Mysql conversion

2024-12-10 19:40:23 -05:00 · 2024-12-10 19:40:23 -05:00 · f7c6c506a1
commit f7c6c506a1
parent bf8a23fc85
41 changed files with 855 additions and 612 deletions
--- a/admin/judges_scheduler_status_output.php
+++ b/admin/judges_scheduler_status_output.php
@ -2,12 +2,14 @@
 include "../data/config.inc.php";
 mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
 mysql_select_db($DBNAME);
-$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
+$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
-$r=mysql_fetch_object($q);
+$q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
 $percent=$r->val;
-$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
+$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
-$r=mysql_fetch_object($q);
+$q->execute();
 $r=$q->fetch(PDO::FETCH_OBJ);
 $status=$r->val;
 echo "$percent:$status\n";
--- a/admin/reports_students.inc.php
+++ b/admin/reports_students.inc.php
@ -247,7 +247,7 @@ $report_students_fields = array(
 		'group_by' => array('students.registrations_id')),
 	'allnames_split' =>  array(
-		'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ",
+		'name' => "Student -- All Student Names (REQUIRES  5.0) (Split) ",
 		'header' => 'Student(s)',
 		'width' => 3.0,
 		'scalable' => true,
--- a/admin/tours_sa_status.php
+++ b/admin/tours_sa_status.php
@ -28,12 +28,14 @@ ogram; see the file COPYING.  If not, write to
 	include "../data/config.inc.php";
 	mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
 	mysql_select_db($DBNAME);
-	$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
+	$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	$percent=$r->val;
-	$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
+	$q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	$status=$r->val;
 	echo "$percent:$status\n";
--- a/app/projectinfo.php
+++ b/app/projectinfo.php
@ -24,14 +24,15 @@
 require("../common.inc.php");
 	//first, lets make sure someone isng tryint to see something that they arent allowed to!
-	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
-	$pn=trim(mysql_real_escape_string($_GET['n']));
+	$pn=trim($_GET['n']);
 	if($r->test) {
-		$q=mysql_query("SELECT  
+		$q=$pdo->prepare("SELECT  
 					registrations.id AS reg_id,
 					registrations.status,
 					projects.title,
@ -55,14 +56,15 @@
 					AND projects.projectnumber='$pn'
 				LIMIT 1
 				");
-			echo mysql_error();
+			echo $pdo->errorInfo();
-		$r=mysql_fetch_assoc($q);
+		$r=$q->fetch(PDO::FETCH_ASSOC);
 		$regid=$r['reg_id'];
-		$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
+		$q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
 		$q2->execute();
 		$students="";
-		while($stud=mysql_fetch_object($q2)) {
+		while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
 			if($stud->webfirst=="yes")
 				$students.="$stud->firstname ";
--- a/app/projectlist.php
+++ b/app/projectlist.php
@ -24,12 +24,13 @@
 require("../common.inc.php");
 	//first, lets make sure someone isnt trying to see something that they arent allowed to!
-	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	if($r->test) {
-		$q=mysql_query("SELECT  registrations.id AS reg_id,
+		$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 					registrations.status,
 					projects.title,
 					projects.projectnumber,
@ -54,11 +55,12 @@
 					projectdivisions.id,
 					projects.projectnumber
 				");
-			echo mysql_error();
+			$q->execute();
 			echo $pdo->errorInfo();
 		$lastcat="something_that_does_not_exist";
 		$lastdiv="something_that_does_not_exist";
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if(!$r->title) $t="{no title}";
 			else $t=$r->title;
--- a/app/projects.php
+++ b/app/projects.php
@ -24,14 +24,15 @@
 require("../common.inc.php");
 	//first, lets make sure someone isnt trying to see something that they arent allowed to!
-	$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
+	$q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	$ret=array();
 	if($r->test) {
 		$ret['status']="ok";
-		$q=mysql_query("SELECT  registrations.id AS reg_id,
+		$q=$pdo->prepare("SELECT  registrations.id AS reg_id,
 					registrations.status,
 					projects.id AS projects_id,
 					projects.title,
@ -57,12 +58,13 @@
 					projectdivisions.id,
 					projects.projectnumber
 				");
-			echo mysql_error();
+			$q->execute();
 			echo $pdo->errorInfo();
 		$lastcat="something_that_does_not_exist";
 		$lastdiv="something_that_does_not_exist";
 		$projects=array();
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::fETCH_OBJ)) {
 			if(!$r->title) $t="{no title}";
 			else $t=$r->title;
--- a/config/backuprestore.php
+++ b/config/backuprestore.php
@ -40,23 +40,26 @@ $dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
 $dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
 $dump.="#-------------------------------------------------\n";
-$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`");
+$tableq=$pdo->prepare("SHOW TABLES FROM `$DBNAME`");
-while($tr=mysql_fetch_row($tableq)) {
+$tableq->execute();
 while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
 	$table=$tr[0];
 	$dump.="#TABLE: $table\n";
-	$columnq=mysql_query("SHOW COLUMNS FROM `$table`");
+	$columnq=$pdo->prepare("SHOW COLUMNS FROM `$table`");
 	$columnq->execute();
 	$str="INSERT INTO `$table` (";
 	unset($fields);
 	$fields=array();
-	while($cr=mysql_fetch_object($columnq)) {
+	while($cr=$columnq->fetch(PDO:;FETCH_OBJ)) {
 		$str.="`".$cr->Field."`,";
 		$fields[]=$cr->Field;
 	}
 	$str=substr($str,0,-1);
 	$str.=") VALUES (";
-	$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
+	$dataq=$pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
-	while($data=mysql_fetch_object($dataq)) {
+	$dataq->execute();
 	while($data=$dataq->fetch(PDO::FETCH_OBJ)) {
 		$insertstr=$str;
 		foreach($fields AS $field) {
 			if(is_null($data->$field))
@ -167,18 +170,22 @@ else if($_POST['action']=="restoreproceed") {
 				//empty out the table
 				$sql="TRUNCATE TABLE `".$args[1]."`";
 		//			echo $sql."\n";
-				mysql_query($sql);
+				
-			}
+		$stmt = $pdo->prepare($sql);
 	$stmt->execute();	
 	}
 			else if(mb_ereg("^#",$line)) {
 				//just skip it
 			}
 			else
 			{
 				//insert the new data
-				mysql_query($line);
+				
-				if(mysql_error()) {
+				$stmt = $pdo->prepare($line);
 				$stmt->execute();
 				if($pdo->errorInfo()) {
 					echo $line."\n";
-					echo mysql_error()."\n";
+					echo $pdo->errorInfo()."\n";
 					$err=true;
 				}
 			}
@ -203,11 +210,12 @@ else if($_POST['action']=="restoreproceed") {
 else if ($_POST['action'] == 'clean_judges') {
 	//select all judges
-	$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"');
+	$query = $pdo->prepare('SELECT * FROM users WHERE types LIKE "judge"');
-	echo mysql_error();
+	$query->execute();
 	echo $pdo->errorInfo();
 	// Go through each judge and test:
-	while($judge = mysql_fetch_assoc($query)){
+	while($judge = $query->fetch(PDO::FETCH_ASSOC)){
 		//if they are deleted
 		if ($judge['deleted'] == 'yes') {
@ -222,16 +230,17 @@ else if ($_POST['action'] == 'clean_judges') {
 		else{
 			// Find max year of judge
-			$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1'); 
+			$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1'); 
-			$judge_max_year = mysql_fetch_assoc($max_year_query);
+			$max_year_query->execute();
 			$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
 			// Grab old judge info. 
 			// Old judge info consists of all entries in the database that are not the most recent for the specific judge 
-			$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
+			$deletable = $pdo->prepare('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
-
+			$deletable->execute();
 			// and if they have old data from previous fair years
-			if (mysql_num_rows($deletable) > 0){
+			if ($deletable->rowCount() > 0){
 				// delete old data one by one
-				while ($old_judge_data = mysql_fetch_assoc($deletable)){
+				while ($old_judge_data = $deletable->fetch(PDO::FETCH_ASSOC)){
 					if (!is_array($old_judge_data['type'])){
 						$old_judge_data['types'] = array($old_judge_data['types']);	
 					}
@ -250,9 +259,10 @@ else if ($_POST['action'] == 'clean_judges') {
            ,"backup_restore"
 	);
-	mysql_query("OPTIMIZE TABLE users, users_judge");
+	$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_judge");
 	$stmt->execute();
-	$str = mysql_error();
+	$str = $pdo->errorInfo();
 	echo $str;
@ -265,9 +275,9 @@ else if ($_POST['action'] == 'clean_judges') {
 }
 else if ($_POST['action'] == 'clean_parents') {
-	$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
+	$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
-
+	$query_parents->execute();
-	while($parent = mysql_fetch_assoc($query_parents)){
+	while($parent = $query_parents->fetch(PDO::FETCH_ASSOC)){
 		if (!is_array($parent['types'])){
 				$parent['types'] = array($parent['types']);
@ -283,9 +293,10 @@ else if ($_POST['action'] == 'clean_parents') {
            ,"backup_restore"
 	);
-	mysql_query("OPTIMIZE TABLE users, users_parent");
+	$stmt = $pdo->prepare("OPTIMIZE TABLE users, users_parent");
 	$stmt->execute();
-	$str = mysql_error();
+	$str = $pdo->errorInfo();
 	echo $str;
--- a/config/categories.php
+++ b/config/categories.php
@ -31,7 +31,7 @@
 		array('Committee Main' => 'committee_main.php',
 			'SFIAB Configuration' => 'config/index.php',
 			'Age Categories' => 'config/categories.php'),"project_age_categories");
- } else {
+ } else 
 	send_header("Age Categories",
 		array('Committee Main' => 'committee_main.php',
 			'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
@ -42,22 +42,24 @@
 	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
 	{
-		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		echo mysql_error();
+		$q->execute();
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
+		echo $pdo->errorInfo();
 		if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
 		{
 			echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
 		}
 		else
 		{
-			mysql_query("UPDATE projectcategories SET ".
+			$stmt = $pdo->prepare("UPDATE projectcategories SET ".
 				"id='".$_POST['id']."', ".
-				"category='".mysql_escape_string(stripslashes($_POST['category']))."', ".
+				"category='".stripslashes($_POST['category'])."', ".
-				"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
+				"category_shortform='".stripslashes($_POST['category_shortform'])."', ".
 				"mingrade='".$_POST['mingrade']."', ".
 				"maxgrade='".$_POST['maxgrade']."' ".
 				"WHERE id='".$_POST['saveid']."'");
 			echo happy(i18n("Category successfully saved"));
 			$stmt->execute();
 		}
 	}
 	else
@ -71,21 +73,24 @@
 	//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
 	if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
 	{
-		$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q->execute();
 		if($q->rowCount())
 		{
 			echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
 		}
 		else
 		{
-			mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
+			$pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
 				"'".$_POST['id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['category']))."', ".
+				"'".stripslashes($_POST['category'])."', ".
-				"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ".
+				"'".stripslashes($_POST['category_shortform'])."', ".
 				"'".$_POST['mingrade']."', ".
 				"'".$_POST['maxgrade']."', ".
 				"'".$config['FAIRYEAR']."')");
 			$pdo->execute();
 			echo happy(i18n("Category successfully added"));
 		}
 	}
 	else
@ -98,9 +103,11 @@
 {
 	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
- 	mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+ 	$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
 	$stmt->execute();
 	//####
-	mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+	$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
 	$stmt->execute();
 	echo happy(i18n("Category successfully removed"));
 }
@ -125,8 +132,9 @@
 	if($_GET['action']=="edit")
 	{
 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
-		$categoryr=mysql_fetch_object($q);
+		$q->execute();
 		$categoryr=$q->fetch(PDO::FETCH_OBJ);
 		$buttontext="Save";
 	}
 	else if($_GET['action']=="new")
--- a/config/dates.php
+++ b/config/dates.php
@ -53,10 +53,11 @@ $error_ids = array();
 	if($_POST['savedates']) {
 		foreach($_POST['savedates'] as $key=>$val) {
            //put the date and time back together
-			$d = mysql_escape_string(stripslashes($val));
+			$d = stripslashes($val);
-            $t  =mysql_escape_string(stripslashes($_POST['savetimes'][$key]));
+            $t  =stripslashes($_POST['savetimes'][$key]);
            $v="$d $t";
-			mysql_query("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
+			$stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
 			$stmt->execute();
 		}
 	}
 	echo happy(i18n("Dates successfully saved"));
@ -128,13 +129,14 @@ foreach($dates as $dn=>$d) {
 	if(!$d['id']) {
 		$def=$defaultdates[$dn];
 		//hmm if we dont have a record for this date this year, INSERT the sql from the default
-		mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
+		$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
-			'".mysql_real_escape_string($def->date)."',
+			'".$def->date."',
-			'".mysql_real_escape_string($dn)."',
+			'".$dn."',
-			'".mysql_real_escape_string($def->description)."',
+			'".$def->description."',
 			'".$config['FAIRYEAR']."'
 			)");
-		$d['id']=mysql_insert_id();
+		$stmt->execute();
 		$d['id']=$pdo->lastInsertId();
 		$d['description']=$def->description;
 		$d['date']=$def->date;
 	}
--- a/config/divisions.php
+++ b/config/divisions.php
@ -44,31 +44,34 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 {
 	if($_POST['id'] && $_POST['division'] )
 	{
-		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
+		$q->execute();
 		if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
 		{
 			echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
 		}
 		else
 		{
-			mysql_query("UPDATE projectdivisions SET ".
+			$stmt = $pdo->prepare("UPDATE projectdivisions SET ".
 				"id='".$_POST['id']."', ".
-				"division='".mysql_escape_string(stripslashes($_POST['division']))."', ".
+				"division='".stripslashes($_POST['division'])."', ".
-				"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ".
+				"division_shortform='".stripslashes($_POST['division_shortform'])."' ".
 				"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
 			$stmt->execute();
 			//###### Feature Specific - filtering divisions by category
 			if($config['filterdivisionbycategory']=="yes"){
-				mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
+				$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
-				
+				$stmt->execute();
 				if(is_array($_POST['divcat']))
 				{
 					foreach($_POST['divcat'] as $tempcat)
 					{
-						mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
+						$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
 						"'".$_POST['id']."', ".
 						"'".$tempcat."', ".
 						"'".$config['FAIRYEAR']."') ");
 						$stmt->execute();
 					}
 				}
 			}
@ -87,26 +90,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 {
 	if($_POST['id'] && $_POST['division'])
 	{
-		$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q->execute();
 		if($q->rowCount())
 		{
 			echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
 		}
 		else
 		{
-			mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
+			$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
 				"'".$_POST['id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['division']))."', ".
+				"'".stripslashes($_POST['division'])."', ".
-				"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ".
+				"'".stripslashes($_POST['division_shortform'])."', ".
 				"'".$config['FAIRYEAR']."') ");
 			$stmt->execute();
 			//###### Feature Specific - filtering divisions by category
 			if($config['filterdivisionbycategory']=="yes"){
 				foreach($_POST['divcat'] as $tempcat){
-					mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
+					$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
 						"'".$tempcat."', ".
 						"'".$config['FAIRYEAR']."') ");
 					$stmt->execute();
 				}
 			}
 			//#######
@ -123,8 +129,10 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 {
 	//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
 	//for this division exist they should be deleted
- 	mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+ 	$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
-	mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+	$stmt->execute();
 	$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
 	$stmt->execute();
 	echo happy(i18n("Division successfully removed"));
 }
@ -151,8 +159,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	if($_GET['action']=="edit")
 	{
 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
-		$divisionr=mysql_fetch_object($q);
+		$q->execute();
 		$divisionr=$q->fetch(PDO::FETCH_OBJ);
 		$buttontext="Save";
 	}
 	else if($_GET['action']=="new")
@ -167,11 +176,13 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 	//###### Feature Specific - filtering divisions by category
 	if($config['filterdivisionbycategory']=="yes"){
 		echo " <td>";
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
+		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
-		while($categoryr=mysql_fetch_object($q)){
+		$q->execute();
 		while($categoryr=$q->fetch(PDO::FETCH_OBJ)){
 			$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
-			$t=mysql_query($query);
+			$t=$pdo->prepare($query);
-			if($t && mysql_num_rows($t)>0)
+			$t->execute();
 			if($t && $t->rowCount()>0)
 				echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
 			else
 				echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>";
@ -195,18 +206,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
 		//###### Feature Specific - filtering divisions by category
 		if($config['filterdivisionbycategory']=="yes"){
-			$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories 
+			$c=$pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories 
 					WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
 				AND projectdivisions_id='$r->id'
 				AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
 				AND projectcategories.year='".$config['FAIRYEAR']."'
 				ORDER BY projectcategories.mingrade");
-				echo mysql_error();
+			$c->execute();
 				echo $pdo->errorInfo();
 			if(!$c){
 				$tempcat="&nbsp;";
 			}else{
 				$tempcat="";
-				while($categoryr=mysql_fetch_object($c)){
+				while($categoryr=$c->fetch(PDO::FETCH_OBJ){
 					$tempcat.=",".$categoryr->category;
 				}
 				$tempcat=substr($tempcat,1);
--- a/config/divisions_cwsf.php
+++ b/config/divisions_cwsf.php
@ -36,7 +36,8 @@
 {
 	foreach($_POST['cwsfdivision'] AS $k=>$v)
 	{
-		mysql_query("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
 		$stmt->execute();
 	}
 	echo happy(i18n("Corresponding CWSF divisions saved"));
 }
@ -54,8 +55,9 @@ echo "<br />";
 echo "<th>".i18n("Corresponding CWSF Division")."</th>\n";
 echo "</tr>";
-	 $q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
+	 $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
-	 while($r=mysql_fetch_object($q))
+	$q->execute();
 	 while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		echo "<tr>";
 		echo " <td>".i18n($r->division)."</td>";
--- a/config/languagepacks.php
+++ b/config/languagepacks.php
@ -109,8 +109,9 @@
 				if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT")
 				{
-					mysql_query($line);
+					$stmt = $pdo->prepare($line);
-					$a=mysql_affected_rows();
+					$stmt->execute();
 					$a=$pdo->rowwCount();
 					$loaded+=$a;
 				}
 				else
--- a/config/pagetexts.php
+++ b/config/pagetexts.php
@ -57,16 +57,17 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
 {
 	 foreach($config['languages'] AS $lang=>$langname) {
 		$textvar="text_$lang";
-		$text=mysql_escape_string(stripslashes($_POST[$textvar]));
+		$text=stripslashes($_POST[$textvar]);
-		mysql_query("UPDATE pagetext 
+		$stmt = $pdo->prepare("UPDATE pagetext 
 				SET 
 					lastupdate=NOW(), 
 					text='$text' 
 				WHERE 
-						textname='".mysql_escape_string($_POST['textname'])."' 
+						textname='".$_POST['textname']."' 
 					AND year='".$config['FAIRYEAR']."'
 					AND lang='$lang'");
 		$stmt->execute();
 	}
 	echo happy(i18n("Page texts successfully saved"));
@ -74,9 +75,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
 if($_GET['textname'])
 {
-	$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
 	$q->execute();
 	//needs to be at least one entry in any languages
-	if($r=mysql_fetch_object($q))
+	if($r=$q->fetch(PDO::FETCH_OBJ))
 	{
 		echo "<form method=\"post\" action=\"pagetexts.php\">";
 		echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -84,13 +86,15 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
 		foreach($config['languages'] AS $lang=>$langname) {
-			$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
+			$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
-			$r=mysql_fetch_object($q);
+			$q->execute();
 			$r=$q->fetch(PDO::FETCH_OBJ);
 			if(!$r)
 			{
-					mysql_query("INSERT INTO pagetext (textname,year,lang) VALUES ('".mysql_escape_string($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
+					$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
-					echo mysql_error();
+					$stmt->execute();
 					echo $pdo->errorInfo();
 			}
 			if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never";
@ -129,9 +133,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
 	 echo i18n("Choose a page text to edit");
 	 echo "<table class=\"summarytable\">";
-	 $q=mysql_query("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
+	 $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
 	$q->execute();
 	 echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
-	 while($r=mysql_fetch_object($q))
+	 while($r=$q->fetch(PDO::FETCH_OBJ))
 	 {
 		echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>";
 		if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never";
--- a/config/rollover.php
+++ b/config/rollover.php
@ -63,8 +63,9 @@
 	*/
 	/* Get field list for this table */
- 	$q = mysql_query("SHOW COLUMNS IN `$table`");
+ 	$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
-	while(($c = mysql_fetch_assoc($q))) {
+	$q->execute();
 	while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
 		$col[$c['Field']] = $c;
 	}
@ -83,23 +84,25 @@
 	if($where == '') $where='1';
 	/* Get data */
-	$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
+	$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
-	echo mysql_error();
+	$q->execute();
 	echo $pdo->errorInfo();
 	$names = '`'.join('`,`', $fields).'`';
 	/* Process data */
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fech(PDDO::FETCH_ASSOC)) {
 		$vals = '';
 		foreach($fields as $f) {
 			if(array_key_exists($f, $replace))
-				$vals .= ",'".mysql_real_escape_string($replace[$f])."'";
+				$vals .= ",'".$replace[$f]."'";
 			else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
 				$vals .= ',NULL';
 			else 
-				$vals .= ",'".mysql_real_escape_string($r[$f])."'";
+				$vals .= ",'".$r[$f]."'";
 		}
-		mysql_query("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
+		$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
-		echo mysql_error();	
+		$stmt->execute();
 		echo $pdo->errorInfo();	
 	}
 }
@ -125,97 +128,112 @@
 		//now the dates
 		echo i18n("Rolling dates")."<br />";
-		$q=mysql_query("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO dates (date,name,description,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->newdate)."',
+			$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
-				'".mysql_real_escape_string($r->name)."',
+				'".$r->newdate."',
-				'".mysql_real_escape_string($r->description)."',
+				'".$r->name."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->description."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		//page text
 		echo i18n("Rolling page texts")."<br />";
-		$q=mysql_query("SELECT * FROM pagetext WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->textname)."',
+			$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
-				'".mysql_real_escape_string($r->textdescription)."',
+				'".$r->textname."',
-				'".mysql_real_escape_string($r->text)."',
+				'".$r->textdescription."',
-				'".mysql_real_escape_string($r->lastupdate)."',
+				'".$r->text."',
-				'".mysql_real_escape_string($newfairyear)."',
+				'".$r->lastupdate."',
-                '".mysql_real_escape_string($r->lang)."')");
+				'".$newfairyear)."',
                '".$r->lang."')";
 			$stmt->execute();
 		echo i18n("Rolling project categories")."<br />";
 		//project categories
-		$q=mysql_query("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->id)."',
+			$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
-				'".mysql_real_escape_string($r->category)."',
+				'".$r->id."',
-				'".mysql_real_escape_string($r->category_shortform)."',
+				'".$r->category."',
-				'".mysql_real_escape_string($r->mingrade)."',
+				'".$r->category_shortform."',
-				'".mysql_real_escape_string($r->maxgrade)."',
+				'".$r->mingrade."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->maxgrade."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling project divisions")."<br />";
 		//project divisions
-		$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->id)."',
+			$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
-				'".mysql_real_escape_string($r->division)."',
+				'".$r->id."',
-				'".mysql_real_escape_string($r->division_shortform)."',
+				'".$r->division."',
-				'".mysql_real_escape_string($r->cwsfdivisionid)."',
+				'".$r->division_shortform."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->cwsfdivisionid."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling project category-division links")."<br />";
 		//project categories divisions links
-		$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->projectdivisions_id)."',
+			$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
-				'".mysql_real_escape_string($r->projectcategories_id)."',
+				'".$r->projectdivisions_id."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->projectcategories_id."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling project sub-divisions")."<br />";
 		//project subdivisions
-		$q=mysql_query("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->id)."',
+			$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
-				'".mysql_real_escape_string($r->projectsubdivisions_id)."',
+				'".$r->id."',
-				'".mysql_real_escape_string($r->subdivision)."',
+				'".$r->projectsubdivisions_id."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->subdivision."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling safety questions")."<br />";
 		//safety questions 
-		$q=mysql_query("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->question)."',
+			$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
-				'".mysql_real_escape_string($r->type)."',
+				'".$r->question."',
-				'".mysql_real_escape_string($r->required)."',
+				'".$r->type."',
-				'".mysql_real_escape_string($r->ord)."',
+				'".$r->required."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->ord."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling awards")."<br />";
 		//awards
-		$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+		echo $pdo->errorInfo();
 		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			/* Roll the one award */
 			roll($cy, $ny, 'award_awards', "id='{$r->id}'");
-			$award_awards_id=mysql_insert_id();
+			$award_awards_id=$pdo->lastInsertId();
 			roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
 								array('award_awards_id' => $award_awards_id));
@ -229,60 +247,66 @@
 		echo i18n("Rolling award types")."<br />";
 		//award types
-		$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q))
+		echo $pdo->errorInfo();
-			mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
-				'".mysql_real_escape_string($r->id)."',
+			$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
-				'".mysql_real_escape_string($r->type)."',
+				'".$r->id."',
-				'".mysql_real_escape_string($r->order)."',
+				'".$r->type."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$r->order."',
 				'".$newfairyear."')");
 			$stmt->execute();
 		echo i18n("Rolling schools")."<br />";
 		//award types
-		$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+		echo $pdo->errorInfo();
 		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
 			$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
-			mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
-				'".mysql_real_escape_string($r->school)."',
+				'".$r->school."',
-				'".mysql_real_escape_string($r->schoollang)."',
+				'".$r->schoollang."',
-				'".mysql_real_escape_string($r->schoollevel)."',
+				'".$r->schoollevel."',
-				'".mysql_real_escape_string($r->board)."',
+				'".$r->board."',
-				'".mysql_real_escape_string($r->district)."',
+				'".$r->district."',
-				'".mysql_real_escape_string($r->phone)."',
+				'".$r->phone."',
-				'".mysql_real_escape_string($r->fax)."',
+				'".$r->fax."',
-				'".mysql_real_escape_string($r->address)."',
+				'".$r->address."',
-				'".mysql_real_escape_string($r->city)."',
+				'".$r->city."',
-				'".mysql_real_escape_string($r->province_code)."',
+				'".$r->province_code."',
-				'".mysql_real_escape_string($r->postalcode)."',$puid,
+				'".$r->postalcode."',$puid,
-				'".mysql_real_escape_string($r->schoolemail)."',$shuid,
+				'".$r->schoolemail."',$shuid,
-				'".mysql_real_escape_string($r->accesscode)."',
+				'".$r->accesscode."',
 				NULL,
-				'".mysql_real_escape_string($r->junior)."',
+				'".$r->junior."',
-				'".mysql_real_escape_string($r->intermediate)."',
+				'".$r->intermediate."',
-				'".mysql_real_escape_string($r->senior)."',
+				'".$r->senior."',
-				'".mysql_real_escape_string($r->registration_password)."',
+				'".$r->registration_password."',
-				'".mysql_real_escape_string($r->projectlimit)."',
+				'".$r->projectlimit."',
-				'".mysql_real_escape_string($r->projectlimitper)."',
+				'".$r->projectlimitper."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$newfairyear."')");
 			$stmt->execute();
 		}
 		echo i18n("Rolling questions")."<br />";
-		$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'");
+		$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
-		while($r=mysql_fetch_object($q))
+		$q->execute();
-			mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 			$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
 				'',
 				'$newfairyear',
-				'".mysql_real_escape_string($r->section)."',
+				'".$r->section."',
-				'".mysql_real_escape_string($r->db_heading)."',
+				'".$r->db_heading."',
-				'".mysql_real_escape_string($r->question)."',
+				'".$r->question."',
-				'".mysql_real_escape_string($r->type)."',
+				'".$r->type."',
-				'".mysql_real_escape_string($r->required)."',
+				'".$r->required."',
-				'".mysql_real_escape_string($r->ord)."')");
+				'".$r->ord."')");
 			$stmt->execute();
 		//regfee items
 		echo i18n("Rolling registration fee items")."<br />";
@ -294,26 +318,31 @@
 		//timeslots and rounds
 		echo i18n('Rolling judging timeslots and rounds')."<br />";
-		$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
+		$q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
-                echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_assoc($q)) {
+                echo $pdo->errorInfo();
 		while($r=$q->fech(PDDO::FETCH_ASSOC)) {
 			$d = $newfairyear - $currentfairyear;
-			mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
+			$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
 				VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
 					'{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
-			echo mysql_error();
+			$stmt->execute();
-			$round_id = mysql_insert_id();
+			echo $pdo->errorInfo();
-			$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
+			$round_id = $pdo->lastInsertId();
-			echo mysql_error();
+			$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
-			while($rr=mysql_fetch_assoc($qq)) {
+			$qq->execute();
-				mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
+			echo $pdo->errorInfo();
 			while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
 				$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
 						VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
 							'{$rr['starttime']}','{$rr['endtime']}')");
 				$stmt->execute();
 			}
 		}
 		echo "<br /><br />";
-		mysql_query("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
+		$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
 		$stmt->execute();
 		echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
 		send_footer();
 		exit;
--- a/config/rolloverfiscal.php
+++ b/config/rolloverfiscal.php
@ -81,8 +81,9 @@ function rolloverfiscalyear($newYear){
 	// first we'll roll over fundraising_campaigns:
 	$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
-	$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
+	$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
-	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+	$q->execute();
 	while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
 		foreach(array('startdate','enddate','followupdate') as $dateField){
 			$dateval = $r[$dateField];
 			$parts = explode('-', $dateval);
@ -95,33 +96,37 @@ function rolloverfiscalyear($newYear){
 		$fields = array_keys($r);
 		$values = array_values($r);
 		foreach($values as $idx => $val){
-			$values[$idx] = mysql_real_escape_string($val);
+			$values[$idx] = $val;
 		}
 		$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 	}
 	// next we'll hit findraising_donor_levels
 	$fields = "`level`,`min`,`max`,`description`";
-	if(mysql_error() == null)
+	if($pdo->errorInfo() == null)
-		$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
+		$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
-	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+		$q->execute();
 	while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
 		$r['fiscalyear'] = $newYear;
 		$fields = array_keys($r);
 		$values = array_values($r);
 		foreach($values as $idx => $val){
-			$values[$idx] = mysql_real_escape_string($val);
+			$values[$idx] = $val;
 		}
 		$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 	}
 	// and now we'll do findraising_goals
 	$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
-	if(mysql_error() == null){
+	if($pdo->errorInfo() == null){
-		$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
+		$q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
 		$q->execute();
 	}
-	while(mysql_error() == null && $r = mysql_fetch_assoc($q)){
+	while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
 		$dateval = $r['deadline'];
 		$parts = explode('-', $dateval);
 		if($parts[0] != '0000')
@ -133,22 +138,24 @@ function rolloverfiscalyear($newYear){
 		$fields = array_keys($r);
 		$values = array_values($r);
 		foreach($values as $idx => $val){
-			$values[$idx] = mysql_real_escape_string($val);
+			$values[$idx] = $val;
 		}
 		$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 	}
 	// finally, let's update the fiscal year itself:
-	if(mysql_error() == null){
+	if($pdo->errorInfo() == null){
-		mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
+		$stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
 		$stmt->execute();
 	}
-	if(mysql_error() == null){
+	if($pdo->errorInfo() == null){
 		$config['FISCALYEAR'] = $newYear;
 		echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
 	}else{
-		echo error(mysql_error());
+		echo error($pdo->errorInfo());
 	}
 }
--- a/config/safetyquestions.php
+++ b/config/safetyquestions.php
@ -37,13 +37,14 @@
 		if(!ereg("^[0-9]*$",$_POST['ord']))
 			echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
-		mysql_query("UPDATE safetyquestions SET 
+		$stmt = $pdo->prepare("UPDATE safetyquestions SET 
-				question='".mysql_escape_string(stripslashes($_POST['question']))."',
+				question='".stripslashes($_POST['question'])."',
-				`type`='".mysql_escape_string(stripslashes($_POST['type']))."',
+				`type`='".stripslashes($_POST['type'])."',
-				`required`='".mysql_escape_string(stripslashes($_POST['required']))."',
+				`required`='".stripslashes($_POST['required'])."',
-				ord='".mysql_escape_string(stripslashes($_POST['ord']))."'
+				ord='".stripslashes($_POST['ord'])."'
 				WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
-				echo mysql_error();
+		$stmt->execute();
 				echo $pdo->errorInfo();
 		echo happy(i18n("Safety question successfully saved"));
 	}
@ -55,14 +56,15 @@
 {
 	if($_POST['question'])
 	{
-		mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( 
+		$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( 
-					'".mysql_escape_string(stripslashes($_POST['question']))."',
+					'".stripslashes($_POST['question'])."',
-					'".mysql_escape_string(stripslashes($_POST['type']))."',
+					'".stripslashes($_POST['type'])."',
-					'".mysql_escape_string(stripslashes($_POST['required']))."',
+					'".stripslashes($_POST['required'])."',
-					'".mysql_escape_string(stripslashes($_POST['ord']))."',
+					'".stripslashes($_POST['ord'])."',
 					'".$config['FAIRYEAR']."'
 					)");
-					echo mysql_error();
+		$stmt->execute();
 					echo $pdo->errorInfo();
 		echo happy(i18n("Safety question successfully added"));
 	}
@ -72,7 +74,8 @@
 if($_GET['action']=="remove" && $_GET['remove'])
 {
- 	mysql_query("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
+ 	$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
 	$stmt->execute();
 	echo happy(i18n("Safety question successfully removed"));
 }
@ -91,9 +94,10 @@
 	{
 		$buttontext="Save safety question";
 		echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
-		$q=mysql_query("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
 		$q->execute();
 		echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n";
-		if(!$r=mysql_fetch_object($q))
+		if(!$r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			$showform=false;
 			echo error(i18n("Invalid safety question"));
--- a/config/signaturepage.php
+++ b/config/signaturepage.php
@ -40,12 +40,17 @@
 	if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
 	if($_POST['useregfee']) $userf="1"; else $userf="0";
- 	mysql_query("UPDATE signaturepage SET `use`='$useex', `text`='".mysql_escape_string(stripslashes($_POST['exhibitordeclaration']))."' WHERE name='exhibitordeclaration'");
+ 	$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
- 	mysql_query("UPDATE signaturepage SET `use`='$usepg', `text`='".mysql_escape_string(stripslashes($_POST['parentdeclaration']))."' WHERE name='parentdeclaration'");
+ 	$stmt->execute();
- 	mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'");
+    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
- 	mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'");
+ 	$stmt->execute();
- 	mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
+    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
-	echo happy(i18n("$sentence_begin_participationform text successfully saved"));
+ 	$stmt->execute();
    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
 	$stmt->execute();
    $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
 	$stmt->execute();
    echo happy(i18n("$sentence_begin_participationform text successfully saved"));
 }
 echo "<a href=\"../register_participants_signature.php?sample=true\">Preview your signature form as a PDF (as a student would see it)</a><br />";
--- a/config/subdivisions.php
+++ b/config/subdivisions.php
@ -42,18 +42,20 @@
 {
 	if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
 	{
-		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id'])
+		$q->execute();
 		if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
 		{
 			echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
 		}
 		else
 		{
-			mysql_query("UPDATE projectsubdivisions SET ".
+			$stmt = $pdo->prepare("UPDATE projectsubdivisions SET ".
 				"id='".$_POST['id']."', ".
 				"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
-				"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ".
+				"subdivision='".stripslashes($_POST['subdivision'])."' ".
 				"WHERE id='".$_POST['saveid']."'");
 			$stmt->execute();
 			echo happy(i18n("Sub-Division successfully saved"));
 		}
 	}
@ -69,26 +71,29 @@
 	{
 		if(!$_POST['id'])
 		{
-			$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions");
+			$idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
-			$idr=mysql_fetch_object($idq);
+			$idq->execute();
 			$idr=$idq->fetch(PDO::fETCH_OBJ);
 			$newid=$idr->id+1;
 		}
 		else
 			$newid=$_POST['id'];
-		$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
-		if(mysql_num_rows($q))
+		$q->execute();
 		if($q->rowCount())
 		{
 			echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
 		}
 		else
 		{
-			mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
+			$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
 				"'$newid', ".
 				"'".$_POST['projectdivisions_id']."', ".
-				"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ".
+				"'".stripslashes($_POST['subdivision'])."', ".
 				"'".$config['FAIRYEAR']."') ");
 			$stmt->execute();
 			echo happy(i18n("Sub-Division successfully added"));
 		}
 	}
@ -100,7 +105,8 @@
 if($_GET['action']=="remove" && $_GET['remove'])
 {
-	mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
+	$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
 	$stmt->execute();
 	echo happy(i18n("Sub-Division successfully removed"));
 }
@ -123,8 +129,9 @@
 	if($_GET['action']=="edit")
 	{
 		echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";	
-		$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
+		$q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
-		$divisionr=mysql_fetch_object($q);
+		$q->execute();
 		$divisionr=$q->fetch(PDO::FETCH_OBJ);
 		$buttontext="Save";
 	}
 	else if($_GET['action']=="new")
@ -134,8 +141,9 @@
 	echo "<tr>";
 	echo " <td>";
 	echo "<select name=\"projectdivisions_id\">";
-	$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
+	$dq=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
-	while($dr=mysql_fetch_object($dq))
+	$dq->execute();
 	while($dr=$dq->fetch(PDO::FETCH_OBJ))
 	{
 		if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
 		echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";
--- a/config/variables.php
+++ b/config/variables.php
@ -46,7 +46,8 @@
 if($_POST['action']=="save") {
 	if($_POST['specialconfig']) {
 		foreach($_POST['specialconfig'] as $key=>$val) {
-			mysql_query("UPDATE config SET val='".mysql_escape_string(stripslashes($val))."' WHERE year='0' AND var='$key'");
+			$stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
 			$stmt->execute();
 		}
 	}
 	message_push(happy(i18n("Configuration successfully saved")));
@ -98,11 +99,12 @@ $q->execute();
 		echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
 		echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n";
 		echo "<table cellpadding=\"3\">";
-		$q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var");
+		$q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
 		$q->execute();
 		echo "<tr><td colspan=\"2\">";
 		echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working.  Only change anything on this page if you really know what you are doing");
 		echo "</td></tr>";
-		while($r=mysql_fetch_object($q)) {
+		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
 				echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>";
 			}
--- a/config_editor.inc.php
+++ b/config_editor.inc.php
@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 					OR config.year='-1')
 			ORDER BY config.year DESC";
 		$r2 = ($q);
-		if(mysql_num_rows($r2) < 1) {
+		if($r2->rowCount() < 1) {
 			/* Uhoh, this shouldn't happen */
 			echo "ERROR, Variable '$var' doesn't exist";
 			exit;
@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
 		$v = $r2->fetch();
 		("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
-	                '".pdo->quote($v->var)."',
+	                '".$v->var."',
-			'".pdo->quote($v->val)."',
+			'".$v->val."',
-			'".pdo->quote($v->category)."',
+			'".$v->category."',
-			'".pdo->quote($v->type)."',
+			'".$v->type."',
-			'".pdo->quote($v->type_values)."',
+			'".$v->type_values."',
-			'".pdo->quote($v->ord)."',
+			'".$v->ord."',
-			'".pdo->quote($v->description)."',
+			'".$v->description."',
 			'$fairyear')");
 	}
 }
@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
 		print("<td>");
 		$val = htmlspecialchars($var[$k]['val']);
-		$name = "${array_name}[$k]";
+		$name = "{$array_name}[$k]";
 		switch($var[$k]['type']) {
 		case "yesno":
--- a/db/db.update.116.php
+++ b/db/db.update.116.php
@ -4,38 +4,44 @@ function db_update_116_post()
 	global $config;
 	/* Fix the users that have a 0 year */
-	$q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
+	$q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
-	echo mysql_error();
+	$q->execute();
 	echo $pdo->errorInfo();
 	/* Fix users without a username */
-	mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''");
+	$stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
 	$stmt->execute();
 	/*randomize usernames for any user that doesnt have a username at this point */
-	$q=mysql_query("SELECT id FROM `users` WHERE username=''");
+	$q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
 	$q->execute();
 	//this is ripped from user.inc.php's generate passsword function.
 	//yes there's a chance of collisions, but i think highly unlikely enough that we
 	//dont need to worry about it.
  	$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
   	$len=strlen($available) - 1;
-	while($r=mysql_fetch_object($q)) {
+	while($r=$q->fetch(PDO::FETCH_OBJ)) {
 		$username="";
 	  	for($x=0;$x<16;$x++)
 	   		$username.=$available{rand(0,$len)};
-		mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'");
+		$stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
 		$stmt->execute();
 	}
 	//okay now finally, there's a chance of duplicates from 
 	//committee/volunteer that were in here before, so we need to merge 
 	//them
-	$q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'");
+	$q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
-	while($r = mysql_fetch_assoc($q)) {
+	$q->execute();
 	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$orig_r = $r;
-		$qq = mysql_query("SELECT * FROM `users` WHERE
+		$qq = $pdo->prepare("SELECT * FROM `users` WHERE
 					(`username`='{$r['username']}' OR `email`='{$r['email']}')
 					AND `id`!={$r['id']}");
-		if(mysql_num_rows($qq) == 0) continue;
+		$qq->execute();
 		if($qq->rowCount() == 0) continue;
 		echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@ -48,7 +54,7 @@ function db_update_116_post()
 		 * */
 		$delete_ids = array();
 		$delete_userids = array();
-		while($rr = mysql_fetch_assoc($qq)) {
+		while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
 			$delete_ids[] = "`id`={$rr['id']}";
 			$delete_userids[] = "`users_id`={$rr['id']}";
 			$keys = array_keys($rr);
@ -86,7 +92,8 @@ function db_update_116_post()
 		}
 		if(count($set)) {
 			$query = join(',',$set);
-			mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}");
+			$stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
 			$stmt->execute();
 			echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
 		}
@ -96,38 +103,47 @@ function db_update_116_post()
 		echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
 		/* Delete the dupe */
-		mysql_query("DELETE FROM `users` $where_id");
+		$stmt = $pdo->prepare("DELETE FROM `users` $where_id");
 		$stmt->execute();
 		/* Update volunteer linkage */
-		mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
+		$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
-		mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
+		$stmt->execute();
 		$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
 $stmt->execute();
 		echo "done with this user.\n";
 	}
 	/* Create volunteer database entries for any that don't exist */
-	$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
+	$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
-	while($i = mysql_fetch_object($q)) {
+	$q->execute();
-		mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
 				VALUES ('{$i->id}','yes','{$i->complete}')");
-	}
+	
 		$stmt->execute();}
 	/* Update any remaining volunteer entries  */
-	$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'");
+	$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
-	while($i = mysql_fetch_object($q)) {
+	$q->execute();
-		mysql_query("UPDATE users_volunteer 
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$stmt = $pdo->prepare("UPDATE users_volunteer 
 				SET volunteer_complete='{$i->complete}' 
 				WHERE users_id='{$i->id}'");
-		echo mysql_error();
+		$stmt->execute();
 		echo $pdo->errorInfo();
 	}
 	/* Every committee member role should be activated */
-	$q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'");
+	$q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
-	while($i = mysql_fetch_object($q)) {
+	$q->execute();
-		mysql_query("UPDATE users_committee
+	while($i = $q->fetch(PDO::FETCH_OBJ)) {
 		$stmt = $pdo->prepare("UPDATE users_committee
 				SET committee_active='yes' 
 				WHERE users_id='{$i->id}'");
-		echo mysql_error();
+		$stmt->execute();
 		echo $pdo->errorInfo();
 	}
 	/* Convert Judges */
@ -136,11 +152,12 @@ function db_update_116_post()
 	$jsal = array();
 	/* Select all judges, duplicate rows for each year */
-	$jq = mysql_query("SELECT * FROM judges
+	$jq = $pdo->prepare("SELECT * FROM judges
 				LEFT JOIN judges_years ON judges_years.judges_id=judges.id
 				ORDER BY year");
 	$jq->execute();
-	while($j = mysql_fetch_object($jq)) {
+	while($j = $jq->fetch(PDO::FETCH_OBJ)) {
 		if(!is_array($map[$j->id])) {
 			$map[$j->id] = array('uid' => '');
@ -149,28 +166,28 @@ function db_update_116_post()
 		$u = array( 'id' => '',
 			'uid' => $map[$j->id]['uid'],
 			'types' => 'judge',
-			'firstname' => mysql_escape_string($j->firstname),
+			'firstname' => $j->firstname,
-			'lastname' => mysql_escape_string($j->lastname),
+			'lastname' => $j->lastname,
-			'username' => mysql_escape_string($j->email),
+			'username' => $j->email,
-			'email' => mysql_escape_string($j->email),
+			'email' => $j->email,
 			'sex' => '',
-			'password' => mysql_escape_string($j->password),
+			'password' => $j->password,
 			'passwordset' => $j->lastlogin, 
 			'oldpassword' => '',
 			'year' => $j->year,
-			'phonehome' => mysql_escape_string($j->phonehome),
+			'phonehome' => $j->phonehome,
-			'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")),
+			'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
-			'phonecell' => mysql_escape_string($j->phonecell),
+			'phonecell' => $j->phonecell,
 			'fax' => '',
-			'organization' => mysql_escape_string($j->organization),
+			'organization' => $j->organization,
 			'lang' => '',  /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
 			'created' => $j->created,
 			'lastlogin' => $j->lastlogin,
-			'address' => mysql_escape_string($j->address),
+			'address' => $j->address,
-			'address2' => mysql_escape_string($j->address2),
+			'address2' => $j->address2,
-			'city' => mysql_escape_string($j->city),
+			'city' => $j->city,
-			'province' => mysql_escape_string($j->province),
+			'province' => $j->province,
-			'postalcode' => mysql_escape_string($j->postalcode),
+			'postalcode' => $j->postalcode,
 			'firstaid' => 'no',
 			'cpr' => 'no',
 			'deleted' => $j->deleted,
@ -179,20 +196,22 @@ function db_update_116_post()
 		$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
 		//check if a user already exists with this username
-		$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'");
+		$uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
-		if($j->email && $ur=mysql_fetch_object($uq)) {
+		$uq->execute();
 		if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
 			$id=$ur->id;
 			 echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
 			$sqlset="";
 			foreach($u AS $f=>$v) {
 				if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
-					$sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', ";
+					$sqlset.="`$f`='".$j->$f."', ";
 				}
 			}
-			$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'";
+			$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
-			mysql_query($sql);
+			$stmt = $pdo->prepare($sql);
-			echo mysql_error();
+			$stmt->execute();
 			echo $pdo->errorInfo();
 			echo "   Updated user record with judge info, but only merged:\n";
 			echo "   ($sqlset)\n";
@ -202,21 +221,23 @@ function db_update_116_post()
 			/* Insert the judge */
 			$fields = '`'.join('`,`', array_keys($u)).'`';
 			$vals = "'".join("','", array_values($u))."'";
-			$q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)");
+			$q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
-			$id = mysql_insert_id();
+			$q->execute();
 			$id = $pdo->lastInsertId();
 			if($map[$j->id]['uid'] == '') {
 				$map[$j->id]['uid'] = $id;
-				$q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'");
+				$q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
 				$q->execute();
 			}
 		}
 		$uj = array( 'users_id' => "$id",
 			'judge_active' => 'yes',
-			'highest_psd' => mysql_escape_string($j->highest_psd),
+			'highest_psd' => $j->highest_psd,
 			'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
-			'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):'').
+			'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
-						$j->expertise_other),
+						$j->expertise_other,
 			/* These need to get pulled from the questions */
 			'years_school' => $j->years_school,
 			'years_regional' => $j->years_regional,
@ -227,33 +248,36 @@ function db_update_116_post()
 //			$j->attending_lunch,
 		/* catprefs */
-		$q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+		$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
 		$q->execute();
 		$catpref = array();
-		while($i = mysql_fetch_object($q)) {
+		while($i = $q->fetch(PDO::FETCH_OBJ)) {
 			$catpref[$i->projectcategories_id] = $i->rank;
 		}
-		$uj['cat_prefs'] = mysql_escape_string(serialize($catpref));
+		$uj['cat_prefs'] = serialize($catpref);
 		/* divprefs and subdivision prefs */
-		$q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+		$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
 		$q->execute();
 		$divpref = array();
 		$divsubpref = array();
-		while($i = mysql_fetch_object($q)) {
+		while($i = $q->fetch(PDO::FETCH_OBJ)) {
 			if($i->projectdivisions_id) 
 				$divpref[$i->projectdivisions_id] = $i->val;
 			else if ($i->projectsubdivisions_id) 
 				$divsubpref[$i->projectsubdivisions_id] = $i->val;
 		}
-		$uj['div_prefs'] = mysql_escape_string(serialize($divpref));
+		$uj['div_prefs'] = serialize($divpref);
-		$uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref));
+		$uj['divsub_prefs'] = serialize($divsubpref);
 		/* languages */
-		$q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
+		$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
 		$q->execute();
 		$langs = array();
-		while($i = mysql_fetch_object($q)) {
+		while($i = $q->fetch(PDO::FETCH_OBJ)) {
 			$langs[] = $i->languages_lang;
 		}
-		$uj['languages'] = mysql_escape_string(serialize($langs));
+		$uj['languages'] = serialize($langs);
 		/* Map judges questions back to the profile.  We're going to keep questions we need for
 		 * judge scheduling as hard-coded questions so users can't erase them. 
@ -264,25 +288,27 @@ function db_update_116_post()
 				'willing_chair' => 'Willing Chair');
 		foreach($qmap as $field=>$head) {
 			/* Find the question ID */
-			$q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
+			$q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
-			if(mysql_num_rows($q) == 0) {
+			$q->execute();
 			if($q->rowCount() == 0) {
 				echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
 				continue;
 			}
-			$i = mysql_fetch_object($q);
+			$i = $q->fetch(PDO::FETCH_OBJ);
 			/* Now find the answer */
-			$q = mysql_query("SELECT * FROM question_answers WHERE 
+			$q = $pdo->prepare("SELECT * FROM question_answers WHERE 
 					year='{$j->year}' AND 
 					registrations_id='{$j->id}' AND
 					questions_id='{$i->id}'");
-			echo mysql_error();
+			$q->execute();
-			if(mysql_num_rows($q) == 0) {
+			echo $pdo->errorInfo();
 			if($q->rowCount() == 0) {
 				echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
 				continue;
 			}
-			$i = mysql_fetch_assoc($q);
+			$i = $q->fetch(PDO::FETCH_ASSOC)
 			$uj[$field] = $i['answer'];
 		}
@ -290,42 +316,55 @@ function db_update_116_post()
 		$fields = '`'.join('`,`', array_keys($uj)).'`';
 		$vals = "'".join("','", array_values($uj))."'";
-		$q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)");
+		$q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
-		echo mysql_error();
+		$q->execute();
 		echo $pdo->errorInfo();
 		/* FIXUP all the judging tables (but don't write back yet, we don't want to 
 		 * accidentally create a duplicate judges_id and overwrite it later) */
 		/* judges_teams_link */
-		$q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+		$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
-		while($i = mysql_fetch_object($q))
+
 $q->execute();
 		while($i = $q->fetch(PDO::FETCH_OBJ))
 			$jtl[$i->id] = $id;
 		/* judges_specialawards_sel */
-		$q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
+		$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
-		echo mysql_error();
+
-		while($i = mysql_fetch_object($q)) 
+$q->execute();
 		echo $pdo->errorInfo();
 		while($i = $q->fetch(PDO::FETCH_OBJ)) 
 			$jsal[$i->id] = $id;
 		/* question_answers */
-		$q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
+		$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
-		echo mysql_error();
+
-		while($i = mysql_fetch_object($q)) 
+$q->execute();
 		echo $pdo->errorInfo();
 		while($i = $q->fetch(PDO::FETCH_OBJ)) 
 			$qa[$i->id] = $id;
 	}
 	/* Now write back the judge ids */
 	if(count($jtl)) {
 	foreach($jtl as $id=>$new_id) 
-		$q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
+		$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
 $q->execute();
 	}
 	if(count($jsal)) {
 	foreach($jsal as $id=>$new_id) 
-		$q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
+		$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
 $q->execute();
 	}
 	if(count($qa)) {
 	foreach($qa as $id=>$new_id)
-		$q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
+		$q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
 $q->execute();
 	}
 }
 ?>
--- a/db/db.update.122.php
+++ b/db/db.update.122.php
@ -4,9 +4,10 @@ function db_update_122_post()
 {
 	global $config;
 	$year = $config['FAIRYEAR'];
-	$q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'");
+	$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
 	$q->execute();
 	$round = array();
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$type = $r['type'];
 		if(!array_key_exists($type, $round)) {
@ -25,19 +26,23 @@ function db_update_122_post()
 	}
 	foreach($round as $type=>$d) {
-		mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
+		$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
 			VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
-		$round_id = mysql_insert_id();
+		$stmt->execute();
 		$round_id = $pdo->lastInsertId();
-		mysql_query("UPDATE judges_timeslots SET 
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET 
 				round_id='$round_id', type='timeslot'
 				WHERE type='$type' AND year='$year'");
 				WHERE type='$type' AND year='$year'");
 		$stmt->execute();
 		/* Undo the set we just did to the round we just inserted */
-		mysql_query("UPDATE judges_timeslots SET 
+		$stmt = $pdo->prepare("UPDATE judges_timeslots SET 
 				round_id='0',type='$type'
 				WHERE id='$round_id'");
-	}
+		$stmt->execute();	
 }
 }
 ?>
--- a/db/db.update.129.php
+++ b/db/db.update.129.php
@ -5,29 +5,31 @@ function db_update_129_pre()
 {
 	/* Load all external award sources */
 	$source_map = array();
-	$q = mysql_query("SELECT * FROM award_sources");
+	$q = $pdo->prepare("SELECT * FROM award_sources");
-	while($r = mysql_fetch_assoc($q)) {
+	$q->execute();
 	while($r = m$q->fetch(PDO::FETCH_ASSOC) {
 		/* Make a user, use the password generator to get 
 		 * a random username */
 		$u = db129_user_create('fair', db129_user_generate_password());
 		/* Add a Fair Entry */
-		$name = mysql_escape_string($r['name']);
+		$name = $r['name'];
-		$url = mysql_escape_string($r['url']);
+		$url = $r['url'];
-		$website = mysql_escape_string($r['website']);
+		$website = $r['website'];
-		$username = mysql_escape_string($r['username']);
+		$username = $r['username'];
-		$password = mysql_escape_string($r['password']);
+		$password = $r['password'];
 		$en = ($r['enabled'] == 'no') ? 'no' : 'yes';
-		mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
+		$stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
 		`url`,`website`,`username`,`password`,`enable_stats`,
 		`enable_awards`,`enable_winners`) VALUES (
 			'', '$name', '', 'ysf', '$url', '$web',
 			'$username','$password','no','$en','$en')");
 		$stmt->execute();
 		/* Link the fair to the user */
-		$u['fairs_id'] = mysql_insert_id();
+		$u['fairs_id'] = $pdo->lastInsertId();
 		/* Record the old sources_id to new sources_id mapping */
 		$source_map[$r['id']] = $u['fairs_id'];
@ -36,14 +38,16 @@ function db_update_129_pre()
 	}
 	/* Map all awards to their new source IDs */
-	$q = mysql_query("SELECT * FROM award_awards");
+	$q = $pdo->prepare("SELECT * FROM award_awards");
 	$q->execute();
 	$keys = array_keys($source_map);
-	while($r = mysql_fetch_assoc($q)) {
+	while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
 		$old_id = $r['award_sources_id'];
 		if(!in_array($old_id, $keys)) continue;
-		$qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
+		$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
 					WHERE id='{$r['id']}'");
 		$qq->execute();
 	}
--- a/db/db.update.129.user.inc.php
+++ b/db/db.update.129.user.inc.php
@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
 		$id = intval($user);
 		$query .= "	`users`.`id`='$id'";
 	}
-	$q=mysql_query($query);
+	$q=$pdo->prepare($query);
 	$q->execute();
-	if(mysql_num_rows($q)!=1) {
+	if($q->rowCount()!=1) {
-		echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
+		echo "Query [$query] returned ".$q->rowCount()." rows\n";
 //		echo "<pre>";
 //		print_r(debug_backtrace());
 		return false;
 	}
-	$ret = mysql_fetch_assoc($q);
+	$ret = $q->fetch(PDO::FETCH_ASSOC);
 	/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
 	 * simply return the previous year (where deleted=no) */
@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
 	/* pass $u by reference so we can update it */
 	$save_old = false;
 	if($password == NULL) {
-		$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
+		$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
-		$u = mysql_fetch_assoc($q);
+		$q->execute();
 		$u = $q->fetch(PDO::FETCH_ASSOC);
 		/* Generate a new password */
 		$password = db129_user_generate_password(12);
 		/* save the old password only if it's not an auto-generated one */
@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
 		$save_set = 'NOW()';
 	}
-	$p = mysql_escape_string($password);
+	$p = $password;
 	$set = ($save_old == true) ? 'oldpassword=password, ' : '';
 	$set .= "password='$p', passwordset=$save_set ";
 	$query = "UPDATE users SET $set WHERE id='$id'";
-	mysql_query($query);
+	$stmt = $pdo->prepare($query);
-	echo mysql_error();
+	$stmt->execute();
 	echo $pdo->errorInfo();
 	return $password;
 }
@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
 		}
 		if(is_array($u[$f])) 
-			$data = mysql_escape_string(serialize($u[$f]));
+			$data = serialize($u[$f]);
 		else 
-			$data = mysql_escape_string(stripslashes($u[$f]));
+			$data = stripslashes($u[$f]);
 		$set .= "`$f`='$data'";
 	}
 	if($set != "") {
 		$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
-		if(mysql_error()) {
+		$stmt->execute();
-			echo mysql_error();
+		if($pdo->errorInfo()) {
 			echo $pdo->errorInfo();
 			echo error("Full query: $query");
 		}
 	}
@ -337,7 +341,7 @@ function db129_user_save($u)
 //		if($f == 'types') 
 //			$set .= "$f='".implode(',', $u[$f])."'";
-		$data = mysql_escape_string(stripslashes($u[$f]));
+		$data = stripslashes($u[$f]);
 		$set .= "$f='$data'";
 	}
 	//echo "<pre>";
@ -345,9 +349,10 @@ function db129_user_save($u)
 	//echo "</pre>";
 	if($set != "") {
 		$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
-		mysql_query($query);
+		$stmt = $pdo->prepare($query);
 		$stmt->execute();
 //		echo "query=[$query]";
-		echo mysql_error();
+		echo $pdo->errorInfo();
 	}
 	/* Save the password if it changed */
@ -364,7 +369,8 @@ function db129_user_save($u)
 function db129_user_delete_committee($u)
 {
-	mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
+	$stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
 	$stmt->execute();
 }
 function db129_user_delete_volunteer($u)
@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
 {
 	global $config;
 	$id = $u['id'];
-	mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
+	$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
-	mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
+	$stmt->execute();
-}
+	$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
 $stmt->execute();}
 function db129_user_delete_fair($u)
 {
@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_delete = true;
 		}
@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
 		$finish_delete = true;
 	}
 	if($finish_delete == true) {
-		mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
 				if($types != '') $types .= ',';
 				$types .= $t;
 			}
-			mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
+			$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
 			$stmt->execute();
 		} else {
 			$finish_purge = true;
 		}
@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
 		 * out the entry */
 		call_user_func("db129_user_delete_$type", $u);
 //		call_user_func("user_purge_$type", $u);
-		mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
 		$stmt->execute();
 	} else {
 		/* Delete the whole user */
 		foreach($u['types'] as $t) {
 			call_user_func("db129_user_delete_$t", $u);
 //			call_user_func("user_purge_$t", $u);
-			mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
+			$stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
 			$stmt->execute();
 		}
 		$finish_purge = true;
 	}
 	if($finish_purge == true) {
-		mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
+		$stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
 		$stmt->execute();
 	}
 }
@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
 {
 	global $config;
 	$nullfields = array('deleteddatetime'); /* Fields that can be null */
-	$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
+	$q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
-	if(mysql_num_rows($q) != 1) {
+	$q->execute();
 	if($q->rowCount() != 1) {
 		echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
 		exit;
 	}
-	$i = mysql_fetch_assoc($q);
+	$i = $q->fetch(PDO::FETCH_ASSOC);
 	$i[$key] = $newval;
 	foreach($i as $k=>$v) {
@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
 		else if($k == 'year') 
 			$i[$k] = $config['FAIRYEAR'];
 		else
-			$i[$k] = '\''.mysql_escape_string($v).'\'';
+			$i[$k] = '\''.$v.'\'';
 	}
 	$keys = '`'.join('`,`', array_keys($i)).'`';
@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
 	$q = "INSERT INTO $db ($keys) VALUES ($vals)";
 //	echo "Dupe Query: [$q]";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
-	echo mysql_error();
+	$r->execute();
 	echo $pdo->errorInfo();
-	$id = mysql_insert_id();
+	$id = $pdo->lastInsertId();
 	return $id;
 }
 /* Used by the login scripts to copy one user from one year to another */
@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
 	 * - That previous entry has deleted=no */
 	/* Find the last entry */
-	$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
+	$q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
 				ORDER BY year DESC LIMIT 1");
-	$r = mysql_fetch_object($q);
+	$q->execute();
 	$r = $q->fetch(PDO::FETCH_OBJ);
 	if($r->deleted == 'yes') {
 		echo "Cannot duplicate user ID {$u['id']}, they are deleted.  Undelete them first.\n";
 		exit;
@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
 	}
 	$id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
-	$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
+	$q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
 	$q->execute();
 	/* Load the new user */
 	$u2 = db129_user_load($id);
@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
 {
 	global $config;
 	if(!is_array($u)) {
-		mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
+		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) 
 			VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
-		echo mysql_error();
+		$stmt->execute();
-		$uid = mysql_insert_id();
+		echo $pdo->errorInfo();
-		mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+		$uid = $pdo->lastInsertId();
 		$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
 		$stmt->execute();
 		db129_user_set_password($uid, NULL);
 	} else {
 		/* The user has been specified and already exists,
@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
 			exit;
 		}
 		$new_types = implode(',', $u['types']).','.$type;
-		mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
+		$stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
 		$stmt->execute();
 	}
 	switch($type) {
 	case 'volunteer':
-		mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
+		$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
 		$stmt->execute();
 		break;
 	case 'student':
-//		mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
+//		$stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
-		break;
+$stmt->execute();		
 break;
 	case 'judge':
-		mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
+		$stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
 		$stmt->execute();
 		break;
 	case 'fair':
-		mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
+		$stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
 		$stmt->execute();
 		break;
 	case 'committee':
-		mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
+		$stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
 		$stmt->execute();
 		break;
 	case 'sponsor':
-		mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
+		$stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
 		$stmt->execute();
 		break;
 	}
 	return db129_user_load($uid);
--- a/db/db.update.136.php
+++ b/db/db.update.136.php
@ -4,7 +4,7 @@
 function db_update_136_pre()
 {
 	global $config;
-	mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada',
+	$stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
 				`abbrv` = 'YSC',
 				`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
 				`enable_stats` = 'yes',
@ -15,14 +15,16 @@ function db_update_136_pre()
 			WHERE 
 				`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
 	$stmt->execute();
-	mysql_query("UPDATE fairs SET `abbrv` = 'STO',
+	$stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
 				`website` = 'http://www.scitechontario.org/awarddownloader/help.php',
 				`enable_stats` = 'yes',
 				`enable_awards` = 'yes',
 				`enable_winners` = 'yes'
 			WHERE 
 				`url`='http://www.scitechontario.org/awarddownloader/index.php'");
 	$stmt->execute();
 }
--- a/db/db.update.142.php
+++ b/db/db.update.142.php
@ -1,8 +1,9 @@
 <?
 function db_update_142_post() {
-	$q=mysql_query("SELECT * FROM config WHERE var='FISCALYEAR'");
+	$q=$pdo->prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
-	if(mysql_num_rows($q)) {
+	$q->execute();
 	if($q->rowCount()) {
 		//great its there, do nothing, it must have been inserted by the installer when doing a fresh install
 	}
 	else {
@ -11,7 +12,8 @@ function db_update_142_post() {
 		$month=date("m");
 		if($month>6) $fiscalyearsuggest=date("Y")+1;
 		else $fiscalyearsuggest=date("Y");
-		mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
+		$stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
 		$stmt->execute();
 	}
 }
--- a/db/db.update.62.php
+++ b/db/db.update.62.php
@ -17,8 +17,9 @@ $update_62_committee = array();
 function db_update_62_pre()
 {
 	global $update_62_committee;
-	$q = mysql_query("SELECT * FROM committees_members");
+	$q = $pdo->prepare("SELECT * FROM committees_members");
-	while($r = mysql_fetch_assoc($q)) {
+	$q->execute();
 	while($r = $q->fetch(PDO::FETCH_ASSOC)) {
 		$update_62_committee[] = $r;
 	}
 }
@ -31,8 +32,7 @@ function db_update_62_post()
 	foreach($update_62_committee as $c) {
 		list($fn, $ln) = split(' ', $c['name'], 2);
 		$username = $c['email'];
-		$fn = mysql_escape_string($fn);
+		
 		$ln = mysql_escape_string($ln);
 		if($config['committee_password_expiry_days'] > 0) {
 			$passwordexpiry = "DATE_ADD(CURDATE(),
 				INTERVAL {$config['committee_password_expiry_days']} DAY)";
@ -46,19 +46,20 @@ function db_update_62_post()
 			`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
 			`created`,`deleted`) 
 			VALUES ('committee','$fn', '$ln', '$username',
-				'".mysql_escape_string($c['password'])."',
+				'".$c['password']."',
 				$passwordexpiry,
 				'{$c['email']}',
 				'{$c['phonehome']}',
 				'{$c['phonework']}',
 				'{$c['phonecell']}',
 				'{$c['fax']}',
-				'".mysql_escape_string($c['organization'])."',
+				'".$c['organization']."',
 				NOW(),
 				'$deleted')";
-		mysql_query($q);
+		$stmt = $pdo->prepare($q);
 		$stmt->execute();
 		echo "$q\n";
-		$id = mysql_insert_id();
+		$id = $pdo->lastInsertId();
 		$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
 		$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@ -73,14 +74,16 @@ function db_update_62_post()
 					'$access_admin',
 					'$access_config',
 					'$access_super')";
-		mysql_query($q);
+		$stmt = $pdo->prepare($q);
 		$stmt->execute();
 		echo "$q\n";
-		echo mysql_error();
+		echo $pdo->errorInfo();
 		/* Update committee links */
 		$q = "UPDATE committees_link SET users_id='$id'
 				WHERE committees_members_id='{$c['id']}'";
-		mysql_query($q);
+		$stmt = $pdo->prepare($q);
 		$stmt->execute();
 		echo "$q\n";
 	}
--- a/db/db.update.81.php
+++ b/db/db.update.81.php
@ -1,10 +1,12 @@
 <?
 function db_update_81_post() 
 {
-	$q = mysql_query("SELECT DISTINCT award_sponsors_id FROM award_contacts");
+	$q = $pdo->prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
-	while($i = mysql_fetch_object($q)) {
+	$q->execute();
 	while($i = m$q->fetch(PDO::FETCH_OBJ)) {
 		$asid = $i->award_sponsors_id;
-		mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
+		$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
 		$stmt->execute();
 	}
 }
 ?>
--- a/judge.inc.php
+++ b/judge.inc.php
@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
 	}
 	/* Check to see if they have ranked all project age categories, and all divisions */
-	$q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	$numcats=$r->num;
 	if($numcats != count($u['cat_prefs'])) 	return 'incomplete';
-	$q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
+	$q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
-	$r=mysql_fetch_object($q);
+	$q->execute();
 	$r=$q->fetch(PDO::FETCH_OBJ);
 	$numdivisions=$r->num;
 	if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@ -75,14 +77,16 @@ function judge_status_questions($u){
 	*/
 	global $config;
 	// get the questions we're looking for
-	$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
+	$q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
 	$q->execute();
 	$idList = array();
-	while($row = mysql_fetch_assoc($q)) $idList[] = $row['id'];
+	while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
 	$rval = 'complete';
 	if(count($idList)){
-		$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
+		$q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
-		$row = mysql_fetch_assoc($q);
+		$q->execute();
 		$row = $q->fetch(PDO::FETCH_ASSOC);
 		if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
 	}
 	return $rval;
@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
 	 * - judge has selected between min and max preferences 
 	 */
-	$qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel 
+	$qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel 
 				WHERE users_id='{$u['id']}'");
-	$rr = mysql_fetch_object($qq);
+	$qq->execute();
 	$rr = $qq->fetch(PDO::FETCH_OBJ);
 	$awards_selected = $rr->num;
 //	echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@ -127,9 +132,9 @@ function judge_status_availability(&$u)
 	global $config;
 	if($config['judges_availability_enable'] == 'no') return 'complete';
-	$q = mysql_query("SELECT id FROM judges_availability 
+	$q = $pdo->prepare("SELECT id FROM judges_availability 
 			WHERE users_id=\"{$u['id']}\"");
-	if(mysql_num_rows($q) > 0) return 'complete';
+	if($q->rowCount() > 0) return 'complete';
 	return 'incomplete';
 }
--- a/lpdf.php
+++ b/lpdf.php
@ -220,8 +220,9 @@ class lpdf
 //				echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
 				break;
 			}
-			$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
+			$q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
-			if($r=@mysql_fetch_object($q))
+			$q->execute();
 			if($r=$q->fetch(PDO::FETCH_OBJ))
 			$prevnr=$nr;
 //			printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);
--- a/scripts/assignprojectnumbers.php
+++ b/scripts/assignprojectnumbers.php
@ -27,12 +27,14 @@ exit;
 include "../common.inc.php";
-	$projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
+	$projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
-	while($projr=mysql_fetch_object($projq))
+	$projq->execute();
 	while($projr=$projq->fetch(PDO::FETCH_OBJ))
 	{
 		$reg_id=$projr->id;
-		$q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
+		$q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
-		$r=mysql_fetch_object($q);
+		$q->execute();
 		$r=$q->fetch(PDO::FETCH_OBJ);
 		$projectnumber=$config['project_num_format'];
 		//first replace the division and category
@ -41,15 +43,16 @@ include "../common.inc.php";
 		//now change the N to a % so we can use it as a wildcard 
 		$querynum=str_replace('N','%',$projectnumber);
-		$searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
+		$searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
 		$searchq->execute();
 		print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
-		$searchnum=mysql_num_rows($searchq);
+		$searchnum=$searchq->rowCount();
 		echo "searchnum=$searchnum \n";
-		if(mysql_num_rows($searchq))
+		if($searchq->rowCount())
 		{
 			//first, put them all in an array
 			$proj_nums=array();
-			while($searchr=mysql_fetch_object($searchq))
+			while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
 			{
 				$proj_nums[]=$searchr->projectnumber;
 			}
@ -77,7 +80,8 @@ include "../common.inc.php";
 		}
 		$projectnumber=str_replace('N',$Nnum,$projectnumber);
-		mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
+		$stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
 		$stmt->execute();
 		if($projectnumber)
 		{
 			echo "Assigned new project number $projectnumber\n";
--- a/scripts/assigntourrankings.php
+++ b/scripts/assigntourrankings.php
@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
 exit;
 include "../common.inc.php";
-mysql_query("DELETE FROM tours_choice WHERE year='2008'");
+$stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
 $stmt->execute();
-$q=mysql_query("SELECT students.id AS students_id, 
+$q=$pdo->prepare("SELECT students.id AS students_id, 
 			registrations.id AS registrations_id 
 		FROM registrations, 
 			students 
@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
 			AND registrations.year='2008' 
 			AND students.registrations_id=registrations.id 
 			AND students.year='2008'");
-	while($r=mysql_fetch_object($q))
+$q->execute();
 	while($r=$q->fetch(PDO::FETCH_OBJ))
 	{
-		$tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
+		$tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
 		$tq->execute();
 		$rank=1;
-		while($tr=mysql_fetch_object($tq)) {
+		while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
-			mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
 				'$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
 			)");
 			$stmt->execute();
 			$rank++;
 		}
 		echo "Assigned student $r->students_id\n";
--- a/scripts/emptyregistrations.php
+++ b/scripts/emptyregistrations.php
@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
 if(count($argv)>1)
 {
 	echo "TRUNCATING TABLE DATA....\n";
-	mysql_query("TRUNCATE TABLE registrations");
+	$stmt = $pdo->prepare("TRUNCATE TABLE registrations");
-	mysql_query("TRUNCATE TABLE students");
+	$stmt->execute();
-	mysql_query("TRUNCATE TABLE projects");
+   $stmt = $pdo->prepare("TRUNCATE TABLE students");
-	echo "DONE.\n\n";
+	$stmt->execute();
   $stmt = $pdo->prepare("TRUNCATE TABLE projects");
 	$stmt->execute();
   echo "DONE.\n\n";
 }
 ?>
--- a/scripts/emptyscheduledata.php
+++ b/scripts/emptyscheduledata.php
@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
 if(count($argv)>1)
 {
 	echo "TRUNCATING TABLE DATA....\n";
-	mysql_query("TRUNCATE TABLE judges_teams");
+	$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
-	mysql_query("TRUNCATE TABLE judges_teams_awards_link");
+	$stmt->execute();
-	mysql_query("TRUNCATE TABLE judges_teams_link");
+   $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
-	mysql_query("TRUNCATE TABLE judges_teams_timeslots_link");
+	$stmt->execute();
-	mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link");
+   $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
-	echo "DONE.\n\n";
+	$stmt->execute();
   $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
 	$stmt->execute();
   $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
 	$stmt->execute();
   echo "DONE.\n\n";
 }
 ?>
--- a/scripts/judges_fake.php
+++ b/scripts/judges_fake.php
@ -28,11 +28,16 @@ include "../common.inc.php";
 $numjudges=200;
-mysql_query("TRUNCATE TABLE judges");
+$stmt = $pdo->prepare("TRUNCATE TABLE judges");
-mysql_query("TRUNCATE TABLE judges_catpref");
+$stmt->execute();
-mysql_query("TRUNCATE TABLE judges_expertise");
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
-mysql_query("TRUNCATE TABLE judges_years");
+$stmt->execute();
-mysql_query("TRUNCATE TABLE judges_languages");
+$stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
 $stmt->execute();
 $stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
 $stmt->execute();
 $stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
 $stmt->execute();
 function getrand($ar)
@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
 	$compnum=rand(0,20);
 	if($compnum==1) $complete="no"; else $complete="yes";
-	$q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
+	$q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
-	$id=mysql_insert_id();
+	$q->execute();
 	$id=$pdo->lastInsertId();
 	//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
 	//to compensate
@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
 	for($a=1;$a<=3;$a++)
 	{
 		$catrank=rand(-2,2);
-		mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
+		$stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
 		$stmt->execute();
 	}
 	//expertise is ranked 1-5
 	for($a=1;$a<=6;$a++)
 	{
 		$divrank=rand(1,5);
-		mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
+		$stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
 		$stmt->execute();
 	}
 	//and add the record to the judges_years table so they will be 'active' for this year
-	mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
+	$stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
 	$stmt->execute();
 	//60% chance they only speak english
 	//20% chance they only speak french
 	//20% chance they are bilingual
 	$num=rand(0,100);
 	if($num<60) 
-		mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
+		{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
-	else if($num<80) 
+		$stmt->execute();}
-		mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
+		else if($num<80) 
-	else {
+		{$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
-		mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
+		$stmt->execute();}
-		mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
+		else {
 		$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
 		$stmt->execute();
 		$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
 			$stmt->execute();
 	}
--- a/scripts/populate_fake.php
+++ b/scripts/populate_fake.php
@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
 $starters=array("effects of","study of","analysis of");
 $joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
-$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'");
+$numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
-while($s=mysql_fetch_object($numschools))
+$numschools->execute();
 while($s=$numschools->fetch(PDO::FETCH_OBJ))
 {
 	//1 in 4 chance of actually using this school
 	$o=rand(1,4);
@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
 	$pd=rand(1,$prob_unpaid);
 	if($pd==1) $status='paymentpending'; else $status='complete';
-	$q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
+	$q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
-	if($id=mysql_insert_id())
+	$q->execute();
 	if($id=$pdo->lastInsertId())
 	{
 		$peeps=rand(1,$prob_dual);
@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
 			$firstname=getrand($firstnames);
 			$email=strtolower($firstname)."@".getrand($domains);
-			mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
+			$stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
-
+			$stmt->execute();
 		}
 		$div=rand(1,6);
@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
 		if($langnum<4) $lang="fr"; else $lang="en";
-		mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
+		$stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
-
+		$stmt->execute();
 	}
 }
--- a/scripts/rolloverschools.php
+++ b/scripts/rolloverschools.php
@ -28,17 +28,19 @@
 function roll($currentfairyear, $newfairyear, $table, $fields)
 {
-	$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'");
+	$q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
-	echo mysql_error();
+	$q->execute();
 	echo $pdo->errorInfo();
 	$names = '`'.join('`,`', $fields).'`';
-	while($r=mysql_fetch_assoc($q)) {
+	while($r=$q->fetch(PDO::FETCH_ASSOC)) {
 		$vals = '';
 		foreach($fields as $f) {
-			$vals .= ",'".mysql_real_escape_string($r[$f])."'";
+			$vals .= ",'".$r[$f]."'";
 		}
-		mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
+		$stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
-		echo mysql_error();	
+		$stmt->execute();
 		echo $pdo->errorInfo();	
 	}
 }
@ -47,35 +49,36 @@ $newfairyear=2010;
 		echo i18n("Rolling schools")."<br />";
 		//award types
-		$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'");
+		$q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
-		echo mysql_error();
+		$q->execute();
-		while($r=mysql_fetch_object($q)) {
+		echo $pdo->errorInfo();
 		while($r=$q->fetch(PDO::FETCH_OBJ)) {
 			$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
 			$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
-			mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
+			$stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
-				'".mysql_real_escape_string($r->school)."',
+				'".$r->school."',
-				'".mysql_real_escape_string($r->schoollang)."',
+				'".$r->schoollang."',
-				'".mysql_real_escape_string($r->schoollevel)."',
+				'".$r->schoollevel."',
-				'".mysql_real_escape_string($r->board)."',
+				'".$r->board."',
-				'".mysql_real_escape_string($r->district)."',
+				'".$r->district."',
-				'".mysql_real_escape_string($r->phone)."',
+				'".$r->phone."',
-				'".mysql_real_escape_string($r->fax)."',
+				'".$r->fax."',
-				'".mysql_real_escape_string($r->address)."',
+				'".$r->address."',
-				'".mysql_real_escape_string($r->city)."',
+				'".$r->city."',
-				'".mysql_real_escape_string($r->province_code)."',
+				'".$r->province_code."',
-				'".mysql_real_escape_string($r->postalcode)."',$puid,
+				'".$r->postalcode."',$puid,
-				'".mysql_real_escape_string($r->schoolemail)."',$shuid,
+				'".$r->schoolemail."',$shuid,
-				'".mysql_real_escape_string($r->accesscode)."',
+				'".$r->accesscode."',
 				NULL,
-				'".mysql_real_escape_string($r->junior)."',
+				'".$r->junior."',
-				'".mysql_real_escape_string($r->intermediate)."',
+				'".$r->intermediate."',
-				'".mysql_real_escape_string($r->senior)."',
+				'".$r->senior."',
-				'".mysql_real_escape_string($r->registration_password)."',
+				'".$r->registration_password."',
-				'".mysql_real_escape_string($r->projectlimit)."',
+				'".$r->projectlimit."',
-				'".mysql_real_escape_string($r->projectlimitper)."',
+				'".$r->projectlimitper."',
-				'".mysql_real_escape_string($newfairyear)."')");
+				'".$newfairyear."')");
-		}
+			$stmt->execute();
-
+			}
 ?>
--- a/user.inc.php
+++ b/user.inc.php
@ -781,13 +781,15 @@ function user_create($type, $username, $u = NULL)
 	if(!is_array($u)) {
 		$stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) 
 			VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
-		$stmt->execute()';
+		$stmt->execute();
 		echo $pdo->errorInfo();
-		$uid = mysql_insert_id();
+		$uid = $pdo->lastInsertId();
        if(user_valid_email($username)) {
-            mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
+            $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
 			$stmt->execute();
        }
-		mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'");
+		$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
 		$stmt->execute();
 		echo $pdo->errorInfo();
 		user_set_password($uid, NULL);
 		/* Since the user already has a type, user_save won't create this
--- a/volunteer.inc.php
+++ b/volunteer.inc.php
@ -31,8 +31,9 @@ function volunteer_status_position($u)
 	/* See if they have selected something */
 	$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}' 
 			AND year='{$config['FAIRYEAR']}'";
-	$r = mysql_query($q);
+	$r = $pdo->prepare($q);
-	if(mysql_num_rows($r) >= 1) {
+	$r->execute();
 	if($r->rowCount() >= 1) {
 		return "complete";
 	}
 	return "incomplete";
--- a/volunteer_position.php
+++ b/volunteer_position.php
@ -44,8 +44,9 @@
 		/* Load available IDs */
 		$posns = array();
 		$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
-		$r = mysql_query($q);
+		$r = $pdo->prepare($q);
-		while($p = mysql_fetch_object($r)) {
+		$r->execute();
 		while($p = $r->fetch(PDO::FETCH_OBJ)) {
 			$posns[] = $p->id;
 		}
@ -59,18 +60,20 @@
 	} 
 	/* Delete existing selections */
-	mysql_query("DELETE FROM volunteer_positions_signup 
+	$stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup 
 			WHERE 
 				users_id='{$u['id']}' 
 				AND year='{$config['FAIRYEAR']}' ");
-		echo mysql_error();
+	$stmt->execute();
 		echo $pdo->errorInfo();
 	/* Add new selections if there are any */
 	if($vals != '') {
 		$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year) 
 				VALUES $vals";
-		$r=mysql_query($q);
+		$r=$po->prepare($q);
-		echo mysql_error();
+		$r->execute();
 		echo $pdo->errorInfo();
 	}
@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
 $q = "SELECT * FROM volunteer_positions_signup WHERE
 		users_id = '{$u['id']}' 
 		AND year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
+ $r = $pdo->prepare($q);
 $r->execute();
 $checked_positions = array();
- while($p = mysql_fetch_object($r)) {
+ while($p = $r->fetch(PDO::FETCH_OBJ)) {
 	$checked_positions[] = $p->volunteer_positions_id;
 }
 /* Load available volunteer positions */
 $q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
 			FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
- $r = mysql_query($q);
+ $r = $pdo->prepare($q);
- while($p = mysql_fetch_object($r)) {
+ $r->execute();
 while($p = $r->fetch(PDO::FETCH_OBJ)) {
 	echo '<tr><td>';
--- a/winners.php
+++ b/winners.php
@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
 	$show_unawarded_awards="no";
 	$show_unawarded_prizes="no";
 	$year=intval($_GET['year']);
-	$type=mysql_real_escape_string($_GET['type']);
+	$type=$_GET['type'];
 	echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>";
@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
 	//first, lets make sure someone isnt tryint to see something that they arent allowed to!
 	//but only if the year they want is the FAIRYEAR.  If they want a past year, thats cool
 	if($_GET['year']>=$config['FAIRYEAR']) {
-		$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
+		$q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
-		$r=mysql_fetch_object($q);
+		$q->execute();
 		$r=$q->fetch(PDO::FETCH_OBJ);
 		if($r->test!=1)
 		{
 			echo error(i18n("Crystal ball says future is very hard to see!"));
@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
 	if($ok)
 	{
-		$q=mysql_query("SELECT 
+		$q=$pdo->prepare("SELECT 
 					award_awards.id,
 					award_awards.name,
 					award_awards.order AS awards_order,
@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
 				ORDER BY 
 					awards_order");
-		echo mysql_error();
+		echo $pdo->errorInfo();
-		if(mysql_num_rows($q))
+		if($q->rowCount())
 		{
 			echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
 			echo "<br />";
-			while($r=mysql_fetch_object($q))
+			while($r=$q->fetch(PDO::FETCH_OBJ))
 			{
-				$pq=mysql_query("SELECT 
+				$pq=$pdo->prepare("SELECT 
 							award_prizes.prize,
 							award_prizes.number,
 							award_prizes.id,
@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
 							AND award_prizes.year='$year'
 						ORDER BY 
 							`order`");
-						echo mysql_error();
+					$pq->execute();
 						echo $pdo->errorInfo();
 				$awarded_count = 0;
 				if($show_unawarded_awards=="no")
 				{
-					while($pr=mysql_fetch_object($pq))
+					while($pr=$pq->fetch(PDO::FETCH_OBJ))
 					{
 						if($pr->projectnumber)
 						{
 							$awarded_count++;
 						}
 					}
 					// Still have to find the PDO equivalent
 					mysql_data_seek($pq, 0);
 				}
 				if($show_unawarded_awards=="yes" || $awarded_count > 0)
@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
 				}
 				$prevprizeid=-1;
-				while($pr=mysql_fetch_object($pq))
+				while($pr=$pq->fetch(PDO::FETCH_OBJ))
 				{
 					if(!($pr->projectnumber) && $show_unawarded_prizes=="no") 
 					{ 
@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
 						echo "&nbsp&nbsp;&nbsp;&nbsp;";
 						echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
-						$sq=mysql_query("SELECT students.firstname,
+						$sq=$pdo->prepare("SELECT students.firstname,
 									students.lastname,
 									students.schools_id,
 									students.webfirst,
@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
 									students.registrations_id='$pr->reg_id'
 									AND students.schools_id=schools.id
 								");
 						$sq->execute();
 						$studnum=0;
 						$students="";
                        $schools=array();
-						while($studentinfo=mysql_fetch_object($sq))
+						while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
 						{
 							if($studnum>0 && $prev) $students.=", ";
@ -242,7 +246,7 @@ else
 	$first=true;
 	if($q->rowCount())
 	{
-		while($r=mysql_fetch_object($q))
+		while($r=$q->fetch(PDO::FETCH_OBJ))
 		{
 			if($first && $r->year != $config['FAIRYEAR'])
 			{
@ -258,7 +262,7 @@ else
 			//do this each time, because each year the names of the award types could change, along with what is actually given out.
 			//
-			$tq=mysql_query("SELECT 
+			$tq=$pdo->prepare("SELECT 
 						DISTINCT(award_types.type) AS type
 					FROM
 						winners,
@ -273,8 +277,9 @@ else
 					ORDER BY
 						award_types.order
 					");
-					echo mysql_error();
+			$tq->execute();
-			while($tr=mysql_fetch_object($tq)) {
+					echo $pdo->errorInfo();
 			while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
 				echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
 			}
 			echo "<br />";