";
- $q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var");
+ $q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
+ $q->execute();
echo "| ";
echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing");
echo " |
";
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
echo "| $r->var - ".i18n($r->description)." | $r->val |
";
}
diff --git a/config_editor.inc.php b/config_editor.inc.php
index 31e0b1c..db8dfef 100644
--- a/config_editor.inc.php
+++ b/config_editor.inc.php
@@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
OR config.year='-1')
ORDER BY config.year DESC";
$r2 = ($q);
- if(mysql_num_rows($r2) < 1) {
+ if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist";
exit;
@@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
- '".pdo->quote($v->var)."',
- '".pdo->quote($v->val)."',
- '".pdo->quote($v->category)."',
- '".pdo->quote($v->type)."',
- '".pdo->quote($v->type_values)."',
- '".pdo->quote($v->ord)."',
- '".pdo->quote($v->description)."',
+ '".$v->var."',
+ '".$v->val."',
+ '".$v->category."',
+ '".$v->type."',
+ '".$v->type_values."',
+ '".$v->ord."',
+ '".$v->description."',
'$fairyear')");
}
}
@@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
print("");
$val = htmlspecialchars($var[$k]['val']);
- $name = "${array_name}[$k]";
+ $name = "{$array_name}[$k]";
switch($var[$k]['type']) {
case "yesno":
diff --git a/db/db.update.116.php b/db/db.update.116.php
index b073c6f..aea9f00 100644
--- a/db/db.update.116.php
+++ b/db/db.update.116.php
@@ -4,38 +4,44 @@ function db_update_116_post()
global $config;
/* Fix the users that have a 0 year */
- $q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
- echo mysql_error();
+ $q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
+ $q->execute();
+ echo $pdo->errorInfo();
/* Fix users without a username */
- mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''");
+ $stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
+ $stmt->execute();
/*randomize usernames for any user that doesnt have a username at this point */
- $q=mysql_query("SELECT id FROM `users` WHERE username=''");
+ $q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
+ $q->execute();
//this is ripped from user.inc.php's generate passsword function.
//yes there's a chance of collisions, but i think highly unlikely enough that we
//dont need to worry about it.
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
$len=strlen($available) - 1;
- while($r=mysql_fetch_object($q)) {
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
$username="";
for($x=0;$x<16;$x++)
$username.=$available{rand(0,$len)};
- mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'");
+ $stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
+ $stmt->execute();
}
//okay now finally, there's a chance of duplicates from
//committee/volunteer that were in here before, so we need to merge
//them
- $q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'");
- while($r = mysql_fetch_assoc($q)) {
+ $q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
+ $q->execute();
+ while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$orig_r = $r;
- $qq = mysql_query("SELECT * FROM `users` WHERE
+ $qq = $pdo->prepare("SELECT * FROM `users` WHERE
(`username`='{$r['username']}' OR `email`='{$r['email']}')
AND `id`!={$r['id']}");
- if(mysql_num_rows($qq) == 0) continue;
+ $qq->execute();
+ if($qq->rowCount() == 0) continue;
echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@@ -48,7 +54,7 @@ function db_update_116_post()
* */
$delete_ids = array();
$delete_userids = array();
- while($rr = mysql_fetch_assoc($qq)) {
+ while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$delete_ids[] = "`id`={$rr['id']}";
$delete_userids[] = "`users_id`={$rr['id']}";
$keys = array_keys($rr);
@@ -86,7 +92,8 @@ function db_update_116_post()
}
if(count($set)) {
$query = join(',',$set);
- mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}");
+ $stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
+ $stmt->execute();
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
}
@@ -96,38 +103,47 @@ function db_update_116_post()
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
/* Delete the dupe */
- mysql_query("DELETE FROM `users` $where_id");
+ $stmt = $pdo->prepare("DELETE FROM `users` $where_id");
+ $stmt->execute();
/* Update volunteer linkage */
- mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
- mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
+ $stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
+ $stmt->execute();
+ $stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
+$stmt->execute();
echo "done with this user.\n";
}
/* Create volunteer database entries for any that don't exist */
- $q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
- while($i = mysql_fetch_object($q)) {
- mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
+ $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
+ $q->execute();
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
+ $stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
VALUES ('{$i->id}','yes','{$i->complete}')");
- }
+
+ $stmt->execute();}
/* Update any remaining volunteer entries */
- $q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
- while($i = mysql_fetch_object($q)) {
- mysql_query("UPDATE users_volunteer
+ $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
+ $q->execute();
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
+ $stmt = $pdo->prepare("UPDATE users_volunteer
SET volunteer_complete='{$i->complete}'
WHERE users_id='{$i->id}'");
- echo mysql_error();
+ $stmt->execute();
+ echo $pdo->errorInfo();
}
/* Every committee member role should be activated */
- $q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'");
- while($i = mysql_fetch_object($q)) {
- mysql_query("UPDATE users_committee
+ $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
+ $q->execute();
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
+ $stmt = $pdo->prepare("UPDATE users_committee
SET committee_active='yes'
WHERE users_id='{$i->id}'");
- echo mysql_error();
+ $stmt->execute();
+ echo $pdo->errorInfo();
}
/* Convert Judges */
@@ -136,11 +152,12 @@ function db_update_116_post()
$jsal = array();
/* Select all judges, duplicate rows for each year */
- $jq = mysql_query("SELECT * FROM judges
+ $jq = $pdo->prepare("SELECT * FROM judges
LEFT JOIN judges_years ON judges_years.judges_id=judges.id
ORDER BY year");
+ $jq->execute();
- while($j = mysql_fetch_object($jq)) {
+ while($j = $jq->fetch(PDO::FETCH_OBJ)) {
if(!is_array($map[$j->id])) {
$map[$j->id] = array('uid' => '');
@@ -149,28 +166,28 @@ function db_update_116_post()
$u = array( 'id' => '',
'uid' => $map[$j->id]['uid'],
'types' => 'judge',
- 'firstname' => mysql_escape_string($j->firstname),
- 'lastname' => mysql_escape_string($j->lastname),
- 'username' => mysql_escape_string($j->email),
- 'email' => mysql_escape_string($j->email),
+ 'firstname' => $j->firstname,
+ 'lastname' => $j->lastname,
+ 'username' => $j->email,
+ 'email' => $j->email,
'sex' => '',
- 'password' => mysql_escape_string($j->password),
+ 'password' => $j->password,
'passwordset' => $j->lastlogin,
'oldpassword' => '',
'year' => $j->year,
- 'phonehome' => mysql_escape_string($j->phonehome),
- 'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")),
- 'phonecell' => mysql_escape_string($j->phonecell),
+ 'phonehome' => $j->phonehome,
+ 'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
+ 'phonecell' => $j->phonecell,
'fax' => '',
- 'organization' => mysql_escape_string($j->organization),
+ 'organization' => $j->organization,
'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
'created' => $j->created,
'lastlogin' => $j->lastlogin,
- 'address' => mysql_escape_string($j->address),
- 'address2' => mysql_escape_string($j->address2),
- 'city' => mysql_escape_string($j->city),
- 'province' => mysql_escape_string($j->province),
- 'postalcode' => mysql_escape_string($j->postalcode),
+ 'address' => $j->address,
+ 'address2' => $j->address2,
+ 'city' => $j->city,
+ 'province' => $j->province,
+ 'postalcode' => $j->postalcode,
'firstaid' => 'no',
'cpr' => 'no',
'deleted' => $j->deleted,
@@ -179,20 +196,22 @@ function db_update_116_post()
$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
//check if a user already exists with this username
- $uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'");
- if($j->email && $ur=mysql_fetch_object($uq)) {
+ $uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
+ $uq->execute();
+ if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
$id=$ur->id;
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
$sqlset="";
foreach($u AS $f=>$v) {
if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
- $sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', ";
+ $sqlset.="`$f`='".$j->$f."', ";
}
}
- $sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'";
- mysql_query($sql);
- echo mysql_error();
+ $sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
+ $stmt = $pdo->prepare($sql);
+ $stmt->execute();
+ echo $pdo->errorInfo();
echo " Updated user record with judge info, but only merged:\n";
echo " ($sqlset)\n";
@@ -202,21 +221,23 @@ function db_update_116_post()
/* Insert the judge */
$fields = '`'.join('`,`', array_keys($u)).'`';
$vals = "'".join("','", array_values($u))."'";
- $q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)");
- $id = mysql_insert_id();
+ $q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
+ $q->execute();
+ $id = $pdo->lastInsertId();
if($map[$j->id]['uid'] == '') {
$map[$j->id]['uid'] = $id;
- $q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'");
+ $q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
+ $q->execute();
}
}
$uj = array( 'users_id' => "$id",
'judge_active' => 'yes',
- 'highest_psd' => mysql_escape_string($j->highest_psd),
+ 'highest_psd' => $j->highest_psd,
'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
- 'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):'').
- $j->expertise_other),
+ 'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
+ $j->expertise_other,
/* These need to get pulled from the questions */
'years_school' => $j->years_school,
'years_regional' => $j->years_regional,
@@ -227,33 +248,36 @@ function db_update_116_post()
// $j->attending_lunch,
/* catprefs */
- $q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+ $q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+ $q->execute();
$catpref = array();
- while($i = mysql_fetch_object($q)) {
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
$catpref[$i->projectcategories_id] = $i->rank;
}
- $uj['cat_prefs'] = mysql_escape_string(serialize($catpref));
+ $uj['cat_prefs'] = serialize($catpref);
/* divprefs and subdivision prefs */
- $q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+ $q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+ $q->execute();
$divpref = array();
$divsubpref = array();
- while($i = mysql_fetch_object($q)) {
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
if($i->projectdivisions_id)
$divpref[$i->projectdivisions_id] = $i->val;
else if ($i->projectsubdivisions_id)
$divsubpref[$i->projectsubdivisions_id] = $i->val;
}
- $uj['div_prefs'] = mysql_escape_string(serialize($divpref));
- $uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref));
+ $uj['div_prefs'] = serialize($divpref);
+ $uj['divsub_prefs'] = serialize($divsubpref);
/* languages */
- $q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
+ $q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
+ $q->execute();
$langs = array();
- while($i = mysql_fetch_object($q)) {
+ while($i = $q->fetch(PDO::FETCH_OBJ)) {
$langs[] = $i->languages_lang;
}
- $uj['languages'] = mysql_escape_string(serialize($langs));
+ $uj['languages'] = serialize($langs);
/* Map judges questions back to the profile. We're going to keep questions we need for
* judge scheduling as hard-coded questions so users can't erase them.
@@ -264,25 +288,27 @@ function db_update_116_post()
'willing_chair' => 'Willing Chair');
foreach($qmap as $field=>$head) {
/* Find the question ID */
- $q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
- if(mysql_num_rows($q) == 0) {
+ $q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
+ $q->execute();
+ if($q->rowCount() == 0) {
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
continue;
}
- $i = mysql_fetch_object($q);
+ $i = $q->fetch(PDO::FETCH_OBJ);
/* Now find the answer */
- $q = mysql_query("SELECT * FROM question_answers WHERE
+ $q = $pdo->prepare("SELECT * FROM question_answers WHERE
year='{$j->year}' AND
registrations_id='{$j->id}' AND
questions_id='{$i->id}'");
- echo mysql_error();
- if(mysql_num_rows($q) == 0) {
+ $q->execute();
+ echo $pdo->errorInfo();
+ if($q->rowCount() == 0) {
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
continue;
}
- $i = mysql_fetch_assoc($q);
+ $i = $q->fetch(PDO::FETCH_ASSOC)
$uj[$field] = $i['answer'];
}
@@ -290,42 +316,55 @@ function db_update_116_post()
$fields = '`'.join('`,`', array_keys($uj)).'`';
$vals = "'".join("','", array_values($uj))."'";
- $q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)");
- echo mysql_error();
+ $q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
+ $q->execute();
+ echo $pdo->errorInfo();
/* FIXUP all the judging tables (but don't write back yet, we don't want to
* accidentally create a duplicate judges_id and overwrite it later) */
/* judges_teams_link */
- $q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
- while($i = mysql_fetch_object($q))
+ $q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+
+$q->execute();
+ while($i = $q->fetch(PDO::FETCH_OBJ))
$jtl[$i->id] = $id;
/* judges_specialawards_sel */
- $q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
- echo mysql_error();
- while($i = mysql_fetch_object($q))
+ $q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+
+$q->execute();
+ echo $pdo->errorInfo();
+ while($i = $q->fetch(PDO::FETCH_OBJ))
$jsal[$i->id] = $id;
/* question_answers */
- $q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
- echo mysql_error();
- while($i = mysql_fetch_object($q))
+ $q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
+
+$q->execute();
+ echo $pdo->errorInfo();
+ while($i = $q->fetch(PDO::FETCH_OBJ))
$qa[$i->id] = $id;
}
/* Now write back the judge ids */
if(count($jtl)) {
foreach($jtl as $id=>$new_id)
- $q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
+ $q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
+
+$q->execute();
}
if(count($jsal)) {
foreach($jsal as $id=>$new_id)
- $q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
+ $q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
+
+$q->execute();
}
if(count($qa)) {
foreach($qa as $id=>$new_id)
- $q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
+ $q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
+
+$q->execute();
}
}
?>
diff --git a/db/db.update.122.php b/db/db.update.122.php
index 776ae77..01a3d28 100644
--- a/db/db.update.122.php
+++ b/db/db.update.122.php
@@ -4,9 +4,10 @@ function db_update_122_post()
{
global $config;
$year = $config['FAIRYEAR'];
- $q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'");
+ $q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
+ $q->execute();
$round = array();
- while($r = mysql_fetch_assoc($q)) {
+ while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$type = $r['type'];
if(!array_key_exists($type, $round)) {
@@ -25,19 +26,23 @@ function db_update_122_post()
}
foreach($round as $type=>$d) {
- mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
+ $stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
- $round_id = mysql_insert_id();
+ $stmt->execute();
+ $round_id = $pdo->lastInsertId();
- mysql_query("UPDATE judges_timeslots SET
+ $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='$round_id', type='timeslot'
+
WHERE type='$type' AND year='$year'");
-
+ $stmt->execute();
/* Undo the set we just did to the round we just inserted */
- mysql_query("UPDATE judges_timeslots SET
+ $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='0',type='$type'
+
WHERE id='$round_id'");
- }
+ $stmt->execute();
+}
}
?>
diff --git a/db/db.update.129.php b/db/db.update.129.php
index 84add4c..b8949ba 100644
--- a/db/db.update.129.php
+++ b/db/db.update.129.php
@@ -5,29 +5,31 @@ function db_update_129_pre()
{
/* Load all external award sources */
$source_map = array();
- $q = mysql_query("SELECT * FROM award_sources");
- while($r = mysql_fetch_assoc($q)) {
+ $q = $pdo->prepare("SELECT * FROM award_sources");
+ $q->execute();
+ while($r = m$q->fetch(PDO::FETCH_ASSOC) {
/* Make a user, use the password generator to get
* a random username */
$u = db129_user_create('fair', db129_user_generate_password());
/* Add a Fair Entry */
- $name = mysql_escape_string($r['name']);
- $url = mysql_escape_string($r['url']);
- $website = mysql_escape_string($r['website']);
- $username = mysql_escape_string($r['username']);
- $password = mysql_escape_string($r['password']);
+ $name = $r['name'];
+ $url = $r['url'];
+ $website = $r['website'];
+ $username = $r['username'];
+ $password = $r['password'];
$en = ($r['enabled'] == 'no') ? 'no' : 'yes';
- mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
+ $stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
`url`,`website`,`username`,`password`,`enable_stats`,
`enable_awards`,`enable_winners`) VALUES (
'', '$name', '', 'ysf', '$url', '$web',
'$username','$password','no','$en','$en')");
+ $stmt->execute();
/* Link the fair to the user */
- $u['fairs_id'] = mysql_insert_id();
+ $u['fairs_id'] = $pdo->lastInsertId();
/* Record the old sources_id to new sources_id mapping */
$source_map[$r['id']] = $u['fairs_id'];
@@ -36,14 +38,16 @@ function db_update_129_pre()
}
/* Map all awards to their new source IDs */
- $q = mysql_query("SELECT * FROM award_awards");
+ $q = $pdo->prepare("SELECT * FROM award_awards");
+ $q->execute();
$keys = array_keys($source_map);
- while($r = mysql_fetch_assoc($q)) {
+ while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
$old_id = $r['award_sources_id'];
if(!in_array($old_id, $keys)) continue;
- $qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
+ $qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
WHERE id='{$r['id']}'");
+ $qq->execute();
}
diff --git a/db/db.update.129.user.inc.php b/db/db.update.129.user.inc.php
index cb7da30..082d407 100644
--- a/db/db.update.129.user.inc.php
+++ b/db/db.update.129.user.inc.php
@@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
$id = intval($user);
$query .= " `users`.`id`='$id'";
}
- $q=mysql_query($query);
+ $q=$pdo->prepare($query);
+ $q->execute();
- if(mysql_num_rows($q)!=1) {
- echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
+ if($q->rowCount()!=1) {
+ echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "";
// print_r(debug_backtrace());
return false;
}
- $ret = mysql_fetch_assoc($q);
+ $ret = $q->fetch(PDO::FETCH_ASSOC);
/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
* simply return the previous year (where deleted=no) */
@@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */
$save_old = false;
if($password == NULL) {
- $q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
- $u = mysql_fetch_assoc($q);
+ $q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
+ $q->execute();
+ $u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */
$password = db129_user_generate_password(12);
/* save the old password only if it's not an auto-generated one */
@@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
$save_set = 'NOW()';
}
- $p = mysql_escape_string($password);
+ $p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'";
- mysql_query($query);
- echo mysql_error();
+ $stmt = $pdo->prepare($query);
+ $stmt->execute();
+ echo $pdo->errorInfo();
return $password;
}
@@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
}
if(is_array($u[$f]))
- $data = mysql_escape_string(serialize($u[$f]));
+ $data = serialize($u[$f]);
else
- $data = mysql_escape_string(stripslashes($u[$f]));
+ $data = stripslashes($u[$f]);
$set .= "`$f`='$data'";
}
if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
- mysql_query($query);
- if(mysql_error()) {
- echo mysql_error();
+ $stmt = $pdo->prepare($query);
+ $stmt->execute();
+ if($pdo->errorInfo()) {
+ echo $pdo->errorInfo();
echo error("Full query: $query");
}
}
@@ -337,7 +341,7 @@ function db129_user_save($u)
// if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'";
- $data = mysql_escape_string(stripslashes($u[$f]));
+ $data = stripslashes($u[$f]);
$set .= "$f='$data'";
}
//echo "";
@@ -345,9 +349,10 @@ function db129_user_save($u)
//echo " ";
if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
- mysql_query($query);
+ $stmt = $pdo->prepare($query);
+ $stmt->execute();
// echo "query=[$query]";
- echo mysql_error();
+ echo $pdo->errorInfo();
}
/* Save the password if it changed */
@@ -364,7 +369,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u)
{
- mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+ $stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+ $stmt->execute();
}
function db129_user_delete_volunteer($u)
@@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
{
global $config;
$id = $u['id'];
- mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
- mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
-}
+ $stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
+ $stmt->execute();
+ $stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
+$stmt->execute();}
+
function db129_user_delete_fair($u)
{
@@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
- mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+ $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+ $stmt->execute();
} else {
$finish_delete = true;
}
@@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
$finish_delete = true;
}
if($finish_delete == true) {
- mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
+ $stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
+ $stmt->execute();
}
}
@@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
if($types != '') $types .= ',';
$types .= $t;
}
- mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+ $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+ $stmt->execute();
} else {
$finish_purge = true;
}
@@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
* out the entry */
call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u);
- mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+ $stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+ $stmt->execute();
} else {
/* Delete the whole user */
foreach($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u);
- mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+ $stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+ $stmt->execute();
}
$finish_purge = true;
}
if($finish_purge == true) {
- mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
+ $stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
+ $stmt->execute();
}
}
@@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{
global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */
- $q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
- if(mysql_num_rows($q) != 1) {
+ $q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
+ $q->execute();
+ if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit;
}
- $i = mysql_fetch_assoc($q);
+ $i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval;
foreach($i as $k=>$v) {
@@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
else if($k == 'year')
$i[$k] = $config['FAIRYEAR'];
else
- $i[$k] = '\''.mysql_escape_string($v).'\'';
+ $i[$k] = '\''.$v.'\'';
}
$keys = '`'.join('`,`', array_keys($i)).'`';
@@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]";
- $r = mysql_query($q);
- echo mysql_error();
+ $r = $pdo->prepare($q);
+ $r->execute();
+ echo $pdo->errorInfo();
- $id = mysql_insert_id();
+ $id = $pdo->lastInsertId();
return $id;
}
/* Used by the login scripts to copy one user from one year to another */
@@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
* - That previous entry has deleted=no */
/* Find the last entry */
- $q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
+ $q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1");
- $r = mysql_fetch_object($q);
+ $q->execute();
+ $r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit;
@@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
}
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
- $q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
+ $q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
+ $q->execute();
/* Load the new user */
$u2 = db129_user_load($id);
@@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
{
global $config;
if(!is_array($u)) {
- mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
+ $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
- echo mysql_error();
- $uid = mysql_insert_id();
- mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+ $stmt->execute();
+ echo $pdo->errorInfo();
+ $uid = $pdo->lastInsertId();
+ $stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
+ $stmt->execute();
db129_user_set_password($uid, NULL);
} else {
/* The user has been specified and already exists,
@@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
exit;
}
$new_types = implode(',', $u['types']).','.$type;
- mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
+ $stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
+ $stmt->execute();
}
switch($type) {
case 'volunteer':
- mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
+ $stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
+ $stmt->execute();
break;
case 'student':
-// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
- break;
+// $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
+$stmt->execute();
+break;
case 'judge':
- mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
+ $stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
+ $stmt->execute();
break;
case 'fair':
- mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
+ $stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
+ $stmt->execute();
break;
case 'committee':
- mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
+ $stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
+ $stmt->execute();
break;
case 'sponsor':
- mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
+ $stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
+ $stmt->execute();
break;
}
return db129_user_load($uid);
diff --git a/db/db.update.136.php b/db/db.update.136.php
index d65c9f9..c642cf7 100644
--- a/db/db.update.136.php
+++ b/db/db.update.136.php
@@ -4,7 +4,7 @@
function db_update_136_pre()
{
global $config;
- mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada',
+ $stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
`abbrv` = 'YSC',
`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
`enable_stats` = 'yes',
@@ -15,14 +15,16 @@ function db_update_136_pre()
WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
+ $stmt->execute();
- mysql_query("UPDATE fairs SET `abbrv` = 'STO',
+ $stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php',
`enable_stats` = 'yes',
`enable_awards` = 'yes',
`enable_winners` = 'yes'
WHERE
`url`='http://www.scitechontario.org/awarddownloader/index.php'");
+ $stmt->execute();
}
diff --git a/db/db.update.142.php b/db/db.update.142.php
index c084ce9..964196a 100644
--- a/db/db.update.142.php
+++ b/db/db.update.142.php
@@ -1,8 +1,9 @@
prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
+ $q->execute();
+ if($q->rowCount()) {
//great its there, do nothing, it must have been inserted by the installer when doing a fresh install
}
else {
@@ -11,7 +12,8 @@ function db_update_142_post() {
$month=date("m");
if($month>6) $fiscalyearsuggest=date("Y")+1;
else $fiscalyearsuggest=date("Y");
- mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
+ $stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
+ $stmt->execute();
}
}
diff --git a/db/db.update.62.php b/db/db.update.62.php
index a3d99f5..e8aae6f 100644
--- a/db/db.update.62.php
+++ b/db/db.update.62.php
@@ -17,8 +17,9 @@ $update_62_committee = array();
function db_update_62_pre()
{
global $update_62_committee;
- $q = mysql_query("SELECT * FROM committees_members");
- while($r = mysql_fetch_assoc($q)) {
+ $q = $pdo->prepare("SELECT * FROM committees_members");
+ $q->execute();
+ while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$update_62_committee[] = $r;
}
}
@@ -31,8 +32,7 @@ function db_update_62_post()
foreach($update_62_committee as $c) {
list($fn, $ln) = split(' ', $c['name'], 2);
$username = $c['email'];
- $fn = mysql_escape_string($fn);
- $ln = mysql_escape_string($ln);
+
if($config['committee_password_expiry_days'] > 0) {
$passwordexpiry = "DATE_ADD(CURDATE(),
INTERVAL {$config['committee_password_expiry_days']} DAY)";
@@ -46,19 +46,20 @@ function db_update_62_post()
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username',
- '".mysql_escape_string($c['password'])."',
+ '".$c['password']."',
$passwordexpiry,
'{$c['email']}',
'{$c['phonehome']}',
'{$c['phonework']}',
'{$c['phonecell']}',
'{$c['fax']}',
- '".mysql_escape_string($c['organization'])."',
+ '".$c['organization']."',
NOW(),
'$deleted')";
- mysql_query($q);
+ $stmt = $pdo->prepare($q);
+ $stmt->execute();
echo "$q\n";
- $id = mysql_insert_id();
+ $id = $pdo->lastInsertId();
$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@@ -73,14 +74,16 @@ function db_update_62_post()
'$access_admin',
'$access_config',
'$access_super')";
- mysql_query($q);
+ $stmt = $pdo->prepare($q);
+ $stmt->execute();
echo "$q\n";
- echo mysql_error();
+ echo $pdo->errorInfo();
/* Update committee links */
$q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'";
- mysql_query($q);
+ $stmt = $pdo->prepare($q);
+ $stmt->execute();
echo "$q\n";
}
diff --git a/db/db.update.81.php b/db/db.update.81.php
index 192d18e..9150c77 100644
--- a/db/db.update.81.php
+++ b/db/db.update.81.php
@@ -1,10 +1,12 @@
prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
+ $q->execute();
+ while($i = m$q->fetch(PDO::FETCH_OBJ)) {
$asid = $i->award_sponsors_id;
- mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
+ $stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
+ $stmt->execute();
}
}
?>
diff --git a/judge.inc.php b/judge.inc.php
index e47a3f4..b23cceb 100644
--- a/judge.inc.php
+++ b/judge.inc.php
@@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
}
/* Check to see if they have ranked all project age categories, and all divisions */
- $q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
$numcats=$r->num;
if($numcats != count($u['cat_prefs'])) return 'incomplete';
- $q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
$numdivisions=$r->num;
if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@@ -75,14 +77,16 @@ function judge_status_questions($u){
*/
global $config;
// get the questions we're looking for
- $q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
+ $q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
+ $q->execute();
$idList = array();
- while($row = mysql_fetch_assoc($q)) $idList[] = $row['id'];
+ while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
$rval = 'complete';
if(count($idList)){
- $q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
- $row = mysql_fetch_assoc($q);
+ $q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
+ $q->execute();
+ $row = $q->fetch(PDO::FETCH_ASSOC);
if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
}
return $rval;
@@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
* - judge has selected between min and max preferences
*/
- $qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel
+ $qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel
WHERE users_id='{$u['id']}'");
- $rr = mysql_fetch_object($qq);
+ $qq->execute();
+ $rr = $qq->fetch(PDO::FETCH_OBJ);
$awards_selected = $rr->num;
// echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@@ -127,9 +132,9 @@ function judge_status_availability(&$u)
global $config;
if($config['judges_availability_enable'] == 'no') return 'complete';
- $q = mysql_query("SELECT id FROM judges_availability
+ $q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\"");
- if(mysql_num_rows($q) > 0) return 'complete';
+ if($q->rowCount() > 0) return 'complete';
return 'incomplete';
}
diff --git a/lpdf.php b/lpdf.php
index 50138e7..5cffced 100644
--- a/lpdf.php
+++ b/lpdf.php
@@ -220,8 +220,9 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break;
}
- $q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
- if($r=@mysql_fetch_object($q))
+ $q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
+ $q->execute();
+ if($r=$q->fetch(PDO::FETCH_OBJ))
$prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);
diff --git a/scripts/assignprojectnumbers.php b/scripts/assignprojectnumbers.php
index d063cd5..9c54543 100644
--- a/scripts/assignprojectnumbers.php
+++ b/scripts/assignprojectnumbers.php
@@ -27,12 +27,14 @@ exit;
include "../common.inc.php";
- $projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
- while($projr=mysql_fetch_object($projq))
+ $projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
+ $projq->execute();
+ while($projr=$projq->fetch(PDO::FETCH_OBJ))
{
$reg_id=$projr->id;
- $q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
$projectnumber=$config['project_num_format'];
//first replace the division and category
@@ -41,15 +43,16 @@ include "../common.inc.php";
//now change the N to a % so we can use it as a wildcard
$querynum=str_replace('N','%',$projectnumber);
- $searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
+ $searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
+ $searchq->execute();
print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
- $searchnum=mysql_num_rows($searchq);
+ $searchnum=$searchq->rowCount();
echo "searchnum=$searchnum \n";
- if(mysql_num_rows($searchq))
+ if($searchq->rowCount())
{
//first, put them all in an array
$proj_nums=array();
- while($searchr=mysql_fetch_object($searchq))
+ while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
{
$proj_nums[]=$searchr->projectnumber;
}
@@ -77,7 +80,8 @@ include "../common.inc.php";
}
$projectnumber=str_replace('N',$Nnum,$projectnumber);
- mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
+ $stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
+ $stmt->execute();
if($projectnumber)
{
echo "Assigned new project number $projectnumber\n";
diff --git a/scripts/assigntourrankings.php b/scripts/assigntourrankings.php
index 2b46e82..d3c6723 100644
--- a/scripts/assigntourrankings.php
+++ b/scripts/assigntourrankings.php
@@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
exit;
include "../common.inc.php";
-mysql_query("DELETE FROM tours_choice WHERE year='2008'");
+$stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
+$stmt->execute();
-$q=mysql_query("SELECT students.id AS students_id,
+$q=$pdo->prepare("SELECT students.id AS students_id,
registrations.id AS registrations_id
FROM registrations,
students
@@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
AND registrations.year='2008'
AND students.registrations_id=registrations.id
AND students.year='2008'");
- while($r=mysql_fetch_object($q))
+$q->execute();
+ while($r=$q->fetch(PDO::FETCH_OBJ))
{
- $tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
+ $tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
+ $tq->execute();
$rank=1;
- while($tr=mysql_fetch_object($tq)) {
- mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
+ while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
+ $stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
)");
+ $stmt->execute();
$rank++;
}
echo "Assigned student $r->students_id\n";
diff --git a/scripts/emptyregistrations.php b/scripts/emptyregistrations.php
index 12ed6d2..9c941d4 100644
--- a/scripts/emptyregistrations.php
+++ b/scripts/emptyregistrations.php
@@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
- mysql_query("TRUNCATE TABLE registrations");
- mysql_query("TRUNCATE TABLE students");
- mysql_query("TRUNCATE TABLE projects");
- echo "DONE.\n\n";
+ $stmt = $pdo->prepare("TRUNCATE TABLE registrations");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE students");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE projects");
+ $stmt->execute();
+ echo "DONE.\n\n";
}
?>
diff --git a/scripts/emptyscheduledata.php b/scripts/emptyscheduledata.php
index 0b8d926..e839037 100644
--- a/scripts/emptyscheduledata.php
+++ b/scripts/emptyscheduledata.php
@@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1)
{
echo "TRUNCATING TABLE DATA....\n";
- mysql_query("TRUNCATE TABLE judges_teams");
- mysql_query("TRUNCATE TABLE judges_teams_awards_link");
- mysql_query("TRUNCATE TABLE judges_teams_link");
- mysql_query("TRUNCATE TABLE judges_teams_timeslots_link");
- mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link");
- echo "DONE.\n\n";
+ $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
+ $stmt->execute();
+ $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
+ $stmt->execute();
+ echo "DONE.\n\n";
}
?>
diff --git a/scripts/judges_fake.php b/scripts/judges_fake.php
index b032915..5931b8c 100644
--- a/scripts/judges_fake.php
+++ b/scripts/judges_fake.php
@@ -28,11 +28,16 @@ include "../common.inc.php";
$numjudges=200;
-mysql_query("TRUNCATE TABLE judges");
-mysql_query("TRUNCATE TABLE judges_catpref");
-mysql_query("TRUNCATE TABLE judges_expertise");
-mysql_query("TRUNCATE TABLE judges_years");
-mysql_query("TRUNCATE TABLE judges_languages");
+$stmt = $pdo->prepare("TRUNCATE TABLE judges");
+$stmt->execute();
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
+$stmt->execute();
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
+$stmt->execute();
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
+$stmt->execute();
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
+$stmt->execute();
function getrand($ar)
@@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
$compnum=rand(0,20);
if($compnum==1) $complete="no"; else $complete="yes";
- $q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
- $id=mysql_insert_id();
+ $q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
+ $q->execute();
+ $id=$pdo->lastInsertId();
//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
//to compensate
@@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
for($a=1;$a<=3;$a++)
{
$catrank=rand(-2,2);
- mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
+ $stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
+ $stmt->execute();
}
//expertise is ranked 1-5
for($a=1;$a<=6;$a++)
{
$divrank=rand(1,5);
- mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
+ $stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
+ $stmt->execute();
}
//and add the record to the judges_years table so they will be 'active' for this year
- mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
+ $stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
+ $stmt->execute();
//60% chance they only speak english
//20% chance they only speak french
//20% chance they are bilingual
$num=rand(0,100);
if($num<60)
- mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
- else if($num<80)
- mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
- else {
- mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
- mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
+ {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
+ $stmt->execute();}
+ else if($num<80)
+ {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
+ $stmt->execute();}
+ else {
+ $stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
+ $stmt->execute();
+ $stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
+ $stmt->execute();
}
diff --git a/scripts/populate_fake.php b/scripts/populate_fake.php
index 79379eb..6caa111 100644
--- a/scripts/populate_fake.php
+++ b/scripts/populate_fake.php
@@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
$starters=array("effects of","study of","analysis of");
$joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
-$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'");
-while($s=mysql_fetch_object($numschools))
+$numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
+$numschools->execute();
+while($s=$numschools->fetch(PDO::FETCH_OBJ))
{
//1 in 4 chance of actually using this school
$o=rand(1,4);
@@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
$pd=rand(1,$prob_unpaid);
if($pd==1) $status='paymentpending'; else $status='complete';
- $q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
- if($id=mysql_insert_id())
+ $q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
+ $q->execute();
+ if($id=$pdo->lastInsertId())
{
$peeps=rand(1,$prob_dual);
@@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
$firstname=getrand($firstnames);
$email=strtolower($firstname)."@".getrand($domains);
- mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
-
+ $stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
+ $stmt->execute();
}
$div=rand(1,6);
@@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
if($langnum<4) $lang="fr"; else $lang="en";
- mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
-
+ $stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
+ $stmt->execute();
}
}
diff --git a/scripts/rolloverschools.php b/scripts/rolloverschools.php
index 59e4cdc..ef9dacc 100644
--- a/scripts/rolloverschools.php
+++ b/scripts/rolloverschools.php
@@ -28,17 +28,19 @@
function roll($currentfairyear, $newfairyear, $table, $fields)
{
- $q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'");
- echo mysql_error();
+ $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
+ $q->execute();
+ echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`';
- while($r=mysql_fetch_assoc($q)) {
+ while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = '';
foreach($fields as $f) {
- $vals .= ",'".mysql_real_escape_string($r[$f])."'";
+ $vals .= ",'".$r[$f]."'";
}
- mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
- echo mysql_error();
+ $stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
+ $stmt->execute();
+ echo $pdo->errorInfo();
}
}
@@ -47,35 +49,36 @@ $newfairyear=2010;
echo i18n("Rolling schools")."
";
//award types
- $q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
- echo mysql_error();
- while($r=mysql_fetch_object($q)) {
+ $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
+ $q->execute();
+ echo $pdo->errorInfo();
+ while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
- mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
- '".mysql_real_escape_string($r->school)."',
- '".mysql_real_escape_string($r->schoollang)."',
- '".mysql_real_escape_string($r->schoollevel)."',
- '".mysql_real_escape_string($r->board)."',
- '".mysql_real_escape_string($r->district)."',
- '".mysql_real_escape_string($r->phone)."',
- '".mysql_real_escape_string($r->fax)."',
- '".mysql_real_escape_string($r->address)."',
- '".mysql_real_escape_string($r->city)."',
- '".mysql_real_escape_string($r->province_code)."',
- '".mysql_real_escape_string($r->postalcode)."',$puid,
- '".mysql_real_escape_string($r->schoolemail)."',$shuid,
- '".mysql_real_escape_string($r->accesscode)."',
+ $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
+ '".$r->school."',
+ '".$r->schoollang."',
+ '".$r->schoollevel."',
+ '".$r->board."',
+ '".$r->district."',
+ '".$r->phone."',
+ '".$r->fax."',
+ '".$r->address."',
+ '".$r->city."',
+ '".$r->province_code."',
+ '".$r->postalcode."',$puid,
+ '".$r->schoolemail."',$shuid,
+ '".$r->accesscode."',
NULL,
- '".mysql_real_escape_string($r->junior)."',
- '".mysql_real_escape_string($r->intermediate)."',
- '".mysql_real_escape_string($r->senior)."',
- '".mysql_real_escape_string($r->registration_password)."',
- '".mysql_real_escape_string($r->projectlimit)."',
- '".mysql_real_escape_string($r->projectlimitper)."',
- '".mysql_real_escape_string($newfairyear)."')");
- }
-
+ '".$r->junior."',
+ '".$r->intermediate."',
+ '".$r->senior."',
+ '".$r->registration_password."',
+ '".$r->projectlimit."',
+ '".$r->projectlimitper."',
+ '".$newfairyear."')");
+ $stmt->execute();
+ }
?>
diff --git a/user.inc.php b/user.inc.php
index 440cb68..8e3c3c6 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -781,13 +781,15 @@ function user_create($type, $username, $u = NULL)
if(!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
- $stmt->execute()';
+ $stmt->execute();
echo $pdo->errorInfo();
- $uid = mysql_insert_id();
+ $uid = $pdo->lastInsertId();
if(user_valid_email($username)) {
- mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
+ $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
+ $stmt->execute();
}
- mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+ $stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
+ $stmt->execute();
echo $pdo->errorInfo();
user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this
diff --git a/volunteer.inc.php b/volunteer.inc.php
index 4da0022..632582a 100644
--- a/volunteer.inc.php
+++ b/volunteer.inc.php
@@ -31,8 +31,9 @@ function volunteer_status_position($u)
/* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
- if(mysql_num_rows($r) >= 1) {
+ $r = $pdo->prepare($q);
+ $r->execute();
+ if($r->rowCount() >= 1) {
return "complete";
}
return "incomplete";
diff --git a/volunteer_position.php b/volunteer_position.php
index ad93349..24c3e92 100644
--- a/volunteer_position.php
+++ b/volunteer_position.php
@@ -44,8 +44,9 @@
/* Load available IDs */
$posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
- while($p = mysql_fetch_object($r)) {
+ $r = $pdo->prepare($q);
+ $r->execute();
+ while($p = $r->fetch(PDO::FETCH_OBJ)) {
$posns[] = $p->id;
}
@@ -59,18 +60,20 @@
}
/* Delete existing selections */
- mysql_query("DELETE FROM volunteer_positions_signup
+ $stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup
WHERE
users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}' ");
- echo mysql_error();
+ $stmt->execute();
+ echo $pdo->errorInfo();
/* Add new selections if there are any */
if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals";
- $r=mysql_query($q);
- echo mysql_error();
+ $r=$po->prepare($q);
+ $r->execute();
+ echo $pdo->errorInfo();
}
@@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
$q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$u['id']}'
AND year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
+ $r = $pdo->prepare($q);
+ $r->execute();
$checked_positions = array();
- while($p = mysql_fetch_object($r)) {
+ while($p = $r->fetch(PDO::FETCH_OBJ)) {
$checked_positions[] = $p->volunteer_positions_id;
}
/* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
- while($p = mysql_fetch_object($r)) {
+ $r = $pdo->prepare($q);
+ $r->execute();
+ while($p = $r->fetch(PDO::FETCH_OBJ)) {
echo '';
diff --git a/winners.php b/winners.php
index 25fa8f9..a0e5fa6 100644
--- a/winners.php
+++ b/winners.php
@@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
$show_unawarded_awards="no";
$show_unawarded_prizes="no";
$year=intval($_GET['year']);
- $type=mysql_real_escape_string($_GET['type']);
+ $type=$_GET['type'];
echo "".i18n("%1 ".$type." Award Winners",array($_GET['year']))."";
@@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
//first, lets make sure someone isnt tryint to see something that they arent allowed to!
//but only if the year they want is the FAIRYEAR. If they want a past year, thats cool
if($_GET['year']>=$config['FAIRYEAR']) {
- $q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
- $r=mysql_fetch_object($q);
+ $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
+ $q->execute();
+ $r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1)
{
echo error(i18n("Crystal ball says future is very hard to see!"));
@@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
if($ok)
{
- $q=mysql_query("SELECT
+ $q=$pdo->prepare("SELECT
award_awards.id,
award_awards.name,
award_awards.order AS awards_order,
@@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
ORDER BY
awards_order");
- echo mysql_error();
+ echo $pdo->errorInfo();
- if(mysql_num_rows($q))
+ if($q->rowCount())
{
echo "".i18n("Back to Winners main page")."";
echo "
";
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
{
- $pq=mysql_query("SELECT
+ $pq=$pdo->prepare("SELECT
award_prizes.prize,
award_prizes.number,
award_prizes.id,
@@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
AND award_prizes.year='$year'
ORDER BY
`order`");
- echo mysql_error();
+ $pq->execute();
+ echo $pdo->errorInfo();
$awarded_count = 0;
if($show_unawarded_awards=="no")
{
- while($pr=mysql_fetch_object($pq))
+ while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if($pr->projectnumber)
{
$awarded_count++;
}
}
+ // Still have to find the PDO equivalent
mysql_data_seek($pq, 0);
}
if($show_unawarded_awards=="yes" || $awarded_count > 0)
@@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
}
$prevprizeid=-1;
- while($pr=mysql_fetch_object($pq))
+ while($pr=$pq->fetch(PDO::FETCH_OBJ))
{
if(!($pr->projectnumber) && $show_unawarded_prizes=="no")
{
@@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
echo " ";
echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
- $sq=mysql_query("SELECT students.firstname,
+ $sq=$pdo->prepare("SELECT students.firstname,
students.lastname,
students.schools_id,
students.webfirst,
@@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id
");
+ $sq->execute();
$studnum=0;
$students="";
$schools=array();
- while($studentinfo=mysql_fetch_object($sq))
+ while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
{
if($studnum>0 && $prev) $students.=", ";
@@ -242,7 +246,7 @@ else
$first=true;
if($q->rowCount())
{
- while($r=mysql_fetch_object($q))
+ while($r=$q->fetch(PDO::FETCH_OBJ))
{
if($first && $r->year != $config['FAIRYEAR'])
{
@@ -258,7 +262,7 @@ else
//do this each time, because each year the names of the award types could change, along with what is actually given out.
//
- $tq=mysql_query("SELECT
+ $tq=$pdo->prepare("SELECT
DISTINCT(award_types.type) AS type
FROM
winners,
@@ -273,8 +277,9 @@ else
ORDER BY
award_types.order
");
- echo mysql_error();
- while($tr=mysql_fetch_object($tq)) {
+ $tq->execute();
+ echo $pdo->errorInfo();
+ while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo " year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."
";
}
echo "
";
| |