id='$remove_id' AND registrations_id='$registrations_id'");
+	$stmt->execute();
+
+	//now see if they have an emergency contact that also needs to be removed
+	$q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	//no need to error message if this doesnt exist
+	if($q->rowCount()==1)
+		$stmt = $do->prepare("DELETE FROM emergencycontact WHERE students_id='$remove_id' AND registrations_id='$registrations_id' AND year='{$config['FAIRYEAR']}'");
+		$stmt->execute();
 	happy_("Student successfully removed");
 	exit;
 
@@ -105,34 +139,35 @@ function students_save()
 		if($_POST['id'][$x]==0) {
 			//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record.  for anything else they can school the school on their own.
 			if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") {
-				$q=mysql_query("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
-				$r=mysql_fetch_object($q);
+				$q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='$registrations_id' AND YEAR='{$config['FAIRYEAR']}'");
+				$q->execute();
+				$r=$q->fetch(PDO::FETCH_OBJ);
 				$schools_id=$r->schools_id;
 				$schoolvalue="'$schools_id', ";
 			} else {
-				$schoolvalue="'".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+				$schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
 			}
 			//INSERT new record
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-			mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
+			$stmt -> prepare("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
 					"'".$registrations_id."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
+					"'".stripslashes($_POST['sex'][$x])."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
+					"'".stripslashes($_POST['postalcode'][$x])."', ".
+					"'".stripslashes($_POST['phone'][$x])."', ".
 					"'$dob', ".
-					"'".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+					"'".stripslashes($_POST['grade'][$x])."', ".
 					$schoolvalue.
-					"'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
-					"'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
-					"'".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
+					"'".stripslashes($_POST['tshirt'][$x])."', ".
+					"'".stripslashes($_POST['medicalalert'][$x])."', ".
+					"'".stripslashes($_POST['foodreq'][$x])."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
+					"'".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
 					"'".$config['FAIRYEAR']."')");
 
 			happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
@@ -143,32 +178,33 @@ function students_save()
 			if(( $config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") && !$_POST['schools_id'][$x]) {
 				$schoolquery="";
 			} else if($_POST['schools_id'][$x]) {
-				$schoolquery="schools_id='".mysql_escape_string(stripslashes($_POST['schools_id'][$x]))."', ";
+				$schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
 			} else
 				$schoolquery="";
 
 
 			//UPDATE existing record
 			$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
-			mysql_query("UPDATE students SET ".
-					"firstname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x])))."', ".
-					"lastname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x])))."', ".
-					"sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
-					"email='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x])))."', ".
-					"address='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x])))."', ".
-					"city='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x])))."', ".
-					"province='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x])))."', ".
-					"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
-					"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
+			$stmt = $pdo->prepare("UPDATE students SET ".
+					"firstname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['firstname'][$x]))."', ".
+					"lastname='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['lastname'][$x]))."', ".
+					"sex='".stripslashes($_POST['sex'][$x])."', ".
+					"email='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['email'][$x]))."', ".
+					"address='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['address'][$x]))."', ".
+					"city='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['city'][$x]))."', ".
+					"province='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['province'][$x]))."', ".
+					"postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
+					"phone='".stripslashes($_POST['phone'][$x])."', ".
 					"dateofbirth='$dob', ".
-					"grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
+					"grade='".stripslashes($_POST['grade'][$x])."', ".
 					$schoolquery.
-					"medicalalert='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x])))."', ".
-					"foodreq='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x])))."', ".
-					"teachername='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x])))."', ".
-					"teacheremail='".mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x])))."', ".
-					"tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
+					"medicalalert='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['medicalalert'][$x]))."', ".
+					"foodreq='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['foodreq'][$x]))."', ".
+					"teachername='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teachername'][$x]))."', ".
+					"teacheremail='".iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['teacheremail'][$x]))."', ".
+					"tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
 					"WHERE id='".$_POST['id'][$x]."'");
+			$stmt->execute();
 			happy_("%1 %2 successfully updated",array(iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['firstname'][$x]),iconv("UTF-8","ISO-8859-1//TRANSLIT",$_POST['lastname'][$x])));
 		}
 		$x++;	
@@ -181,12 +217,13 @@ function students_load()
 	global $registrations_id, $config;
 
 	//now query and display 
-	$q=mysql_query("SELECT * FROM students WHERE
+	$q=$pdo->prepare("SELECT * FROM students WHERE
 				registrations_id='$registrations_id' 
 				AND year='{$config['FAIRYEAR']}'");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 
-	$numfound=mysql_num_rows($q);
+	$numfound=$q->rowCount();
 
 	$numtoshow = intval($_GET['numstudents']);
 	if($numtoshow == 0) $numtoshow=$numfound;
@@ -208,7 +245,7 @@ function students_load()
 
 	echo "<form id=\"students_form\" >";
 	for($x=1;$x<=$numtoshow;$x++) {
- 		$studentinfo=mysql_fetch_object($q);
+ 		$studentinfo=$q->fetch(PDO::FETCH_OBJ);
 		echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
 		//if we have a valid student, set their ID, so we can UPDATE when we submit
 		//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@@ -346,10 +383,11 @@ function students_load()
 		echo " <td>".i18n("School")."</td><td colspan=\"3\">";
 		if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
 		{
-			$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+			$schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
+			$schoolq->execute();
 			echo "<select name=\"schools_id[$x]\">\n";
 			echo "<option value=\"\">".i18n("Choose School")."</option>\n";
-			while($r=mysql_fetch_object($schoolq))
+			while($r=$schoolq->fetch(PDO::FETCH_OBJ))
 			{
 				if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
 				echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@@ -359,8 +397,9 @@ function students_load()
 		}
 		else
 		{
-			$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
-			$r=mysql_fetch_object($schoolq);
+			$schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
+			$schoolq->execute();
+			$r=$schoolq->fetch(PDO::FETCH_OBJ);
 			echo $r->school;
 		}
 
@@ -414,22 +453,25 @@ function registration_load()
 		/* Find a reg num */
 		do {
 			$regnum=rand(100000,999999);
-			$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
-		} while(mysql_num_rows($q)>0);
+			$q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year={$config['FAIRYEAR']}");
+			$q->execute();
+		} while($q->rowCount()>0);
 
 		$r['num'] = $regnum;
 		echo notice(i18n('New registration number generated.'));
 		echo notice(i18n('This new registration will added when the "Save Registration Information" button is pressed below.  At that time the other tabs will become available.'));
 	} else {
-		$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'");
-		if(mysql_num_rows($q) != 1) 
+		$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
+		$q->execute();
+		if($q->rowCount() != 1) 
 			$r = array();
 		else {
-			$r = mysql_fetch_assoc($q);
+			$r = $q->fetch(PDO::FETCH_ASSOC);
 			/* Get the fair from the project */
-			$q = mysql_query("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
-			if(mysql_num_rows($q) == 1) {
-				$p = mysql_fetch_assoc($q);
+			$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE registrations_id='$registrations_id'");
+			$q->execute();
+			if($q->rowCount() == 1) {
+				$p = $q->fetch(PDO::FETCH_ASSOC);
 				$r['fairs_id'] = $p['fairs_id'];
 			}
 		}
@@ -438,8 +480,9 @@ function registration_load()
 
 	/* Load fairs */
 	$fairs = array();
-	$q = mysql_query("SELECT * FROM fairs WHERE type='feeder'");
-	while(($f = mysql_fetch_assoc($q))) {
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE type='feeder'");
+	$q->execute();
+	while(($f = $q->fetch(PDO::FETCH_ASSOC))) {
 		$fairs[$f['id']] = $f;
 	}
 
@@ -500,40 +543,47 @@ function registration_save()
 {
 	global $registrations_id, $config, $auth_type;
 	$registration_num = intval($_POST['registration_num']);
-	$registration_status = mysql_real_escape_string(stripslashes($_POST['registration_status']));
-	$registration_email = mysql_real_escape_string(stripslashes($_POST['registration_email']));
+	$registration_status = stripslashes($_POST['registration_status']);
+	$registration_email = stripslashes($_POST['registration_email']);
 	$fairs_id = intval($_POST['registration_fair']);
 
 	if($registrations_id == -1) {
-		mysql_query("INSERT INTO registrations (start,schools_id,year) VALUES (
+		$stmt=$pdo->prepare("INSERT INTO registrations (start,schools_id,year) VALUES (
 					NOW(), NULL, '{$config['FAIRYEAR']}')");
-		$registrations_id = mysql_insert_id();
+		$stmt->execute();
+		$registrations_id = $pdo->lastInsertId();
 
 		/* Create one student and a project */
-		mysql_query("INSERT INTO students (registrations_id,email,year) VALUES (
+		$stmt=$pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES (
+		
 					$registrations_id, '$registration_email', '{$config['FAIRYEAR']}')");
-		mysql_query("INSERT INTO projects (registrations_id,year) VALUES (
+		$stmt->execute();
+		$stmt=$pdo->prepare("INSERT INTO projects (registrations_id,year) VALUES (
+		
 					$registrations_id, '{$config['FAIRYEAR']}')");
+		$stmt->execute();
 		happy_('Created student and project record');
 	}
 
 	/* Update registration */
-	mysql_query("UPDATE registrations SET 
+	$stmt = $pdo->prepare("UPDATE registrations SET 
 					num='$registration_num',
 					status='$registration_status',
 					email='$registration_email'
 				WHERE 
 					id='$registrations_id'");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 
 	/* And the fairs_id, override anythign specified 
 	 * if the user is a fair, force their own fairs_id */
 	if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
-	mysql_query("UPDATE projects SET 
+	$stmt = $pdo->prepare("UPDATE projects SET 
 					fairs_id='$fairs_id'
 				WHERE 
 					registrations_id='$registrations_id'");
-	echo mysql_error();
+	$stmt->execute();
+	echo $pdo->errorInfo();
 	happy_('Information Saved');
 	echo "<script language=\"javascript\" type=\"text/javascript\">";
 	echo "registrations_id=$registrations_id;";
diff --git a/admin/tours_assignments.php b/admin/tours_assignments.php
index db125345..d6e71e10 100644
--- a/admin/tours_assignments.php
+++ b/admin/tours_assignments.php
@@ -30,9 +30,10 @@
  /* Load Tours */
  $query = "SELECT * FROM tours WHERE 
 		year='{$config['FAIRYEAR']}'";
- $r = mysql_query($query);
+ $r = $pdo->prepare($query);
+ $r->execute();
  $tours = array();
- while($i = mysql_fetch_object($r)) {
+ while($i = $r->fetch(PDO::FETCH_OBJ)) {
 	$tours[$i->id]['name'] = $i->name;
 	$tours[$i->id]['num'] = $i->num;
  }
@@ -42,8 +43,9 @@
 
 	$query="SELECT * FROM students WHERE id='$sid'
 			AND year='{$config['FAIRYEAR']}'";
-	$r = mysql_query($query);
-	$i = mysql_fetch_object($r);
+	$r = $pdo->prepare($query);
+	$r->execute();
+	$i = $r->fetch(PDO::FETCH_OBJ);
 
 	send_popup_header(i18n('Student Tour Rank Information - %1 %2',
 				array($i->firstname, $i->lastname)));
@@ -51,10 +53,11 @@
 				WHERE students_id='$sid'
 				AND year='{$config['FAIRYEAR']}'
 				ORDER BY rank";
-	$r = mysql_query($query);
+	$r = $pdo->prepare($query);
+	$r->execute();
 	echo '<table>';
-	$count = mysql_num_rows($r);
-	while($i = mysql_fetch_object($r)) {
+	$count = $r->rowwCount();
+	while($i = $r->fetch(PDO::FETCH_OBJ)) {
 		echo '<tr><td align="right">';
 		if($i->rank == 0) {
 			echo '<b><nobr>'.i18n('Current Assigned Tour').':</nobr></b>';
@@ -152,23 +155,26 @@ function switchinfo()
 			/* Make sure the student exists */
 			$sid = intval($sid);
 
-			$q = mysql_query("SELECT registrations_id FROM students 
+			$q = $pdo->prepare("SELECT registrations_id FROM students 
 					WHERE id='$sid'");
-			$i = mysql_fetch_object($q);
+			$q->execute();
+			$i = $q->fetch(PDO::FETCH_OBJ);
 			$rid = $i->registrations_id;
 
 			/* Delete any old linking */
-			mysql_query("DELETE FROM tours_choice WHERE
+			$stmt = $pdo->prepare("DELETE FROM tours_choice WHERE
 					students_id='$sid' AND
 					year='{$config['FAIRYEAR']}' AND
 					rank='0'");
+			$stmt->execute();
 			/* Connect this student to this tour */
-			mysql_query("INSERT INTO tours_choice 
+			$stmt = $pdo->prepare("INSERT INTO tours_choice 
 					(`students_id`,`registrations_id`,
 						`tour_id`,`year`,`rank`)
 					VALUES (
 					'$sid', '$rid', '$tours_id',
 					'{$config['FAIRYEAR']}','0')");
+			$stmt->execute();
 			$added++;
 		}
 		if($added==1) $j=i18n("student");
@@ -182,10 +188,11 @@ function switchinfo()
 	$students_id = intval($_GET['students_id']);
 
 	if($_GET['action']=='del' && $tours_id>0 && $students_id>0) {
-		mysql_query("DELETE FROM tours_choice 
+		$stmt = $pdo->prepare("DELETE FROM tours_choice 
 				WHERE students_id='$students_id' 
 				AND year='{$config['FAIRYEAR']}'
 				AND rank='0'");
+		$stmt->execute();
 
 		echo happy(i18n("Removed student from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
 
@@ -193,10 +200,11 @@ function switchinfo()
 
 	if($_GET['action']=="empty" && $tours_id>0)
 	{
-		mysql_query("DELETE FROM tours_choice WHERE 
+		$stmt=$po->prepare("DELETE FROM tours_choice WHERE 
 				tour_id='$tours_id'
 				AND year='{$config['FAIRYEAR']}'
 				AND rank='0'");
+		$stmt->execute();
 		echo happy(i18n("Emptied all students from tour #%1 (%2)",array($tours[$tours_id]['num'],$tours[$tours_id]['name'])));
 	}
 
@@ -241,13 +249,14 @@ function switchinfo()
 				students.firstname,
 				tours_choice.rank";
 
-	$q=mysql_query($querystr);
+	$q=$pdo->prepare($querystr);
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
 	$student = array();
 	$last_student_id = -1;
-	while($r=mysql_fetch_object($q))
+	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		$id = $r->id;
 		$tours_id = $r->tour_id;
diff --git a/admin/tours_manager.php b/admin/tours_manager.php
index 93a0cf45..1a14554b 100644
--- a/admin/tours_manager.php
+++ b/admin/tours_manager.php
@@ -38,10 +38,12 @@
 
 
  if($_GET['action'] == 'renumber') {
- 	$q = mysql_query("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
+ 	$q = $pdo->prepare("SELECT id FROM tours WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
 	$x = 1;
-	while($i = mysql_fetch_object($q)) {
-		mysql_query("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
+	while($i = $q->fetch(PDP::FETCH_OBJ)) {
+		$stmt = $pdo->prepare("UPDATE tours SET num='$x' WHERE id='{$i->id}'");
+		$stmt->execute();
 		$x++;
 	}
 	echo happy(i18n('Tours successfully renumbered'));
diff --git a/admin/tours_sa.php b/admin/tours_sa.php
index d8bf9059..e1642666 100644
--- a/admin/tours_sa.php
+++ b/admin/tours_sa.php
@@ -44,8 +44,9 @@ TRACE("<pre>");
 function set_status($txt)
 {
 	TRACE("Status: $txt\n");
-	mysql_query("UPDATE config SET val='$txt' WHERE 
+	$stmt = $pdo->prepare("UPDATE config SET val='$txt' WHERE 
 			var='tours_assigner_activity' AND year=0");
+	$stmt->execute();
 }
 
 $set_percent_last_percent = -1;
@@ -56,8 +57,9 @@ function set_percent($n)
 	if($p == $set_percent_last_percent) return;
 	TRACE("Progress: $p\%\n");
 	$set_percent_last_percent = $p;
-	mysql_query("UPDATE config SET val='$p' WHERE 
+	$stmt=$pdo->prepare("UPDATE config SET val='$p' WHERE 
 			var='tours_assigner_percent' AND year=0");
+	$stmt->execute();
 }
 
 set_status("Initializing...");
@@ -180,19 +182,21 @@ function tour_cost_function($annealer, $bucket_id, $ids)
 
 set_status("Cleaning existing tour assignments...");
 TRACE("\n\n");
-$q=mysql_query("DELETE FROM tours_choice 
+$q=$pdo->prepare("DELETE FROM tours_choice 
 		WHERE year='{$config['FAIRYEAR']}'
 		AND rank='0'");
+$q->execute();
 
 set_status("Loading Data From Database...");
 TRACE("\n\n");
 TRACE("Tours...\n");
 $tours = array();
-$q=mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+$q=$pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+$q-->execute();
 $x=0;
 /* Index with $x here, because these need to match up with the bucket ids of
  * the annealer */
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$tours[$x]['capacity'] = $r->capacity; 
 	$tours[$x]['grade_min'] = $r->grade_min; 
 	$tours[$x]['grade_max'] = $r->grade_max; 
@@ -204,7 +208,7 @@ while($r=mysql_fetch_object($q)) {
 
 $students = array();
 TRACE("Loading Students...\n");
-$q=mysql_query("SELECT students.id,students.grade,
+$q=$pdo->prepare("SELECT students.id,students.grade,
 			students.registrations_id,
 			students.schools_id,
 			students.firstname, students.lastname
@@ -217,9 +221,10 @@ $q=mysql_query("SELECT students.id,students.grade,
 		ORDER BY
 			students.id
 			");
+	$q->execute();
 $last_sid = -1;
-TRACE(mysql_error());
-while($r=mysql_fetch_object($q)) {
+TRACE($pdo->errorInfo());
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$sid = $r->id;
 	$students[$sid]['name'] = $r->firstname.' '.$r->lastname;
 	$students[$sid]['grade'] = $r->grade;
@@ -231,12 +236,13 @@ $student_ids = array_keys($students);
 TRACE("   ".(count($student_ids))." students loaded\n");
 
 TRACE("Loading Tour Selection Preferences...\n");
-$q=mysql_query("SELECT * FROM tours_choice WHERE
+$q=$pdo->prepare("SELECT * FROM tours_choice WHERE
 			tours_choice.year='{$config['FAIRYEAR']}' 
 			ORDER BY rank ");
-TRACE(mysql_error());
+$q->execute();
+TRACE($pdo->errorInfo());
 $x=0;
-while($r=mysql_fetch_object($q)) {
+while($r=$q->fetch(PDO::FETCH_OBJ)) {
 	$sid = $r->students_id;
 	if(!array_key_exists($sid, $students)) continue;
 	$students[$sid]['rank'][$r->rank] = $r->tour_id;
@@ -269,13 +275,14 @@ foreach($tours as $x=>$t) {
 		$s = $students[$sid];
 		$tids = implode(' ', $s['rank']);
 		TRACE("   - {$s['name']} ($tids) (g:{$s['grade']} sid:{$sid} sch:{$s['schools_id']})\n");
-		mysql_query("INSERT INTO tours_choice 
+		$stmt = $pdo->prepare("INSERT INTO tours_choice 
 				(`students_id`,`registrations_id`,
 						`tour_id`,`year`,`rank`)
 				VALUES (
 				'$sid', '{$s['registrations_id']}', 
 				'{$t['id']}', '{$config['FAIRYEAR']}',
 				'0')");
+		$stmt->execute();
 	}
 }
 
diff --git a/admin/tours_sa_config.php b/admin/tours_sa_config.php
index 6fe73374..ff0218ed 100644
--- a/admin/tours_sa_config.php
+++ b/admin/tours_sa_config.php
@@ -54,14 +54,15 @@ ogram; see the file COPYING.  If not, write to
  function tours_check_tours()
  {
  	global $config;
-	$q = mysql_query("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
-	return mysql_num_rows($q);
+	$q = $pdo->prepare("SELECT * FROM tours WHERE year='{$config['FAIRYEAR']}'");
+	$q->execute();
+	return $q->rowCount();
  }
 
  function tours_check_students()
  {
  	global $config;
-	$q=mysql_query("SELECT students.id
+	$q=$pdo->prepare("SELECT students.id
 		FROM students
 			LEFT JOIN tours_choice ON (tours_choice.students_id=students.id)
 			LEFT JOIN registrations ON (registrations.id=students.registrations_id)
@@ -72,11 +73,13 @@ ogram; see the file COPYING.  If not, write to
 		ORDER BY
 			students.id, tours_choice.rank
 			");
-	return mysql_num_rows($q);
+	$q->execute();
+	return $q->rowCount();
  }
 
  if($_GET['action']=="reset") {
- 	mysql_query("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
+ 	$stmt = $pdo->prepare("UPDATE config SET `val`='-1' WHERE `var`='tours_assigner_percent' AND `year`=0");
+	$stmt->execute();
 	$config['tours_assigner_percent']=="-1";
 	echo happy(i18n("Judge assigner status forcibly reset"));
  }
diff --git a/admin/translations.php b/admin/translations.php
index 78fc446c..2df97d58 100644
--- a/admin/translations.php
+++ b/admin/translations.php
@@ -48,14 +48,16 @@ if($_POST['action']=="save") {
     //first, delete anything thats supposed to eb deleted
     if(count($_POST['delete'])) {
         foreach($_POST['delete'] AS $del) {
-            mysql_query("DELETE FROM translations WHERE lang='".mysql_real_escape_string($_SESSION['translang'])."' AND strmd5='".mysql_real_escape_string($del)."'"); 
+            
+            $stmt = $pdo->prepare("DELETE FROM translations WHERE lang='".$_SESSION['translang']."' AND strmd5='".$del."'"); 
+            $stmt->execute();
         }
         echo happy(i18n("Translation(s) deleted"));
     }
     if($_POST['changedFields']) {
         $changed=split(",",$_POST['changedFields']);
         foreach($changed AS $ch) {
-            mysql_query("UPDATE translations SET val='".mysql_escape_string(stripslashes($_POST['val'][$ch]))."' WHERE strmd5='".mysql_real_escape_string($ch)."' AND lang='".mysql_real_escape_string($_SESSION['translang'])."'");
+            $stmt = $pdo->prepare("UPDATE translations SET val='".stripslashes($_POST['val'][$ch])."' WHERE strmd5='".$ch."' AND lang='".$_SESSION['translang']."'");
         }
         echo happy(i18n("Translation(s) saved"));
     }
@@ -67,8 +69,9 @@ echo i18n("Choose a language to manage translations for");
 echo "</td><td>";
 echo "<form name=\"langswitch\" method=\"get\" action=\"translations.php\">";
 echo "<select name=\"translang\" onchange=\"document.forms.langswitch.submit()\">";
-$q=mysql_query("SELECT * FROM languages WHERE lang!='en'");
-while($r=mysql_fetch_object($q))
+$q=$pdo->prepare("SELECT * FROM languages WHERE lang!='en'");
+$q->execute();
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	if($_SESSION['translang']==$r->lang){ $sel="selected=\"selected\""; $translangname=$r->langname;} else $sel="";
 	echo "<option $sel value=\"$r->lang\">$r->langname</option>";
@@ -98,8 +101,9 @@ echo "<br />";
 if($show=="missing") $showquery="AND ( val is null OR val='' )";
 else $showquery="";
 
-$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
-$num=mysql_num_rows($q);
+$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['translang']."' $showquery ORDER BY str");
+$q->execute();
+$num=$q->rowCount();
 echo i18n("Showing %1 translation strings",array($num),array("number of strings"));
 
 echo "<form method=\"post\" action=\"translations.php\">";
@@ -126,7 +130,7 @@ echo "<tr><th>";
 echo "<img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\">\n";
 echo "</th>";
 echo "<th>".i18n("English")." / ".$translangname."</th></tr>\n";
-while($r=mysql_fetch_object($q))
+while($r=$q->fetch(PDO::FETCH_OBJ))
 {
 	echo "<tr>";
 	echo "<td valign=\"top\" rowspan=\"2\">";
diff --git a/admin/user_editor_window.php b/admin/user_editor_window.php
index 22ba5d77..a7007aaf 100644
--- a/admin/user_editor_window.php
+++ b/admin/user_editor_window.php
@@ -85,12 +85,13 @@ $tabs = array(	'fairinfo' => array(
 if(array_key_exists('username',$_GET)) {
 	$username = $_GET['username'];
 	$type = $_GET['type'];
-	$un = mysql_escape_string($username);
-	$q = mysql_query("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
-echo mysql_error();
+	$un = $username;
+	$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
+	$q->execute();
+echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q)) {
-		$r = mysql_fetch_object($q);
+	if($q->rowCount()) {
+		$r = $q->fetch(PDO::FETCH_OBJ);
 		if($r->deleted == 'no') {
 			/* Load the user */
 			$u = user_load_by_email($username);
@@ -104,7 +105,8 @@ echo mysql_error();
 			}
 		} else {
 			//undelete them?
-			mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
+			$stmt->execute();
 			//then load them?
 			$u = user_load($r->id);
 		}
diff --git a/admin/user_list.php b/admin/user_list.php
index 23a399dc..7f331a80 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -161,10 +161,11 @@ function update (id)
 		$user = user_load($id);
 
 		// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
-		$query = mysql_query("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
+		$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
 					ORDER BY year DESC LIMIT 1");
+		$query->execute();
 
-		$user_new = mysql_fetch_assoc($query);
+		$user_new = $query->fetch(PDO::FETCH_ASSOC);
 
 		// Make sure our user is NOT in the current FAIRYEAR (again, this helps with page refresh to work )
 		if ($user_new['year'] != $config['FAIRYEAR']) {
@@ -174,10 +175,11 @@ function update (id)
 			message_push(happy(i18n('User Updated')));
 
 			//find the newly updated user
-			$q_reload = mysql_query("SELECT id FROM users WHERE uid='{$user['uid']}'
+			$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid='{$user['uid']}'
 						ORDER BY year DESC LIMIT 1");
+			$q_reload->execute();
 
-			$reload_user = mysql_fetch_assoc($q_reload);
+			$reload_user = $q_reload->fetch(PDO::FETCH_ASSOC);
 			
 			?>
 			<script language="javascript" type="text/javascript">
diff --git a/admin/winners.php b/admin/winners.php
index d62fbae0..29ac2e20 100644
--- a/admin/winners.php
+++ b/admin/winners.php
@@ -52,20 +52,23 @@ case 'addwinner':
 	}
 	
 	//first check how many we are allowed to have
-	$q=mysql_query("SELECT number FROM award_prizes WHERE id='$prize_id'");
-	echo mysql_error();
-	$r=mysql_fetch_assoc($q);
+	$q=pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 	$number=$r['number'];
 
 	/* Get the award info */
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
-	echo mysql_error();
-	$a=mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	$a=$q->fetch(PDO::FETCH_ASSOC);
 
 	/* Get the project */
-	$q = mysql_query("SELECT fairs_id FROM projects WHERE id='$projects_id'");
-	echo mysql_error();
-	$p=mysql_fetch_assoc($q);
+	$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
+	$q->execute();
+	echo $pdo->errorInfo();
+	$p=$q->fetch(PDO::FETCH_ASSOC);
 	$fairs_id = $p['fairs_id'];
 
 	/* Quick sanity check don't let a fair user do an assignment for someone not
@@ -77,24 +80,27 @@ case 'addwinner':
 
 	if($a['per_fair'] == 'yes') {
 		/* Count is the number of this fair already assigned */
-		$q=mysql_query("SELECT COUNT(*) AS count FROM winners 
+		$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners 
 						LEFT JOIN projects ON winners.projects_id=projects.id
 					WHERE 
 						projects.fairs_id='$fairs_id'
 						awards_prizes_id='$prize_id'");
-		echo mysql_error();
-		$r=mysql_fetch_assoc($q);
+		$q->execute();
+		echo $pdo->errorInfo();
+		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	} else {
 		/* Count is the total number assigned */
-		$q=mysql_query("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
-		echo mysql_error();
-		$r=mysql_fetch_assoc($q);
+		$q=$pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
+		$q->execute();
+		echo $pdo->errorInfo();
+		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$count=$r['count'];
 	}
 
 	if($count<$number) {
-		mysql_query("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
+		$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
+		$stmt->execute();
 		happy_("Winning project added");
 	} else {
 		error_("This prize cannot accept any more winners.  Maximum: %1",$number);
@@ -107,14 +113,15 @@ case 'deletewinner':
 	$projects_id = intval($_GET['projects_id']);
 
 	if($prize_id && $projects_id) {
-		mysql_query("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
+		$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
+		$stmt->execute();
 		happy_("Winning project removed");
 	}
 	exit;
 case 'award_load':
 	$fairs_id = intval($_GET['fairs_id']);
 	/* Load the award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -132,14 +139,15 @@ case 'award_load':
 				AND 	award_types.year=award_awards.year
 				AND	award_awards.id='$award_awards_id'
 			");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q) != 1) {
+	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to load $award_awards_id");
 		exit;
 	}
-	$r=mysql_fetch_assoc($q);
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 	print_award($r, $fairs_id);
 	exit;
 
@@ -150,7 +158,7 @@ case 'edit_load':
 //	if($auth_type == 'fair') $fairs_id = $_SESSION['fairs_id'];
 
 	/* Load the award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_awards.id,
 				award_awards.name,
 				award_awards.criteria,
@@ -168,15 +176,16 @@ case 'edit_load':
 				AND 	award_types.year=award_awards.year
 				AND	award_awards.id='$award_awards_id'
 			");
+	$q->execute();
 
-	echo mysql_error();
+	echo $pdo->errorInfo();
 
-	if(mysql_num_rows($q) != 1) {
+	if($q->rowCount() != 1) {
 		echo i18n("Invalid award to edit $award_awards_id");
 		exit;
 	}
 
-	$r=mysql_fetch_assoc($q);
+	$r=$q->fetch(PDO::FETCH_ASSOC);
 
 	$editor_data = array();
 
@@ -203,14 +212,16 @@ case 'edit_load':
 
 case 'additional_materials':
 	$fairs_id = intval($_GET['fairs_id']);
-	$q = mysql_query("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
+	$q->execute();
 	if($fairs_id == 0) {
 		echo "Unsupported Action: Can't get additional materials for fairs_id=0.  Edit the project and set it's fair to anything except 'Local/Unspecified'.";
 		exit;
 	}
-	$a = mysql_fetch_assoc($q);
-	$q = mysql_query("SELECT * FROM fairs WHERE id='$fairs_id'");
-	$fair = mysql_fetch_assoc($q);
+	$a = $q->fetch(PDO::FETCH_ASSOC);
+	$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
+	$q->execute();
+	$fair = $q->fetch(PDO::FETCH_ASSOC);
 	$pdf = fair_additional_materials($fair, $a, $config['FAIRYEAR']);
 	foreach($pdf['header'] as $h) header($h);
 	echo $pdf['data'];
@@ -423,7 +434,7 @@ echo "<br />";
 
 $fairs_id = ($auth_type == 'fair') ? $_SESSION['fairs_id'] : 0;
 
-while($r=mysql_fetch_assoc($q)) {
+while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 	if($r['per_fair'] == 'yes' && $auth_type != 'fair') {
 ?>		<?=$r['type']?> - <?=$r['name']?>
 		<span style="font-size: 0.8em; font-style: italic;">(<?=$r['organization']?>)</span><br />
@@ -472,7 +483,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 	
 
 	/* Load prizes for this award */
-	$q=mysql_query("SELECT 
+	$q=$pdo->prepare("SELECT 
 				award_prizes.prize,
 				award_prizes.number,
 				award_prizes.id,
@@ -485,11 +496,12 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 				AND award_prizes.year='{$config['FAIRYEAR']}'
 			ORDER BY 
 				`order`");
-	echo mysql_error();
+	$q->execute();
+	echo $pdo->errorInfo();
 	
 	echo "<table width=\"100%\"><tr><td>";
 	$has_winners = false;
-	while($pr=mysql_fetch_object($q)) {
+	while($pr=$q->fetch(PDO::FETCH_OBJ)) {
 
 		if($editor == true) {
 			echo '<br /><hr />';
@@ -508,7 +520,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 		}
 
 		/* Load winners for this prize */
-		$cq=mysql_query("SELECT winners.projects_id,
+		$cq=$pdo->prepare("SELECT winners.projects_id,
 					projects.projectnumber,
 					projects.title,
 					projects.fairs_id
@@ -518,8 +530,9 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 				WHERE 
 					winners.awards_prizes_id='{$pr->id}'
 					$fairs_where ");
-		echo mysql_error();
-		$count = mysql_num_rows($cq);
+		$cq->execute();
+		echo $pdo->errorInfo();
+		$count = $cq->rowCount();
 //		echo "winners=$count";
 
 		/* Print count */ 
@@ -531,7 +544,7 @@ function print_award(&$r, $fairs_id, $editor=false, $editor_data=array())
 
 		/* List current winners for this prize */
 		$winners = array();
-		while($w = mysql_fetch_assoc($cq)) {
+		while($w = $cq->fetch(PDO::FETCH_ASSOC)) {
 			if($w['projectnumber']) {
 				echo "&nbsp;&nbsp;&nbsp;&nbsp;";
 				if($editor == true) {