Mysql conversion

This commit is contained in:
Armanveer Gill 2024-12-10 19:40:23 -05:00
parent bf8a23fc85
commit f7c6c506a1
41 changed files with 855 additions and 612 deletions

View File

@ -2,12 +2,14 @@
include "../data/config.inc.php"; include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS); mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME); mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val; $percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val; $status=$r->val;
echo "$percent:$status\n"; echo "$percent:$status\n";

View File

@ -247,7 +247,7 @@ $report_students_fields = array(
'group_by' => array('students.registrations_id')), 'group_by' => array('students.registrations_id')),
'allnames_split' => array( 'allnames_split' => array(
'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ", 'name' => "Student -- All Student Names (REQUIRES 5.0) (Split) ",
'header' => 'Student(s)', 'header' => 'Student(s)',
'width' => 3.0, 'width' => 3.0,
'scalable' => true, 'scalable' => true,

View File

@ -28,12 +28,14 @@ ogram; see the file COPYING. If not, write to
include "../data/config.inc.php"; include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS); mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME); mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val; $percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val; $status=$r->val;
echo "$percent:$status\n"; echo "$percent:$status\n";

View File

@ -24,14 +24,15 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isng tryint to see something that they arent allowed to! //first, lets make sure someone isng tryint to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$pn=trim(mysql_real_escape_string($_GET['n'])); $pn=trim($_GET['n']);
if($r->test) { if($r->test) {
$q=mysql_query("SELECT $q=$pdo->prepare("SELECT
registrations.id AS reg_id, registrations.id AS reg_id,
registrations.status, registrations.status,
projects.title, projects.title,
@ -55,14 +56,15 @@
AND projects.projectnumber='$pn' AND projects.projectnumber='$pn'
LIMIT 1 LIMIT 1
"); ");
echo mysql_error(); echo $pdo->errorInfo();
$r=mysql_fetch_assoc($q); $r=$q->fetch(PDO::FETCH_ASSOC);
$regid=$r['reg_id']; $regid=$r['reg_id'];
$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname"); $q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2->execute();
$students=""; $students="";
while($stud=mysql_fetch_object($q2)) { while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
if($stud->webfirst=="yes") if($stud->webfirst=="yes")
$students.="$stud->firstname "; $students.="$stud->firstname ";

View File

@ -24,12 +24,13 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to! //first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test) { if($r->test) {
$q=mysql_query("SELECT registrations.id AS reg_id, $q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status, registrations.status,
projects.title, projects.title,
projects.projectnumber, projects.projectnumber,
@ -54,11 +55,12 @@
projectdivisions.id, projectdivisions.id,
projects.projectnumber projects.projectnumber
"); ");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist"; $lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist"; $lastdiv="something_that_does_not_exist";
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
if(!$r->title) $t="{no title}"; if(!$r->title) $t="{no title}";
else $t=$r->title; else $t=$r->title;

View File

@ -24,14 +24,15 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to! //first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ret=array(); $ret=array();
if($r->test) { if($r->test) {
$ret['status']="ok"; $ret['status']="ok";
$q=mysql_query("SELECT registrations.id AS reg_id, $q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status, registrations.status,
projects.id AS projects_id, projects.id AS projects_id,
projects.title, projects.title,
@ -57,12 +58,13 @@
projectdivisions.id, projectdivisions.id,
projects.projectnumber projects.projectnumber
"); ");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist"; $lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist"; $lastdiv="something_that_does_not_exist";
$projects=array(); $projects=array();
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::fETCH_OBJ)) {
if(!$r->title) $t="{no title}"; if(!$r->title) $t="{no title}";
else $t=$r->title; else $t=$r->title;

View File

@ -40,23 +40,26 @@ $dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
$dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n"; $dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
$dump.="#-------------------------------------------------\n"; $dump.="#-------------------------------------------------\n";
$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`"); $tableq=$pdo->prepare("SHOW TABLES FROM `$DBNAME`");
while($tr=mysql_fetch_row($tableq)) { $tableq->execute();
while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$table=$tr[0]; $table=$tr[0];
$dump.="#TABLE: $table\n"; $dump.="#TABLE: $table\n";
$columnq=mysql_query("SHOW COLUMNS FROM `$table`"); $columnq=$pdo->prepare("SHOW COLUMNS FROM `$table`");
$columnq->execute();
$str="INSERT INTO `$table` ("; $str="INSERT INTO `$table` (";
unset($fields); unset($fields);
$fields=array(); $fields=array();
while($cr=mysql_fetch_object($columnq)) { while($cr=$columnq->fetch(PDO:;FETCH_OBJ)) {
$str.="`".$cr->Field."`,"; $str.="`".$cr->Field."`,";
$fields[]=$cr->Field; $fields[]=$cr->Field;
} }
$str=substr($str,0,-1); $str=substr($str,0,-1);
$str.=") VALUES ("; $str.=") VALUES (";
$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`"); $dataq=$pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
while($data=mysql_fetch_object($dataq)) { $dataq->execute();
while($data=$dataq->fetch(PDO::FETCH_OBJ)) {
$insertstr=$str; $insertstr=$str;
foreach($fields AS $field) { foreach($fields AS $field) {
if(is_null($data->$field)) if(is_null($data->$field))
@ -167,7 +170,9 @@ else if($_POST['action']=="restoreproceed") {
//empty out the table //empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`"; $sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n"; // echo $sql."\n";
mysql_query($sql);
$stmt = $pdo->prepare($sql);
$stmt->execute();
} }
else if(mb_ereg("^#",$line)) { else if(mb_ereg("^#",$line)) {
//just skip it //just skip it
@ -175,10 +180,12 @@ else if($_POST['action']=="restoreproceed") {
else else
{ {
//insert the new data //insert the new data
mysql_query($line);
if(mysql_error()) { $stmt = $pdo->prepare($line);
$stmt->execute();
if($pdo->errorInfo()) {
echo $line."\n"; echo $line."\n";
echo mysql_error()."\n"; echo $pdo->errorInfo()."\n";
$err=true; $err=true;
} }
} }
@ -203,11 +210,12 @@ else if($_POST['action']=="restoreproceed") {
else if ($_POST['action'] == 'clean_judges') { else if ($_POST['action'] == 'clean_judges') {
//select all judges //select all judges
$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"'); $query = $pdo->prepare('SELECT * FROM users WHERE types LIKE "judge"');
echo mysql_error(); $query->execute();
echo $pdo->errorInfo();
// Go through each judge and test: // Go through each judge and test:
while($judge = mysql_fetch_assoc($query)){ while($judge = $query->fetch(PDO::FETCH_ASSOC)){
//if they are deleted //if they are deleted
if ($judge['deleted'] == 'yes') { if ($judge['deleted'] == 'yes') {
@ -222,16 +230,17 @@ else if ($_POST['action'] == 'clean_judges') {
else{ else{
// Find max year of judge // Find max year of judge
$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1'); $max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$judge_max_year = mysql_fetch_assoc($max_year_query); $max_year_query->execute();
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
// Grab old judge info. // Grab old judge info.
// Old judge info consists of all entries in the database that are not the most recent for the specific judge // Old judge info consists of all entries in the database that are not the most recent for the specific judge
$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']); $deletable = $pdo->prepare('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable->execute();
// and if they have old data from previous fair years // and if they have old data from previous fair years
if (mysql_num_rows($deletable) > 0){ if ($deletable->rowCount() > 0){
// delete old data one by one // delete old data one by one
while ($old_judge_data = mysql_fetch_assoc($deletable)){ while ($old_judge_data = $deletable->fetch(PDO::FETCH_ASSOC)){
if (!is_array($old_judge_data['type'])){ if (!is_array($old_judge_data['type'])){
$old_judge_data['types'] = array($old_judge_data['types']); $old_judge_data['types'] = array($old_judge_data['types']);
} }
@ -250,9 +259,10 @@ else if ($_POST['action'] == 'clean_judges') {
,"backup_restore" ,"backup_restore"
); );
mysql_query("OPTIMIZE TABLE users, users_judge"); $stmt = $pdo->prepare("OPTIMIZE TABLE users, users_judge");
$stmt->execute();
$str = mysql_error(); $str = $pdo->errorInfo();
echo $str; echo $str;
@ -265,9 +275,9 @@ else if ($_POST['action'] == 'clean_judges') {
} }
else if ($_POST['action'] == 'clean_parents') { else if ($_POST['action'] == 'clean_parents') {
$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']); $query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
$query_parents->execute();
while($parent = mysql_fetch_assoc($query_parents)){ while($parent = $query_parents->fetch(PDO::FETCH_ASSOC)){
if (!is_array($parent['types'])){ if (!is_array($parent['types'])){
$parent['types'] = array($parent['types']); $parent['types'] = array($parent['types']);
@ -283,9 +293,10 @@ else if ($_POST['action'] == 'clean_parents') {
,"backup_restore" ,"backup_restore"
); );
mysql_query("OPTIMIZE TABLE users, users_parent"); $stmt = $pdo->prepare("OPTIMIZE TABLE users, users_parent");
$stmt->execute();
$str = mysql_error(); $str = $pdo->errorInfo();
echo $str; echo $str;

View File

@ -31,7 +31,7 @@
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php', 'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories"); 'Age Categories' => 'config/categories.php'),"project_age_categories");
} else { } else
send_header("Age Categories", send_header("Age Categories",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php'),"project_age_categories"); 'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
@ -42,22 +42,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $q->execute();
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) echo $pdo->errorInfo();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID"))); echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
} }
else else
{ {
mysql_query("UPDATE projectcategories SET ". $stmt = $pdo->prepare("UPDATE projectcategories SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"category='".mysql_escape_string(stripslashes($_POST['category']))."', ". "category='".stripslashes($_POST['category'])."', ".
"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ". "category_shortform='".stripslashes($_POST['category_shortform'])."', ".
"mingrade='".$_POST['mingrade']."', ". "mingrade='".$_POST['mingrade']."', ".
"maxgrade='".$_POST['maxgrade']."' ". "maxgrade='".$_POST['maxgrade']."' ".
"WHERE id='".$_POST['saveid']."'"); "WHERE id='".$_POST['saveid']."'");
echo happy(i18n("Category successfully saved")); echo happy(i18n("Category successfully saved"));
$stmt->execute();
} }
} }
else else
@ -71,21 +73,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID"))); echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
} }
else else
{ {
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ". $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['category']))."', ". "'".stripslashes($_POST['category'])."', ".
"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ". "'".stripslashes($_POST['category_shortform'])."', ".
"'".$_POST['mingrade']."', ". "'".$_POST['mingrade']."', ".
"'".$_POST['maxgrade']."', ". "'".$_POST['maxgrade']."', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
$pdo->execute();
echo happy(i18n("Category successfully added")); echo happy(i18n("Category successfully added"));
} }
} }
else else
@ -98,9 +103,11 @@
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
//#### //####
mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Category successfully removed")); echo happy(i18n("Category successfully removed"));
} }
@ -125,8 +132,9 @@
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$categoryr=mysql_fetch_object($q); $q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")

View File

@ -53,10 +53,11 @@ $error_ids = array();
if($_POST['savedates']) { if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) { foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together //put the date and time back together
$d = mysql_escape_string(stripslashes($val)); $d = stripslashes($val);
$t =mysql_escape_string(stripslashes($_POST['savetimes'][$key])); $t =stripslashes($_POST['savetimes'][$key]);
$v="$d $t"; $v="$d $t";
mysql_query("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'"); $stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt->execute();
} }
} }
echo happy(i18n("Dates successfully saved")); echo happy(i18n("Dates successfully saved"));
@ -128,13 +129,14 @@ foreach($dates as $dn=>$d) {
if(!$d['id']) { if(!$d['id']) {
$def=$defaultdates[$dn]; $def=$defaultdates[$dn];
//hmm if we dont have a record for this date this year, INSERT the sql from the default //hmm if we dont have a record for this date this year, INSERT the sql from the default
mysql_query("INSERT INTO dates (date,name,description,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($def->date)."', '".$def->date."',
'".mysql_real_escape_string($dn)."', '".$dn."',
'".mysql_real_escape_string($def->description)."', '".$def->description."',
'".$config['FAIRYEAR']."' '".$config['FAIRYEAR']."'
)"); )");
$d['id']=mysql_insert_id(); $stmt->execute();
$d['id']=$pdo->lastInsertId();
$d['description']=$def->description; $d['description']=$def->description;
$d['date']=$def->date; $d['date']=$def->date;
} }

View File

@ -44,31 +44,34 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
if($_POST['id'] && $_POST['division'] ) if($_POST['id'] && $_POST['division'] )
{ {
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) $q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID"))); echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
} }
else else
{ {
mysql_query("UPDATE projectdivisions SET ". $stmt = $pdo->prepare("UPDATE projectdivisions SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"division='".mysql_escape_string(stripslashes($_POST['division']))."', ". "division='".stripslashes($_POST['division'])."', ".
"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ". "division_shortform='".stripslashes($_POST['division_shortform'])."' ".
"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'"); "WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['divcat'])) if(is_array($_POST['divcat']))
{ {
foreach($_POST['divcat'] as $tempcat) foreach($_POST['divcat'] as $tempcat)
{ {
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".$tempcat."', ". "'".$tempcat."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
} }
} }
} }
@ -87,26 +90,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
if($_POST['id'] && $_POST['division']) if($_POST['id'] && $_POST['division'])
{ {
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID"))); echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
} }
else else
{ {
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['division']))."', ". "'".stripslashes($_POST['division'])."', ".
"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ". "'".stripslashes($_POST['division_shortform'])."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
foreach($_POST['divcat'] as $tempcat){ foreach($_POST['divcat'] as $tempcat){
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$tempcat."', ". "'".$tempcat."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
} }
} }
//####### //#######
@ -123,8 +129,10 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Division successfully removed")); echo happy(i18n("Division successfully removed"));
} }
@ -151,8 +159,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")
@ -167,11 +176,13 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
echo " <td>"; echo " <td>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
while($categoryr=mysql_fetch_object($q)){ $q->execute();
while($categoryr=$q->fetch(PDO::FETCH_OBJ)){
$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'"; $query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
$t=mysql_query($query); $t=$pdo->prepare($query);
if($t && mysql_num_rows($t)>0) $t->execute();
if($t && $t->rowCount()>0)
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>"; echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
else else
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>"; echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>";
@ -195,18 +206,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories $c=$pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories
WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
AND projectdivisions_id='$r->id' AND projectdivisions_id='$r->id'
AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."' AND projectcategories.year='".$config['FAIRYEAR']."'
ORDER BY projectcategories.mingrade"); ORDER BY projectcategories.mingrade");
echo mysql_error(); $c->execute();
echo $pdo->errorInfo();
if(!$c){ if(!$c){
$tempcat="&nbsp;"; $tempcat="&nbsp;";
}else{ }else{
$tempcat=""; $tempcat="";
while($categoryr=mysql_fetch_object($c)){ while($categoryr=$c->fetch(PDO::FETCH_OBJ){
$tempcat.=",".$categoryr->category; $tempcat.=",".$categoryr->category;
} }
$tempcat=substr($tempcat,1); $tempcat=substr($tempcat,1);

View File

@ -36,7 +36,8 @@
{ {
foreach($_POST['cwsfdivision'] AS $k=>$v) foreach($_POST['cwsfdivision'] AS $k=>$v)
{ {
mysql_query("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
} }
echo happy(i18n("Corresponding CWSF divisions saved")); echo happy(i18n("Corresponding CWSF divisions saved"));
} }
@ -54,8 +55,9 @@ echo "<br />";
echo "<th>".i18n("Corresponding CWSF Division")."</th>\n"; echo "<th>".i18n("Corresponding CWSF Division")."</th>\n";
echo "</tr>"; echo "</tr>";
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr>"; echo "<tr>";
echo " <td>".i18n($r->division)."</td>"; echo " <td>".i18n($r->division)."</td>";

View File

@ -109,8 +109,9 @@
if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT") if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT")
{ {
mysql_query($line); $stmt = $pdo->prepare($line);
$a=mysql_affected_rows(); $stmt->execute();
$a=$pdo->rowwCount();
$loaded+=$a; $loaded+=$a;
} }
else else

View File

@ -57,16 +57,17 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
{ {
foreach($config['languages'] AS $lang=>$langname) { foreach($config['languages'] AS $lang=>$langname) {
$textvar="text_$lang"; $textvar="text_$lang";
$text=mysql_escape_string(stripslashes($_POST[$textvar])); $text=stripslashes($_POST[$textvar]);
mysql_query("UPDATE pagetext $stmt = $pdo->prepare("UPDATE pagetext
SET SET
lastupdate=NOW(), lastupdate=NOW(),
text='$text' text='$text'
WHERE WHERE
textname='".mysql_escape_string($_POST['textname'])."' textname='".$_POST['textname']."'
AND year='".$config['FAIRYEAR']."' AND year='".$config['FAIRYEAR']."'
AND lang='$lang'"); AND lang='$lang'");
$stmt->execute();
} }
echo happy(i18n("Page texts successfully saved")); echo happy(i18n("Page texts successfully saved"));
@ -74,9 +75,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
if($_GET['textname']) if($_GET['textname'])
{ {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//needs to be at least one entry in any languages //needs to be at least one entry in any languages
if($r=mysql_fetch_object($q)) if($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<form method=\"post\" action=\"pagetexts.php\">"; echo "<form method=\"post\" action=\"pagetexts.php\">";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -84,13 +86,15 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
foreach($config['languages'] AS $lang=>$langname) { foreach($config['languages'] AS $lang=>$langname) {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(!$r) if(!$r)
{ {
mysql_query("INSERT INTO pagetext (textname,year,lang) VALUES ('".mysql_escape_string($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')"); $stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never"; if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never";
@ -129,9 +133,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
echo i18n("Choose a page text to edit"); echo i18n("Choose a page text to edit");
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
$q=mysql_query("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q->execute();
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>"; echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>"; echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>";
if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never"; if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never";

View File

@ -63,8 +63,9 @@
*/ */
/* Get field list for this table */ /* Get field list for this table */
$q = mysql_query("SHOW COLUMNS IN `$table`"); $q = $pdo->prepare("SHOW COLUMNS IN `$table`");
while(($c = mysql_fetch_assoc($q))) { $q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c; $col[$c['Field']] = $c;
} }
@ -83,23 +84,25 @@
if($where == '') $where='1'; if($where == '') $where='1';
/* Get data */ /* Get data */
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear' AND $where"); $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`'; $names = '`'.join('`,`', $fields).'`';
/* Process data */ /* Process data */
while($r=mysql_fetch_assoc($q)) { while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$vals = ''; $vals = '';
foreach($fields as $f) { foreach($fields as $f) {
if(array_key_exists($f, $replace)) if(array_key_exists($f, $replace))
$vals .= ",'".mysql_real_escape_string($replace[$f])."'"; $vals .= ",'".$replace[$f]."'";
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL) else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL'; $vals .= ',NULL';
else else
$vals .= ",'".mysql_real_escape_string($r[$f])."'"; $vals .= ",'".$r[$f]."'";
} }
mysql_query("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)"); $stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
@ -125,97 +128,112 @@
//now the dates //now the dates
echo i18n("Rolling dates")."<br />"; echo i18n("Rolling dates")."<br />";
$q=mysql_query("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO dates (date,name,description,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->newdate)."', $stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($r->name)."', '".$r->newdate."',
'".mysql_real_escape_string($r->description)."', '".$r->name."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->description."',
'".$newfairyear."')");
$stmt->execute();
//page text //page text
echo i18n("Rolling page texts")."<br />"; echo i18n("Rolling page texts")."<br />";
$q=mysql_query("SELECT * FROM pagetext WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->textname)."', $stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".mysql_real_escape_string($r->textdescription)."', '".$r->textname."',
'".mysql_real_escape_string($r->text)."', '".$r->textdescription."',
'".mysql_real_escape_string($r->lastupdate)."', '".$r->text."',
'".mysql_real_escape_string($newfairyear)."', '".$r->lastupdate."',
'".mysql_real_escape_string($r->lang)."')"); '".$newfairyear)."',
'".$r->lang."')";
$stmt->execute();
echo i18n("Rolling project categories")."<br />"; echo i18n("Rolling project categories")."<br />";
//project categories //project categories
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".mysql_real_escape_string($r->category)."', '".$r->id."',
'".mysql_real_escape_string($r->category_shortform)."', '".$r->category."',
'".mysql_real_escape_string($r->mingrade)."', '".$r->category_shortform."',
'".mysql_real_escape_string($r->maxgrade)."', '".$r->mingrade."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->maxgrade."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project divisions")."<br />"; echo i18n("Rolling project divisions")."<br />";
//project divisions //project divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".mysql_real_escape_string($r->division)."', '".$r->id."',
'".mysql_real_escape_string($r->division_shortform)."', '".$r->division."',
'".mysql_real_escape_string($r->cwsfdivisionid)."', '".$r->division_shortform."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->cwsfdivisionid."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project category-division links")."<br />"; echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links //project categories divisions links
$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->projectdivisions_id)."', $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".mysql_real_escape_string($r->projectcategories_id)."', '".$r->projectdivisions_id."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project sub-divisions")."<br />"; echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions //project subdivisions
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".mysql_real_escape_string($r->projectsubdivisions_id)."', '".$r->id."',
'".mysql_real_escape_string($r->subdivision)."', '".$r->projectsubdivisions_id."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->subdivision."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling safety questions")."<br />"; echo i18n("Rolling safety questions")."<br />";
//safety questions //safety questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->question)."', $stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_real_escape_string($r->type)."', '".$r->question."',
'".mysql_real_escape_string($r->required)."', '".$r->type."',
'".mysql_real_escape_string($r->ord)."', '".$r->required."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->ord."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling awards")."<br />"; echo i18n("Rolling awards")."<br />";
//awards //awards
$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */ /* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'"); roll($cy, $ny, 'award_awards', "id='{$r->id}'");
$award_awards_id=mysql_insert_id(); $award_awards_id=$pdo->lastInsertId();
roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'", roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
array('award_awards_id' => $award_awards_id)); array('award_awards_id' => $award_awards_id));
@ -229,60 +247,66 @@
echo i18n("Rolling award types")."<br />"; echo i18n("Rolling award types")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".mysql_real_escape_string($r->type)."', '".$r->id."',
'".mysql_real_escape_string($r->order)."', '".$r->type."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->order."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling schools")."<br />"; echo i18n("Rolling schools")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."', '".$r->school."',
'".mysql_real_escape_string($r->schoollang)."', '".$r->schoollang."',
'".mysql_real_escape_string($r->schoollevel)."', '".$r->schoollevel."',
'".mysql_real_escape_string($r->board)."', '".$r->board."',
'".mysql_real_escape_string($r->district)."', '".$r->district."',
'".mysql_real_escape_string($r->phone)."', '".$r->phone."',
'".mysql_real_escape_string($r->fax)."', '".$r->fax."',
'".mysql_real_escape_string($r->address)."', '".$r->address."',
'".mysql_real_escape_string($r->city)."', '".$r->city."',
'".mysql_real_escape_string($r->province_code)."', '".$r->province_code."',
'".mysql_real_escape_string($r->postalcode)."',$puid, '".$r->postalcode."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid, '".$r->schoolemail."',$shuid,
'".mysql_real_escape_string($r->accesscode)."', '".$r->accesscode."',
NULL, NULL,
'".mysql_real_escape_string($r->junior)."', '".$r->junior."',
'".mysql_real_escape_string($r->intermediate)."', '".$r->intermediate."',
'".mysql_real_escape_string($r->senior)."', '".$r->senior."',
'".mysql_real_escape_string($r->registration_password)."', '".$r->registration_password."',
'".mysql_real_escape_string($r->projectlimit)."', '".$r->projectlimit."',
'".mysql_real_escape_string($r->projectlimitper)."', '".$r->projectlimitper."',
'".mysql_real_escape_string($newfairyear)."')"); '".$newfairyear."')");
$stmt->execute();
} }
echo i18n("Rolling questions")."<br />"; echo i18n("Rolling questions")."<br />";
$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'"); $q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
while($r=mysql_fetch_object($q)) $q->execute();
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'', '',
'$newfairyear', '$newfairyear',
'".mysql_real_escape_string($r->section)."', '".$r->section."',
'".mysql_real_escape_string($r->db_heading)."', '".$r->db_heading."',
'".mysql_real_escape_string($r->question)."', '".$r->question."',
'".mysql_real_escape_string($r->type)."', '".$r->type."',
'".mysql_real_escape_string($r->required)."', '".$r->required."',
'".mysql_real_escape_string($r->ord)."')"); '".$r->ord."')");
$stmt->execute();
//regfee items //regfee items
echo i18n("Rolling registration fee items")."<br />"; echo i18n("Rolling registration fee items")."<br />";
@ -294,26 +318,31 @@
//timeslots and rounds //timeslots and rounds
echo i18n('Rolling judging timeslots and rounds')."<br />"; echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'"); $q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_assoc($q)) { echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear; $d = $newfairyear - $currentfairyear;
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')"); '{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
echo mysql_error(); $stmt->execute();
$round_id = mysql_insert_id(); echo $pdo->errorInfo();
$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'"); $round_id = $pdo->lastInsertId();
echo mysql_error(); $qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
while($rr=mysql_fetch_assoc($qq)) { $qq->execute();
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`) echo $pdo->errorInfo();
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')"); '{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
} }
} }
echo "<br /><br />"; echo "<br /><br />";
mysql_query("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0"); $stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt->execute();
echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear))); echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
send_footer(); send_footer();
exit; exit;

View File

@ -81,8 +81,9 @@ function rolloverfiscalyear($newYear){
// first we'll roll over fundraising_campaigns: // first we'll roll over fundraising_campaigns:
$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`"; $fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ $q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
foreach(array('startdate','enddate','followupdate') as $dateField){ foreach(array('startdate','enddate','followupdate') as $dateField){
$dateval = $r[$dateField]; $dateval = $r[$dateField];
$parts = explode('-', $dateval); $parts = explode('-', $dateval);
@ -95,33 +96,37 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// next we'll hit findraising_donor_levels // next we'll hit findraising_donor_levels
$fields = "`level`,`min`,`max`,`description`"; $fields = "`level`,`min`,`max`,`description`";
if(mysql_error() == null) if($pdo->errorInfo() == null)
$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ $q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$r['fiscalyear'] = $newYear; $r['fiscalyear'] = $newYear;
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// and now we'll do findraising_goals // and now we'll do findraising_goals
$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`"; $fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
if(mysql_error() == null){ if($pdo->errorInfo() == null){
$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
$q->execute();
} }
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$dateval = $r['deadline']; $dateval = $r['deadline'];
$parts = explode('-', $dateval); $parts = explode('-', $dateval);
if($parts[0] != '0000') if($parts[0] != '0000')
@ -133,22 +138,24 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// finally, let's update the fiscal year itself: // finally, let's update the fiscal year itself:
if(mysql_error() == null){ if($pdo->errorInfo() == null){
mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'"); $stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
$stmt->execute();
} }
if(mysql_error() == null){ if($pdo->errorInfo() == null){
$config['FISCALYEAR'] = $newYear; $config['FISCALYEAR'] = $newYear;
echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear))); echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
}else{ }else{
echo error(mysql_error()); echo error($pdo->errorInfo());
} }
} }

View File

@ -37,13 +37,14 @@
if(!ereg("^[0-9]*$",$_POST['ord'])) if(!ereg("^[0-9]*$",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord']))); echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
mysql_query("UPDATE safetyquestions SET $stmt = $pdo->prepare("UPDATE safetyquestions SET
question='".mysql_escape_string(stripslashes($_POST['question']))."', question='".stripslashes($_POST['question'])."',
`type`='".mysql_escape_string(stripslashes($_POST['type']))."', `type`='".stripslashes($_POST['type'])."',
`required`='".mysql_escape_string(stripslashes($_POST['required']))."', `required`='".stripslashes($_POST['required'])."',
ord='".mysql_escape_string(stripslashes($_POST['ord']))."' ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'"); WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully saved")); echo happy(i18n("Safety question successfully saved"));
} }
@ -55,14 +56,15 @@
{ {
if($_POST['question']) if($_POST['question'])
{ {
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_escape_string(stripslashes($_POST['question']))."', '".stripslashes($_POST['question'])."',
'".mysql_escape_string(stripslashes($_POST['type']))."', '".stripslashes($_POST['type'])."',
'".mysql_escape_string(stripslashes($_POST['required']))."', '".stripslashes($_POST['required'])."',
'".mysql_escape_string(stripslashes($_POST['ord']))."', '".stripslashes($_POST['ord'])."',
'".$config['FAIRYEAR']."' '".$config['FAIRYEAR']."'
)"); )");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully added")); echo happy(i18n("Safety question successfully added"));
} }
@ -72,7 +74,8 @@
if($_GET['action']=="remove" && $_GET['remove']) if($_GET['action']=="remove" && $_GET['remove'])
{ {
mysql_query("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Safety question successfully removed")); echo happy(i18n("Safety question successfully removed"));
} }
@ -91,9 +94,10 @@
{ {
$buttontext="Save safety question"; $buttontext="Save safety question";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n";
if(!$r=mysql_fetch_object($q)) if(!$r=$q->fetch(PDO::FETCH_OBJ))
{ {
$showform=false; $showform=false;
echo error(i18n("Invalid safety question")); echo error(i18n("Invalid safety question"));

View File

@ -40,11 +40,16 @@
if($_POST['usepostamble']) $usepa="1"; else $usepa="0"; if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0"; if($_POST['useregfee']) $userf="1"; else $userf="0";
mysql_query("UPDATE signaturepage SET `use`='$useex', `text`='".mysql_escape_string(stripslashes($_POST['exhibitordeclaration']))."' WHERE name='exhibitordeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepg', `text`='".mysql_escape_string(stripslashes($_POST['parentdeclaration']))."' WHERE name='parentdeclaration'"); $stmt->execute();
mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'"); $stmt->execute();
mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute();
echo happy(i18n("$sentence_begin_participationform text successfully saved")); echo happy(i18n("$sentence_begin_participationform text successfully saved"));
} }

View File

@ -42,18 +42,20 @@
{ {
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] ) if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
{ {
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) $q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id']))); echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
} }
else else
{ {
mysql_query("UPDATE projectsubdivisions SET ". $stmt = $pdo->prepare("UPDATE projectsubdivisions SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ". "projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ". "subdivision='".stripslashes($_POST['subdivision'])."' ".
"WHERE id='".$_POST['saveid']."'"); "WHERE id='".$_POST['saveid']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully saved")); echo happy(i18n("Sub-Division successfully saved"));
} }
} }
@ -69,26 +71,29 @@
{ {
if(!$_POST['id']) if(!$_POST['id'])
{ {
$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions"); $idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
$idr=mysql_fetch_object($idq); $idq->execute();
$idr=$idq->fetch(PDO::fETCH_OBJ);
$newid=$idr->id+1; $newid=$idr->id+1;
} }
else else
$newid=$_POST['id']; $newid=$_POST['id'];
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Sub-Division ID %1 already exists",array($newid))); echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
} }
else else
{ {
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
"'$newid', ". "'$newid', ".
"'".$_POST['projectdivisions_id']."', ". "'".$_POST['projectdivisions_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ". "'".stripslashes($_POST['subdivision'])."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
echo happy(i18n("Sub-Division successfully added")); echo happy(i18n("Sub-Division successfully added"));
} }
} }
@ -100,7 +105,8 @@
if($_GET['action']=="remove" && $_GET['remove']) if($_GET['action']=="remove" && $_GET['remove'])
{ {
mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'"); $stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully removed")); echo happy(i18n("Sub-Division successfully removed"));
} }
@ -123,8 +129,9 @@
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")
@ -134,8 +141,9 @@
echo "<tr>"; echo "<tr>";
echo " <td>"; echo " <td>";
echo "<select name=\"projectdivisions_id\">"; echo "<select name=\"projectdivisions_id\">";
$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division"); $dq=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
while($dr=mysql_fetch_object($dq)) $dq->execute();
while($dr=$dq->fetch(PDO::FETCH_OBJ))
{ {
if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel=""; if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$dr->id\">$dr->division</option>\n"; echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";

View File

@ -46,7 +46,8 @@
if($_POST['action']=="save") { if($_POST['action']=="save") {
if($_POST['specialconfig']) { if($_POST['specialconfig']) {
foreach($_POST['specialconfig'] as $key=>$val) { foreach($_POST['specialconfig'] as $key=>$val) {
mysql_query("UPDATE config SET val='".mysql_escape_string(stripslashes($val))."' WHERE year='0' AND var='$key'"); $stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute();
} }
} }
message_push(happy(i18n("Configuration successfully saved"))); message_push(happy(i18n("Configuration successfully saved")));
@ -98,11 +99,12 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n"; echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n";
echo "<table cellpadding=\"3\">"; echo "<table cellpadding=\"3\">";
$q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var"); $q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
$q->execute();
echo "<tr><td colspan=\"2\">"; echo "<tr><td colspan=\"2\">";
echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing"); echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing");
echo "</td></tr>"; echo "</td></tr>";
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") { if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>"; echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>";
} }

View File

@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
OR config.year='-1') OR config.year='-1')
ORDER BY config.year DESC"; ORDER BY config.year DESC";
$r2 = ($q); $r2 = ($q);
if(mysql_num_rows($r2) < 1) { if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */ /* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist"; echo "ERROR, Variable '$var' doesn't exist";
exit; exit;
@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch(); $v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES ( ("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".pdo->quote($v->var)."', '".$v->var."',
'".pdo->quote($v->val)."', '".$v->val."',
'".pdo->quote($v->category)."', '".$v->category."',
'".pdo->quote($v->type)."', '".$v->type."',
'".pdo->quote($v->type_values)."', '".$v->type_values."',
'".pdo->quote($v->ord)."', '".$v->ord."',
'".pdo->quote($v->description)."', '".$v->description."',
'$fairyear')"); '$fairyear')");
} }
} }
@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
print("<td>"); print("<td>");
$val = htmlspecialchars($var[$k]['val']); $val = htmlspecialchars($var[$k]['val']);
$name = "${array_name}[$k]"; $name = "{$array_name}[$k]";
switch($var[$k]['type']) { switch($var[$k]['type']) {
case "yesno": case "yesno":

View File

@ -4,38 +4,44 @@ function db_update_116_post()
global $config; global $config;
/* Fix the users that have a 0 year */ /* Fix the users that have a 0 year */
$q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0"); $q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
/* Fix users without a username */ /* Fix users without a username */
mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''"); $stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt->execute();
/*randomize usernames for any user that doesnt have a username at this point */ /*randomize usernames for any user that doesnt have a username at this point */
$q=mysql_query("SELECT id FROM `users` WHERE username=''"); $q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
$q->execute();
//this is ripped from user.inc.php's generate passsword function. //this is ripped from user.inc.php's generate passsword function.
//yes there's a chance of collisions, but i think highly unlikely enough that we //yes there's a chance of collisions, but i think highly unlikely enough that we
//dont need to worry about it. //dont need to worry about it.
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
$len=strlen($available) - 1; $len=strlen($available) - 1;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
$username=""; $username="";
for($x=0;$x<16;$x++) for($x=0;$x<16;$x++)
$username.=$available{rand(0,$len)}; $username.=$available{rand(0,$len)};
mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'"); $stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt->execute();
} }
//okay now finally, there's a chance of duplicates from //okay now finally, there's a chance of duplicates from
//committee/volunteer that were in here before, so we need to merge //committee/volunteer that were in here before, so we need to merge
//them //them
$q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'"); $q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$orig_r = $r; $orig_r = $r;
$qq = mysql_query("SELECT * FROM `users` WHERE $qq = $pdo->prepare("SELECT * FROM `users` WHERE
(`username`='{$r['username']}' OR `email`='{$r['email']}') (`username`='{$r['username']}' OR `email`='{$r['email']}')
AND `id`!={$r['id']}"); AND `id`!={$r['id']}");
if(mysql_num_rows($qq) == 0) continue; $qq->execute();
if($qq->rowCount() == 0) continue;
echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n"; echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@ -48,7 +54,7 @@ function db_update_116_post()
* */ * */
$delete_ids = array(); $delete_ids = array();
$delete_userids = array(); $delete_userids = array();
while($rr = mysql_fetch_assoc($qq)) { while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$delete_ids[] = "`id`={$rr['id']}"; $delete_ids[] = "`id`={$rr['id']}";
$delete_userids[] = "`users_id`={$rr['id']}"; $delete_userids[] = "`users_id`={$rr['id']}";
$keys = array_keys($rr); $keys = array_keys($rr);
@ -86,7 +92,8 @@ function db_update_116_post()
} }
if(count($set)) { if(count($set)) {
$query = join(',',$set); $query = join(',',$set);
mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}"); $stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt->execute();
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n"; echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
} }
@ -96,38 +103,47 @@ function db_update_116_post()
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n"; echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
/* Delete the dupe */ /* Delete the dupe */
mysql_query("DELETE FROM `users` $where_id"); $stmt = $pdo->prepare("DELETE FROM `users` $where_id");
$stmt->execute();
/* Update volunteer linkage */ /* Update volunteer linkage */
mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id"); $stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id"); $stmt->execute();
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
echo "done with this user.\n"; echo "done with this user.\n";
} }
/* Create volunteer database entries for any that don't exist */ /* Create volunteer database entries for any that don't exist */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`) while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
VALUES ('{$i->id}','yes','{$i->complete}')"); VALUES ('{$i->id}','yes','{$i->complete}')");
}
$stmt->execute();}
/* Update any remaining volunteer entries */ /* Update any remaining volunteer entries */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("UPDATE users_volunteer while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_volunteer
SET volunteer_complete='{$i->complete}' SET volunteer_complete='{$i->complete}'
WHERE users_id='{$i->id}'"); WHERE users_id='{$i->id}'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
/* Every committee member role should be activated */ /* Every committee member role should be activated */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("UPDATE users_committee while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_committee
SET committee_active='yes' SET committee_active='yes'
WHERE users_id='{$i->id}'"); WHERE users_id='{$i->id}'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
/* Convert Judges */ /* Convert Judges */
@ -136,11 +152,12 @@ function db_update_116_post()
$jsal = array(); $jsal = array();
/* Select all judges, duplicate rows for each year */ /* Select all judges, duplicate rows for each year */
$jq = mysql_query("SELECT * FROM judges $jq = $pdo->prepare("SELECT * FROM judges
LEFT JOIN judges_years ON judges_years.judges_id=judges.id LEFT JOIN judges_years ON judges_years.judges_id=judges.id
ORDER BY year"); ORDER BY year");
$jq->execute();
while($j = mysql_fetch_object($jq)) { while($j = $jq->fetch(PDO::FETCH_OBJ)) {
if(!is_array($map[$j->id])) { if(!is_array($map[$j->id])) {
$map[$j->id] = array('uid' => ''); $map[$j->id] = array('uid' => '');
@ -149,28 +166,28 @@ function db_update_116_post()
$u = array( 'id' => '', $u = array( 'id' => '',
'uid' => $map[$j->id]['uid'], 'uid' => $map[$j->id]['uid'],
'types' => 'judge', 'types' => 'judge',
'firstname' => mysql_escape_string($j->firstname), 'firstname' => $j->firstname,
'lastname' => mysql_escape_string($j->lastname), 'lastname' => $j->lastname,
'username' => mysql_escape_string($j->email), 'username' => $j->email,
'email' => mysql_escape_string($j->email), 'email' => $j->email,
'sex' => '', 'sex' => '',
'password' => mysql_escape_string($j->password), 'password' => $j->password,
'passwordset' => $j->lastlogin, 'passwordset' => $j->lastlogin,
'oldpassword' => '', 'oldpassword' => '',
'year' => $j->year, 'year' => $j->year,
'phonehome' => mysql_escape_string($j->phonehome), 'phonehome' => $j->phonehome,
'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")), 'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
'phonecell' => mysql_escape_string($j->phonecell), 'phonecell' => $j->phonecell,
'fax' => '', 'fax' => '',
'organization' => mysql_escape_string($j->organization), 'organization' => $j->organization,
'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */ 'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
'created' => $j->created, 'created' => $j->created,
'lastlogin' => $j->lastlogin, 'lastlogin' => $j->lastlogin,
'address' => mysql_escape_string($j->address), 'address' => $j->address,
'address2' => mysql_escape_string($j->address2), 'address2' => $j->address2,
'city' => mysql_escape_string($j->city), 'city' => $j->city,
'province' => mysql_escape_string($j->province), 'province' => $j->province,
'postalcode' => mysql_escape_string($j->postalcode), 'postalcode' => $j->postalcode,
'firstaid' => 'no', 'firstaid' => 'no',
'cpr' => 'no', 'cpr' => 'no',
'deleted' => $j->deleted, 'deleted' => $j->deleted,
@ -179,20 +196,22 @@ function db_update_116_post()
$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime"); $updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
//check if a user already exists with this username //check if a user already exists with this username
$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'"); $uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
if($j->email && $ur=mysql_fetch_object($uq)) { $uq->execute();
if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
$id=$ur->id; $id=$ur->id;
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n"; echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
$sqlset=""; $sqlset="";
foreach($u AS $f=>$v) { foreach($u AS $f=>$v) {
if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) { if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
$sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', "; $sqlset.="`$f`='".$j->$f."', ";
} }
} }
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'"; $sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
mysql_query($sql); $stmt = $pdo->prepare($sql);
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo " Updated user record with judge info, but only merged:\n"; echo " Updated user record with judge info, but only merged:\n";
echo " ($sqlset)\n"; echo " ($sqlset)\n";
@ -202,21 +221,23 @@ function db_update_116_post()
/* Insert the judge */ /* Insert the judge */
$fields = '`'.join('`,`', array_keys($u)).'`'; $fields = '`'.join('`,`', array_keys($u)).'`';
$vals = "'".join("','", array_values($u))."'"; $vals = "'".join("','", array_values($u))."'";
$q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)"); $q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
$id = mysql_insert_id(); $q->execute();
$id = $pdo->lastInsertId();
if($map[$j->id]['uid'] == '') { if($map[$j->id]['uid'] == '') {
$map[$j->id]['uid'] = $id; $map[$j->id]['uid'] = $id;
$q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'"); $q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q->execute();
} }
} }
$uj = array( 'users_id' => "$id", $uj = array( 'users_id' => "$id",
'judge_active' => 'yes', 'judge_active' => 'yes',
'highest_psd' => mysql_escape_string($j->highest_psd), 'highest_psd' => $j->highest_psd,
'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no', 'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):''). 'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other), $j->expertise_other,
/* These need to get pulled from the questions */ /* These need to get pulled from the questions */
'years_school' => $j->years_school, 'years_school' => $j->years_school,
'years_regional' => $j->years_regional, 'years_regional' => $j->years_regional,
@ -227,33 +248,36 @@ function db_update_116_post()
// $j->attending_lunch, // $j->attending_lunch,
/* catprefs */ /* catprefs */
$q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$catpref = array(); $catpref = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
$catpref[$i->projectcategories_id] = $i->rank; $catpref[$i->projectcategories_id] = $i->rank;
} }
$uj['cat_prefs'] = mysql_escape_string(serialize($catpref)); $uj['cat_prefs'] = serialize($catpref);
/* divprefs and subdivision prefs */ /* divprefs and subdivision prefs */
$q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$divpref = array(); $divpref = array();
$divsubpref = array(); $divsubpref = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
if($i->projectdivisions_id) if($i->projectdivisions_id)
$divpref[$i->projectdivisions_id] = $i->val; $divpref[$i->projectdivisions_id] = $i->val;
else if ($i->projectsubdivisions_id) else if ($i->projectsubdivisions_id)
$divsubpref[$i->projectsubdivisions_id] = $i->val; $divsubpref[$i->projectsubdivisions_id] = $i->val;
} }
$uj['div_prefs'] = mysql_escape_string(serialize($divpref)); $uj['div_prefs'] = serialize($divpref);
$uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref)); $uj['divsub_prefs'] = serialize($divsubpref);
/* languages */ /* languages */
$q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'"); $q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q->execute();
$langs = array(); $langs = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
$langs[] = $i->languages_lang; $langs[] = $i->languages_lang;
} }
$uj['languages'] = mysql_escape_string(serialize($langs)); $uj['languages'] = serialize($langs);
/* Map judges questions back to the profile. We're going to keep questions we need for /* Map judges questions back to the profile. We're going to keep questions we need for
* judge scheduling as hard-coded questions so users can't erase them. * judge scheduling as hard-coded questions so users can't erase them.
@ -264,25 +288,27 @@ function db_update_116_post()
'willing_chair' => 'Willing Chair'); 'willing_chair' => 'Willing Chair');
foreach($qmap as $field=>$head) { foreach($qmap as $field=>$head) {
/* Find the question ID */ /* Find the question ID */
$q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'"); $q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
if(mysql_num_rows($q) == 0) { $q->execute();
if($q->rowCount() == 0) {
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n"; echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
continue; continue;
} }
$i = mysql_fetch_object($q); $i = $q->fetch(PDO::FETCH_OBJ);
/* Now find the answer */ /* Now find the answer */
$q = mysql_query("SELECT * FROM question_answers WHERE $q = $pdo->prepare("SELECT * FROM question_answers WHERE
year='{$j->year}' AND year='{$j->year}' AND
registrations_id='{$j->id}' AND registrations_id='{$j->id}' AND
questions_id='{$i->id}'"); questions_id='{$i->id}'");
echo mysql_error(); $q->execute();
if(mysql_num_rows($q) == 0) { echo $pdo->errorInfo();
if($q->rowCount() == 0) {
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n"; echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
continue; continue;
} }
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC)
$uj[$field] = $i['answer']; $uj[$field] = $i['answer'];
} }
@ -290,42 +316,55 @@ function db_update_116_post()
$fields = '`'.join('`,`', array_keys($uj)).'`'; $fields = '`'.join('`,`', array_keys($uj)).'`';
$vals = "'".join("','", array_values($uj))."'"; $vals = "'".join("','", array_values($uj))."'";
$q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)"); $q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
/* FIXUP all the judging tables (but don't write back yet, we don't want to /* FIXUP all the judging tables (but don't write back yet, we don't want to
* accidentally create a duplicate judges_id and overwrite it later) */ * accidentally create a duplicate judges_id and overwrite it later) */
/* judges_teams_link */ /* judges_teams_link */
$q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
while($i = mysql_fetch_object($q))
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jtl[$i->id] = $id; $jtl[$i->id] = $id;
/* judges_specialawards_sel */ /* judges_specialawards_sel */
$q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q)) $q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jsal[$i->id] = $id; $jsal[$i->id] = $id;
/* question_answers */ /* question_answers */
$q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q)) $q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$qa[$i->id] = $id; $qa[$i->id] = $id;
} }
/* Now write back the judge ids */ /* Now write back the judge ids */
if(count($jtl)) { if(count($jtl)) {
foreach($jtl as $id=>$new_id) foreach($jtl as $id=>$new_id)
$q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
if(count($jsal)) { if(count($jsal)) {
foreach($jsal as $id=>$new_id) foreach($jsal as $id=>$new_id)
$q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
if(count($qa)) { if(count($qa)) {
foreach($qa as $id=>$new_id) foreach($qa as $id=>$new_id)
$q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
} }
?> ?>

View File

@ -4,9 +4,10 @@ function db_update_122_post()
{ {
global $config; global $config;
$year = $config['FAIRYEAR']; $year = $config['FAIRYEAR'];
$q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'"); $q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
$q->execute();
$round = array(); $round = array();
while($r = mysql_fetch_assoc($q)) { while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$type = $r['type']; $type = $r['type'];
if(!array_key_exists($type, $round)) { if(!array_key_exists($type, $round)) {
@ -25,19 +26,23 @@ function db_update_122_post()
} }
foreach($round as $type=>$d) { foreach($round as $type=>$d) {
mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')"); VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
$round_id = mysql_insert_id(); $stmt->execute();
$round_id = $pdo->lastInsertId();
mysql_query("UPDATE judges_timeslots SET $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='$round_id', type='timeslot' round_id='$round_id', type='timeslot'
WHERE type='$type' AND year='$year'");
WHERE type='$type' AND year='$year'");
$stmt->execute();
/* Undo the set we just did to the round we just inserted */ /* Undo the set we just did to the round we just inserted */
mysql_query("UPDATE judges_timeslots SET $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='0',type='$type' round_id='0',type='$type'
WHERE id='$round_id'"); WHERE id='$round_id'");
} $stmt->execute();
}
} }
?> ?>

View File

@ -5,29 +5,31 @@ function db_update_129_pre()
{ {
/* Load all external award sources */ /* Load all external award sources */
$source_map = array(); $source_map = array();
$q = mysql_query("SELECT * FROM award_sources"); $q = $pdo->prepare("SELECT * FROM award_sources");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = m$q->fetch(PDO::FETCH_ASSOC) {
/* Make a user, use the password generator to get /* Make a user, use the password generator to get
* a random username */ * a random username */
$u = db129_user_create('fair', db129_user_generate_password()); $u = db129_user_create('fair', db129_user_generate_password());
/* Add a Fair Entry */ /* Add a Fair Entry */
$name = mysql_escape_string($r['name']); $name = $r['name'];
$url = mysql_escape_string($r['url']); $url = $r['url'];
$website = mysql_escape_string($r['website']); $website = $r['website'];
$username = mysql_escape_string($r['username']); $username = $r['username'];
$password = mysql_escape_string($r['password']); $password = $r['password'];
$en = ($r['enabled'] == 'no') ? 'no' : 'yes'; $en = ($r['enabled'] == 'no') ? 'no' : 'yes';
mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`, $stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
`url`,`website`,`username`,`password`,`enable_stats`, `url`,`website`,`username`,`password`,`enable_stats`,
`enable_awards`,`enable_winners`) VALUES ( `enable_awards`,`enable_winners`) VALUES (
'', '$name', '', 'ysf', '$url', '$web', '', '$name', '', 'ysf', '$url', '$web',
'$username','$password','no','$en','$en')"); '$username','$password','no','$en','$en')");
$stmt->execute();
/* Link the fair to the user */ /* Link the fair to the user */
$u['fairs_id'] = mysql_insert_id(); $u['fairs_id'] = $pdo->lastInsertId();
/* Record the old sources_id to new sources_id mapping */ /* Record the old sources_id to new sources_id mapping */
$source_map[$r['id']] = $u['fairs_id']; $source_map[$r['id']] = $u['fairs_id'];
@ -36,14 +38,16 @@ function db_update_129_pre()
} }
/* Map all awards to their new source IDs */ /* Map all awards to their new source IDs */
$q = mysql_query("SELECT * FROM award_awards"); $q = $pdo->prepare("SELECT * FROM award_awards");
$q->execute();
$keys = array_keys($source_map); $keys = array_keys($source_map);
while($r = mysql_fetch_assoc($q)) { while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
$old_id = $r['award_sources_id']; $old_id = $r['award_sources_id'];
if(!in_array($old_id, $keys)) continue; if(!in_array($old_id, $keys)) continue;
$qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}' $qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
WHERE id='{$r['id']}'"); WHERE id='{$r['id']}'");
$qq->execute();
} }

View File

@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
$id = intval($user); $id = intval($user);
$query .= " `users`.`id`='$id'"; $query .= " `users`.`id`='$id'";
} }
$q=mysql_query($query); $q=$pdo->prepare($query);
$q->execute();
if(mysql_num_rows($q)!=1) { if($q->rowCount()!=1) {
echo "Query [$query] returned ".mysql_num_rows($q)." rows\n"; echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>"; // echo "<pre>";
// print_r(debug_backtrace()); // print_r(debug_backtrace());
return false; return false;
} }
$ret = mysql_fetch_assoc($q); $ret = $q->fetch(PDO::FETCH_ASSOC);
/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would /* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
* simply return the previous year (where deleted=no) */ * simply return the previous year (where deleted=no) */
@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */ /* pass $u by reference so we can update it */
$save_old = false; $save_old = false;
if($password == NULL) { if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'"); $q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q); $q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */ /* Generate a new password */
$password = db129_user_generate_password(12); $password = db129_user_generate_password(12);
/* save the old password only if it's not an auto-generated one */ /* save the old password only if it's not an auto-generated one */
@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
$save_set = 'NOW()'; $save_set = 'NOW()';
} }
$p = mysql_escape_string($password); $p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : ''; $set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set "; $set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'"; $query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query); $stmt = $pdo->prepare($query);
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
return $password; return $password;
} }
@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
} }
if(is_array($u[$f])) if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f])); $data = serialize($u[$f]);
else else
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "`$f`='$data'"; $set .= "`$f`='$data'";
} }
if($set != "") { if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'"; $query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
if(mysql_error()) { $stmt->execute();
echo mysql_error(); if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query"); echo error("Full query: $query");
} }
} }
@ -337,7 +341,7 @@ function db129_user_save($u)
// if($f == 'types') // if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'"; // $set .= "$f='".implode(',', $u[$f])."'";
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "$f='$data'"; $set .= "$f='$data'";
} }
//echo "<pre>"; //echo "<pre>";
@ -345,9 +349,10 @@ function db129_user_save($u)
//echo "</pre>"; //echo "</pre>";
if($set != "") { if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'"; $query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]"; // echo "query=[$query]";
echo mysql_error(); echo $pdo->errorInfo();
} }
/* Save the password if it changed */ /* Save the password if it changed */
@ -364,7 +369,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u) function db129_user_delete_committee($u)
{ {
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'"); $stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
} }
function db129_user_delete_volunteer($u) function db129_user_delete_volunteer($u)
@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
{ {
global $config; global $config;
$id = $u['id']; $id = $u['id'];
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'"); $stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'"); $stmt->execute();
} $stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();}
function db129_user_delete_fair($u) function db129_user_delete_fair($u)
{ {
@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else { } else {
$finish_delete = true; $finish_delete = true;
} }
@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
$finish_delete = true; $finish_delete = true;
} }
if($finish_delete == true) { if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
} }
} }
@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else { } else {
$finish_purge = true; $finish_purge = true;
} }
@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
* out the entry */ * out the entry */
call_user_func("db129_user_delete_$type", $u); call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u); // call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else { } else {
/* Delete the whole user */ /* Delete the whole user */
foreach($u['types'] as $t) { foreach($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u); call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u); // call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
} }
$finish_purge = true; $finish_purge = true;
} }
if($finish_purge == true) { if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
} }
} }
@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{ {
global $config; global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */ $nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'"); $q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) { $q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n"; echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit; exit;
} }
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval; $i[$key] = $newval;
foreach($i as $k=>$v) { foreach($i as $k=>$v) {
@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
else if($k == 'year') else if($k == 'year')
$i[$k] = $config['FAIRYEAR']; $i[$k] = $config['FAIRYEAR'];
else else
$i[$k] = '\''.mysql_escape_string($v).'\''; $i[$k] = '\''.$v.'\'';
} }
$keys = '`'.join('`,`', array_keys($i)).'`'; $keys = '`'.join('`,`', array_keys($i)).'`';
@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)"; $q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]"; // echo "Dupe Query: [$q]";
$r = mysql_query($q); $r = $pdo->prepare($q);
echo mysql_error(); $r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id(); $id = $pdo->lastInsertId();
return $id; return $id;
} }
/* Used by the login scripts to copy one user from one year to another */ /* Used by the login scripts to copy one user from one year to another */
@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
* - That previous entry has deleted=no */ * - That previous entry has deleted=no */
/* Find the last entry */ /* Find the last entry */
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}' $q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1"); ORDER BY year DESC LIMIT 1");
$r = mysql_fetch_object($q); $q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'yes') { if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n"; echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit; exit;
@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
} }
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL); $id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'"); $q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */ /* Load the new user */
$u2 = db129_user_load($id); $u2 = db129_user_load($id);
@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
{ {
global $config; global $config;
if(!is_array($u)) { if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')"); VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
echo mysql_error(); $stmt->execute();
$uid = mysql_insert_id(); echo $pdo->errorInfo();
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'"); $uid = $pdo->lastInsertId();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
db129_user_set_password($uid, NULL); db129_user_set_password($uid, NULL);
} else { } else {
/* The user has been specified and already exists, /* The user has been specified and already exists,
@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
exit; exit;
} }
$new_types = implode(',', $u['types']).','.$type; $new_types = implode(',', $u['types']).','.$type;
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'"); $stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt->execute();
} }
switch($type) { switch($type) {
case 'volunteer': case 'volunteer':
mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'student': case 'student':
// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')"); // $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
break; $stmt->execute();
break;
case 'judge': case 'judge':
mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'fair': case 'fair':
mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'committee': case 'committee':
mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'sponsor': case 'sponsor':
mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')"); $stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt->execute();
break; break;
} }
return db129_user_load($uid); return db129_user_load($uid);

View File

@ -4,7 +4,7 @@
function db_update_136_pre() function db_update_136_pre()
{ {
global $config; global $config;
mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada', $stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
`abbrv` = 'YSC', `abbrv` = 'YSC',
`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php', `website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
`enable_stats` = 'yes', `enable_stats` = 'yes',
@ -15,14 +15,16 @@ function db_update_136_pre()
WHERE WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'"); `url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
$stmt->execute();
mysql_query("UPDATE fairs SET `abbrv` = 'STO', $stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php', `website` = 'http://www.scitechontario.org/awarddownloader/help.php',
`enable_stats` = 'yes', `enable_stats` = 'yes',
`enable_awards` = 'yes', `enable_awards` = 'yes',
`enable_winners` = 'yes' `enable_winners` = 'yes'
WHERE WHERE
`url`='http://www.scitechontario.org/awarddownloader/index.php'"); `url`='http://www.scitechontario.org/awarddownloader/index.php'");
$stmt->execute();
} }

View File

@ -1,8 +1,9 @@
<? <?
function db_update_142_post() { function db_update_142_post() {
$q=mysql_query("SELECT * FROM config WHERE var='FISCALYEAR'"); $q=$pdo->prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
if(mysql_num_rows($q)) { $q->execute();
if($q->rowCount()) {
//great its there, do nothing, it must have been inserted by the installer when doing a fresh install //great its there, do nothing, it must have been inserted by the installer when doing a fresh install
} }
else { else {
@ -11,7 +12,8 @@ function db_update_142_post() {
$month=date("m"); $month=date("m");
if($month>6) $fiscalyearsuggest=date("Y")+1; if($month>6) $fiscalyearsuggest=date("Y")+1;
else $fiscalyearsuggest=date("Y"); else $fiscalyearsuggest=date("Y");
mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')"); $stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute();
} }
} }

View File

@ -17,8 +17,9 @@ $update_62_committee = array();
function db_update_62_pre() function db_update_62_pre()
{ {
global $update_62_committee; global $update_62_committee;
$q = mysql_query("SELECT * FROM committees_members"); $q = $pdo->prepare("SELECT * FROM committees_members");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$update_62_committee[] = $r; $update_62_committee[] = $r;
} }
} }
@ -31,8 +32,7 @@ function db_update_62_post()
foreach($update_62_committee as $c) { foreach($update_62_committee as $c) {
list($fn, $ln) = split(' ', $c['name'], 2); list($fn, $ln) = split(' ', $c['name'], 2);
$username = $c['email']; $username = $c['email'];
$fn = mysql_escape_string($fn);
$ln = mysql_escape_string($ln);
if($config['committee_password_expiry_days'] > 0) { if($config['committee_password_expiry_days'] > 0) {
$passwordexpiry = "DATE_ADD(CURDATE(), $passwordexpiry = "DATE_ADD(CURDATE(),
INTERVAL {$config['committee_password_expiry_days']} DAY)"; INTERVAL {$config['committee_password_expiry_days']} DAY)";
@ -46,19 +46,20 @@ function db_update_62_post()
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`, `email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`) `created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username', VALUES ('committee','$fn', '$ln', '$username',
'".mysql_escape_string($c['password'])."', '".$c['password']."',
$passwordexpiry, $passwordexpiry,
'{$c['email']}', '{$c['email']}',
'{$c['phonehome']}', '{$c['phonehome']}',
'{$c['phonework']}', '{$c['phonework']}',
'{$c['phonecell']}', '{$c['phonecell']}',
'{$c['fax']}', '{$c['fax']}',
'".mysql_escape_string($c['organization'])."', '".$c['organization']."',
NOW(), NOW(),
'$deleted')"; '$deleted')";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
$id = mysql_insert_id(); $id = $pdo->lastInsertId();
$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no'; $access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no'; $access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@ -73,14 +74,16 @@ function db_update_62_post()
'$access_admin', '$access_admin',
'$access_config', '$access_config',
'$access_super')"; '$access_super')";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
echo mysql_error(); echo $pdo->errorInfo();
/* Update committee links */ /* Update committee links */
$q = "UPDATE committees_link SET users_id='$id' $q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'"; WHERE committees_members_id='{$c['id']}'";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
} }

View File

@ -1,10 +1,12 @@
<? <?
function db_update_81_post() function db_update_81_post()
{ {
$q = mysql_query("SELECT DISTINCT award_sponsors_id FROM award_contacts"); $q = $pdo->prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
while($i = mysql_fetch_object($q)) { $q->execute();
while($i = m$q->fetch(PDO::FETCH_OBJ)) {
$asid = $i->award_sponsors_id; $asid = $i->award_sponsors_id;
mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1"); $stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt->execute();
} }
} }
?> ?>

View File

@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
} }
/* Check to see if they have ranked all project age categories, and all divisions */ /* Check to see if they have ranked all project age categories, and all divisions */
$q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numcats=$r->num; $numcats=$r->num;
if($numcats != count($u['cat_prefs'])) return 'incomplete'; if($numcats != count($u['cat_prefs'])) return 'incomplete';
$q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numdivisions=$r->num; $numdivisions=$r->num;
if($numdivisions != count($u['div_prefs'])) return 'incomplete'; if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@ -75,14 +77,16 @@ function judge_status_questions($u){
*/ */
global $config; global $config;
// get the questions we're looking for // get the questions we're looking for
$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'"); $q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q->execute();
$idList = array(); $idList = array();
while($row = mysql_fetch_assoc($q)) $idList[] = $row['id']; while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
$rval = 'complete'; $rval = 'complete';
if(count($idList)){ if(count($idList)){
$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL"); $q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$row = mysql_fetch_assoc($q); $q->execute();
$row = $q->fetch(PDO::FETCH_ASSOC);
if(intval($row['tally']) != count($idList)) $rval = 'incomplete'; if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
} }
return $rval; return $rval;
@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
* - judge has selected between min and max preferences * - judge has selected between min and max preferences
*/ */
$qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel $qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel
WHERE users_id='{$u['id']}'"); WHERE users_id='{$u['id']}'");
$rr = mysql_fetch_object($qq); $qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
$awards_selected = $rr->num; $awards_selected = $rr->num;
// echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})"; // echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@ -127,9 +132,9 @@ function judge_status_availability(&$u)
global $config; global $config;
if($config['judges_availability_enable'] == 'no') return 'complete'; if($config['judges_availability_enable'] == 'no') return 'complete';
$q = mysql_query("SELECT id FROM judges_availability $q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\""); WHERE users_id=\"{$u['id']}\"");
if(mysql_num_rows($q) > 0) return 'complete'; if($q->rowCount() > 0) return 'complete';
return 'incomplete'; return 'incomplete';
} }

View File

@ -220,8 +220,9 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n"; // echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break; break;
} }
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'"); $q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q)) $q->execute();
if($r=$q->fetch(PDO::FETCH_OBJ))
$prevnr=$nr; $prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight); // printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);

View File

@ -27,12 +27,14 @@ exit;
include "../common.inc.php"; include "../common.inc.php";
$projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'"); $projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
while($projr=mysql_fetch_object($projq)) $projq->execute();
while($projr=$projq->fetch(PDO::FETCH_OBJ))
{ {
$reg_id=$projr->id; $reg_id=$projr->id;
$q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'"); $q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$projectnumber=$config['project_num_format']; $projectnumber=$config['project_num_format'];
//first replace the division and category //first replace the division and category
@ -41,15 +43,16 @@ include "../common.inc.php";
//now change the N to a % so we can use it as a wildcard //now change the N to a % so we can use it as a wildcard
$querynum=str_replace('N','%',$projectnumber); $querynum=str_replace('N','%',$projectnumber);
$searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'"); $searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq->execute();
print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n"); print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
$searchnum=mysql_num_rows($searchq); $searchnum=$searchq->rowCount();
echo "searchnum=$searchnum \n"; echo "searchnum=$searchnum \n";
if(mysql_num_rows($searchq)) if($searchq->rowCount())
{ {
//first, put them all in an array //first, put them all in an array
$proj_nums=array(); $proj_nums=array();
while($searchr=mysql_fetch_object($searchq)) while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
{ {
$proj_nums[]=$searchr->projectnumber; $proj_nums[]=$searchr->projectnumber;
} }
@ -77,7 +80,8 @@ include "../common.inc.php";
} }
$projectnumber=str_replace('N',$Nnum,$projectnumber); $projectnumber=str_replace('N',$Nnum,$projectnumber);
mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if($projectnumber) if($projectnumber)
{ {
echo "Assigned new project number $projectnumber\n"; echo "Assigned new project number $projectnumber\n";

View File

@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
exit; exit;
include "../common.inc.php"; include "../common.inc.php";
mysql_query("DELETE FROM tours_choice WHERE year='2008'"); $stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
$stmt->execute();
$q=mysql_query("SELECT students.id AS students_id, $q=$pdo->prepare("SELECT students.id AS students_id,
registrations.id AS registrations_id registrations.id AS registrations_id
FROM registrations, FROM registrations,
students students
@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
AND registrations.year='2008' AND registrations.year='2008'
AND students.registrations_id=registrations.id AND students.registrations_id=registrations.id
AND students.year='2008'"); AND students.year='2008'");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r"); $tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq->execute();
$rank=1; $rank=1;
while($tr=mysql_fetch_object($tq)) { while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES ( $stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank' '$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
)"); )");
$stmt->execute();
$rank++; $rank++;
} }
echo "Assigned student $r->students_id\n"; echo "Assigned student $r->students_id\n";

View File

@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1) if(count($argv)>1)
{ {
echo "TRUNCATING TABLE DATA....\n"; echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE registrations"); $stmt = $pdo->prepare("TRUNCATE TABLE registrations");
mysql_query("TRUNCATE TABLE students"); $stmt->execute();
mysql_query("TRUNCATE TABLE projects"); $stmt = $pdo->prepare("TRUNCATE TABLE students");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE projects");
$stmt->execute();
echo "DONE.\n\n"; echo "DONE.\n\n";
} }
?> ?>

View File

@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1) if(count($argv)>1)
{ {
echo "TRUNCATING TABLE DATA....\n"; echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE judges_teams"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
mysql_query("TRUNCATE TABLE judges_teams_awards_link"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_teams_link"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_link"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
$stmt->execute();
echo "DONE.\n\n"; echo "DONE.\n\n";
} }
?> ?>

View File

@ -28,11 +28,16 @@ include "../common.inc.php";
$numjudges=200; $numjudges=200;
mysql_query("TRUNCATE TABLE judges"); $stmt = $pdo->prepare("TRUNCATE TABLE judges");
mysql_query("TRUNCATE TABLE judges_catpref"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_expertise"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
mysql_query("TRUNCATE TABLE judges_years"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_languages"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
$stmt->execute();
function getrand($ar) function getrand($ar)
@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
$compnum=rand(0,20); $compnum=rand(0,20);
if($compnum==1) $complete="no"; else $complete="yes"; if($compnum==1) $complete="no"; else $complete="yes";
$q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')"); $q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$id=mysql_insert_id(); $q->execute();
$id=$pdo->lastInsertId();
//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3 //for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
//to compensate //to compensate
@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
for($a=1;$a<=3;$a++) for($a=1;$a<=3;$a++)
{ {
$catrank=rand(-2,2); $catrank=rand(-2,2);
mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt->execute();
} }
//expertise is ranked 1-5 //expertise is ranked 1-5
for($a=1;$a<=6;$a++) for($a=1;$a<=6;$a++)
{ {
$divrank=rand(1,5); $divrank=rand(1,5);
mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt->execute();
} }
//and add the record to the judges_years table so they will be 'active' for this year //and add the record to the judges_years table so they will be 'active' for this year
mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt->execute();
//60% chance they only speak english //60% chance they only speak english
//20% chance they only speak french //20% chance they only speak french
//20% chance they are bilingual //20% chance they are bilingual
$num=rand(0,100); $num=rand(0,100);
if($num<60) if($num<60)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')"); {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();}
else if($num<80) else if($num<80)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')"); {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();}
else { else {
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')"); $stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')"); $stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
} }

View File

@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
$starters=array("effects of","study of","analysis of"); $starters=array("effects of","study of","analysis of");
$joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with"); $joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'"); $numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
while($s=mysql_fetch_object($numschools)) $numschools->execute();
while($s=$numschools->fetch(PDO::FETCH_OBJ))
{ {
//1 in 4 chance of actually using this school //1 in 4 chance of actually using this school
$o=rand(1,4); $o=rand(1,4);
@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
$pd=rand(1,$prob_unpaid); $pd=rand(1,$prob_unpaid);
if($pd==1) $status='paymentpending'; else $status='complete'; if($pd==1) $status='paymentpending'; else $status='complete';
$q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)"); $q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
if($id=mysql_insert_id()) $q->execute();
if($id=$pdo->lastInsertId())
{ {
$peeps=rand(1,$prob_dual); $peeps=rand(1,$prob_dual);
@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
$firstname=getrand($firstnames); $firstname=getrand($firstnames);
$email=strtolower($firstname)."@".getrand($domains); $email=strtolower($firstname)."@".getrand($domains);
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')"); $stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt->execute();
} }
$div=rand(1,6); $div=rand(1,6);
@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
if($langnum<4) $lang="fr"; else $lang="en"; if($langnum<4) $lang="fr"; else $lang="en";
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')"); $stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt->execute();
} }
} }

View File

@ -28,17 +28,19 @@
function roll($currentfairyear, $newfairyear, $table, $fields) function roll($currentfairyear, $newfairyear, $table, $fields)
{ {
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`'; $names = '`'.join('`,`', $fields).'`';
while($r=mysql_fetch_assoc($q)) { while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = ''; $vals = '';
foreach($fields as $f) { foreach($fields as $f) {
$vals .= ",'".mysql_real_escape_string($r[$f])."'"; $vals .= ",'".$r[$f]."'";
} }
mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)"); $stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
@ -47,35 +49,36 @@ $newfairyear=2010;
echo i18n("Rolling schools")."<br />"; echo i18n("Rolling schools")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."', '".$r->school."',
'".mysql_real_escape_string($r->schoollang)."', '".$r->schoollang."',
'".mysql_real_escape_string($r->schoollevel)."', '".$r->schoollevel."',
'".mysql_real_escape_string($r->board)."', '".$r->board."',
'".mysql_real_escape_string($r->district)."', '".$r->district."',
'".mysql_real_escape_string($r->phone)."', '".$r->phone."',
'".mysql_real_escape_string($r->fax)."', '".$r->fax."',
'".mysql_real_escape_string($r->address)."', '".$r->address."',
'".mysql_real_escape_string($r->city)."', '".$r->city."',
'".mysql_real_escape_string($r->province_code)."', '".$r->province_code."',
'".mysql_real_escape_string($r->postalcode)."',$puid, '".$r->postalcode."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid, '".$r->schoolemail."',$shuid,
'".mysql_real_escape_string($r->accesscode)."', '".$r->accesscode."',
NULL, NULL,
'".mysql_real_escape_string($r->junior)."', '".$r->junior."',
'".mysql_real_escape_string($r->intermediate)."', '".$r->intermediate."',
'".mysql_real_escape_string($r->senior)."', '".$r->senior."',
'".mysql_real_escape_string($r->registration_password)."', '".$r->registration_password."',
'".mysql_real_escape_string($r->projectlimit)."', '".$r->projectlimit."',
'".mysql_real_escape_string($r->projectlimitper)."', '".$r->projectlimitper."',
'".mysql_real_escape_string($newfairyear)."')"); '".$newfairyear."')");
$stmt->execute();
} }
?> ?>

View File

@ -781,13 +781,15 @@ function user_create($type, $username, $u = NULL)
if(!is_array($u)) { if(!is_array($u)) {
$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')"); VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
$stmt->execute()'; $stmt->execute();
echo $pdo->errorInfo(); echo $pdo->errorInfo();
$uid = mysql_insert_id(); $uid = $pdo->lastInsertId();
if(user_valid_email($username)) { if(user_valid_email($username)) {
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt->execute();
} }
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
echo $pdo->errorInfo(); echo $pdo->errorInfo();
user_set_password($uid, NULL); user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this /* Since the user already has a type, user_save won't create this

View File

@ -31,8 +31,9 @@ function volunteer_status_position($u)
/* See if they have selected something */ /* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}' $q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}'"; AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
if(mysql_num_rows($r) >= 1) { $r->execute();
if($r->rowCount() >= 1) {
return "complete"; return "complete";
} }
return "incomplete"; return "incomplete";

View File

@ -44,8 +44,9 @@
/* Load available IDs */ /* Load available IDs */
$posns = array(); $posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'"; $q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
while($p = mysql_fetch_object($r)) { $r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$posns[] = $p->id; $posns[] = $p->id;
} }
@ -59,18 +60,20 @@
} }
/* Delete existing selections */ /* Delete existing selections */
mysql_query("DELETE FROM volunteer_positions_signup $stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup
WHERE WHERE
users_id='{$u['id']}' users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}' "); AND year='{$config['FAIRYEAR']}' ");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
/* Add new selections if there are any */ /* Add new selections if there are any */
if($vals != '') { if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year) $q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals"; VALUES $vals";
$r=mysql_query($q); $r=$po->prepare($q);
echo mysql_error(); $r->execute();
echo $pdo->errorInfo();
} }
@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
$q = "SELECT * FROM volunteer_positions_signup WHERE $q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$u['id']}' users_id = '{$u['id']}'
AND year='{$config['FAIRYEAR']}'"; AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
$r->execute();
$checked_positions = array(); $checked_positions = array();
while($p = mysql_fetch_object($r)) { while($p = $r->fetch(PDO::FETCH_OBJ)) {
$checked_positions[] = $p->volunteer_positions_id; $checked_positions[] = $p->volunteer_positions_id;
} }
/* Load available volunteer positions */ /* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend $q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'"; FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
while($p = mysql_fetch_object($r)) { $r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td>'; echo '<tr><td>';

View File

@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
$show_unawarded_awards="no"; $show_unawarded_awards="no";
$show_unawarded_prizes="no"; $show_unawarded_prizes="no";
$year=intval($_GET['year']); $year=intval($_GET['year']);
$type=mysql_real_escape_string($_GET['type']); $type=$_GET['type'];
echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>"; echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>";
@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
//first, lets make sure someone isnt tryint to see something that they arent allowed to! //first, lets make sure someone isnt tryint to see something that they arent allowed to!
//but only if the year they want is the FAIRYEAR. If they want a past year, thats cool //but only if the year they want is the FAIRYEAR. If they want a past year, thats cool
if($_GET['year']>=$config['FAIRYEAR']) { if($_GET['year']>=$config['FAIRYEAR']) {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1) if($r->test!=1)
{ {
echo error(i18n("Crystal ball says future is very hard to see!")); echo error(i18n("Crystal ball says future is very hard to see!"));
@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
if($ok) if($ok)
{ {
$q=mysql_query("SELECT $q=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards.name, award_awards.name,
award_awards.order AS awards_order, award_awards.order AS awards_order,
@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
ORDER BY ORDER BY
awards_order"); awards_order");
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)) if($q->rowCount())
{ {
echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>"; echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
echo "<br />"; echo "<br />";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$pq=mysql_query("SELECT $pq=$pdo->prepare("SELECT
award_prizes.prize, award_prizes.prize,
award_prizes.number, award_prizes.number,
award_prizes.id, award_prizes.id,
@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
AND award_prizes.year='$year' AND award_prizes.year='$year'
ORDER BY ORDER BY
`order`"); `order`");
echo mysql_error(); $pq->execute();
echo $pdo->errorInfo();
$awarded_count = 0; $awarded_count = 0;
if($show_unawarded_awards=="no") if($show_unawarded_awards=="no")
{ {
while($pr=mysql_fetch_object($pq)) while($pr=$pq->fetch(PDO::FETCH_OBJ))
{ {
if($pr->projectnumber) if($pr->projectnumber)
{ {
$awarded_count++; $awarded_count++;
} }
} }
// Still have to find the PDO equivalent
mysql_data_seek($pq, 0); mysql_data_seek($pq, 0);
} }
if($show_unawarded_awards=="yes" || $awarded_count > 0) if($show_unawarded_awards=="yes" || $awarded_count > 0)
@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
} }
$prevprizeid=-1; $prevprizeid=-1;
while($pr=mysql_fetch_object($pq)) while($pr=$pq->fetch(PDO::FETCH_OBJ))
{ {
if(!($pr->projectnumber) && $show_unawarded_prizes=="no") if(!($pr->projectnumber) && $show_unawarded_prizes=="no")
{ {
@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
echo "&nbsp&nbsp;&nbsp;&nbsp;"; echo "&nbsp&nbsp;&nbsp;&nbsp;";
echo "($pr->projectnumber) ".htmlspecialchars($pr->title); echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
$sq=mysql_query("SELECT students.firstname, $sq=$pdo->prepare("SELECT students.firstname,
students.lastname, students.lastname,
students.schools_id, students.schools_id,
students.webfirst, students.webfirst,
@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
students.registrations_id='$pr->reg_id' students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id AND students.schools_id=schools.id
"); ");
$sq->execute();
$studnum=0; $studnum=0;
$students=""; $students="";
$schools=array(); $schools=array();
while($studentinfo=mysql_fetch_object($sq)) while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
{ {
if($studnum>0 && $prev) $students.=", "; if($studnum>0 && $prev) $students.=", ";
@ -242,7 +246,7 @@ else
$first=true; $first=true;
if($q->rowCount()) if($q->rowCount())
{ {
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($first && $r->year != $config['FAIRYEAR']) if($first && $r->year != $config['FAIRYEAR'])
{ {
@ -258,7 +262,7 @@ else
//do this each time, because each year the names of the award types could change, along with what is actually given out. //do this each time, because each year the names of the award types could change, along with what is actually given out.
// //
$tq=mysql_query("SELECT $tq=$pdo->prepare("SELECT
DISTINCT(award_types.type) AS type DISTINCT(award_types.type) AS type
FROM FROM
winners, winners,
@ -273,8 +277,9 @@ else
ORDER BY ORDER BY
award_types.order award_types.order
"); ");
echo mysql_error(); $tq->execute();
while($tr=mysql_fetch_object($tq)) { echo $pdo->errorInfo();
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />"; echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
} }
echo "<br />"; echo "<br />";