forked from science-ation/science-ation
Compare commits
2 Commits
5ccfe2dd6f
...
1846545b7a
| Author | SHA1 | Date | |
|---|---|---|---|
|
1846545b7a | ||
|
|
172189a3ed |
@ -8,10 +8,10 @@ function getJudgingTeams()
|
||||
FROM
|
||||
judges_teams
|
||||
WHERE
|
||||
judges_teams.year='" . $config['FAIRYEAR'] . "'
|
||||
judges_teams.year=?
|
||||
ORDER BY
|
||||
num,name");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
|
||||
$lastteamid = -1;
|
||||
$lastteamnum = -1;
|
||||
@ -28,8 +28,8 @@ function getJudgingTeams()
|
||||
$rounds = array();
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_teams_timeslots_link
|
||||
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
|
||||
WHERE judges_teams_timeslots_link.judges_teams_id='{$r->id}'");
|
||||
$tq->execute();
|
||||
WHERE judges_teams_timeslots_link.judges_teams_id=?");
|
||||
$tq->execute([$r->id]);
|
||||
$teams[$r->id]['timeslots'] = array();
|
||||
$teams[$r->id]['rounds'] = array();
|
||||
|
||||
@ -39,8 +39,8 @@ function getJudgingTeams()
|
||||
}
|
||||
|
||||
foreach ($rounds as $round_id) {
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='{$round_id}'");
|
||||
$tq->execute();
|
||||
$tq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$tq->execute([$round_id]);
|
||||
$teams[$r->id]['rounds'][] = $tq->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
@ -55,12 +55,12 @@ function getJudgingTeams()
|
||||
judges_teams_link
|
||||
WHERE
|
||||
judges_teams_link.users_id=users.id AND
|
||||
judges_teams_link.judges_teams_id='$r->id'
|
||||
judges_teams_link.judges_teams_id=?
|
||||
ORDER BY
|
||||
captain DESC,
|
||||
lastname,
|
||||
firstname");
|
||||
$mq->execute();
|
||||
$mq->execute([$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$teamlangs = array();
|
||||
@ -87,9 +87,9 @@ function getJudgingTeams()
|
||||
$lq = $pdo->prepare("SELECT projects.language
|
||||
FROM judges_teams_timeslots_projects_link
|
||||
LEFT JOIN projects ON judges_teams_timeslots_projects_link.projects_id=projects.id
|
||||
WHERE judges_teams_timeslots_projects_link.year='{$config['FAIRYEAR']}' AND
|
||||
judges_teams_id='$r->id' AND language!='' ");
|
||||
$lq->execute();
|
||||
WHERE judges_teams_timeslots_projects_link.year=? AND
|
||||
judges_teams_id=? AND language!='' ");
|
||||
$lq->execute([$config['FAIRYEAR'],$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$projectlangs = array();
|
||||
while ($lr = $lq->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -113,13 +113,13 @@ function getJudgingTeams()
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND judges_teams_awards_link.judges_teams_id='$r->id'
|
||||
AND judges_teams_awards_link.judges_teams_id=?
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
name
|
||||
");
|
||||
$aq->execute();
|
||||
$aq->execute([$r->id,$config['FAIRYEAR']]);
|
||||
while ($ar = $aq->fetch(PDO::FETCH_OBJ)) {
|
||||
$teams[$r->id]['awards'][] = array(
|
||||
'id' => $ar->id,
|
||||
@ -144,13 +144,13 @@ function getJudgingTeam($teamid)
|
||||
FROM
|
||||
judges_teams
|
||||
WHERE
|
||||
judges_teams.year='" . $config['FAIRYEAR'] . "' AND
|
||||
judges_teams.id='$teamid'
|
||||
judges_teams.year=? AND
|
||||
judges_teams.id=?
|
||||
ORDER BY
|
||||
num,
|
||||
name
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$teamid]);
|
||||
|
||||
$team = array();
|
||||
|
||||
@ -172,12 +172,12 @@ function getJudgingTeam($teamid)
|
||||
judges_teams_link
|
||||
WHERE
|
||||
judges_teams_link.users_id=users.id AND
|
||||
judges_teams_link.judges_teams_id='$r->id'
|
||||
judges_teams_link.judges_teams_id=?
|
||||
ORDER BY
|
||||
captain DESC,
|
||||
lastname,
|
||||
firstname");
|
||||
$mq->execute();
|
||||
$mq->execute([$r->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
while ($mr = $mq->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -200,13 +200,13 @@ function getJudgingTeam($teamid)
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND judges_teams_awards_link.judges_teams_id='$r->id'
|
||||
AND judges_teams_awards_link.judges_teams_id=?
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
name
|
||||
");
|
||||
$aq->execute();
|
||||
$aq->execute([$r->id,$config['FAIRYEAR']]);
|
||||
while ($ar = $aq->fetch(PDO::FETCH_OBJ)) {
|
||||
$team['awards'][] = array(
|
||||
'id' => $ar->id,
|
||||
@ -248,11 +248,11 @@ function judges_load_all()
|
||||
$ret = array();
|
||||
|
||||
$query = "SELECT id FROM users WHERE types LIKE '%judge%'
|
||||
AND year='{$config['FAIRYEAR']}'
|
||||
AND year=?
|
||||
AND deleted='no'
|
||||
ORDER BY lastname, firstname";
|
||||
$r = $pdo->prepare($query);
|
||||
$r->execute();
|
||||
$r->execute([$config['FAIRYEAR']]);
|
||||
while ($i = $r->fetch(PDO::FETCH_ASSOC)) {
|
||||
$u = user_load($i['id']);
|
||||
if ($u['judge_complete'] == 'no')
|
||||
|
||||
@ -40,16 +40,16 @@ if (get_value_from_array($_POST, 'action'))
|
||||
if ($action == 'delete' && get_value_from_array($_GET, 'delete')) {
|
||||
// ALSO DELETE: team members, timeslots, projects, awards
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='" . $_GET['delete'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['delete'],$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Judge team successfully removed, and all of its corresponding members, timeslots, projects and awards unlinked from team')));
|
||||
}
|
||||
|
||||
@ -58,25 +58,26 @@ if (get_value_or_default($action) == 'deletealldivisional') {
|
||||
FROM \t
|
||||
judges_teams
|
||||
WHERE
|
||||
year='" . $config['FAIRYEAR'] . "'
|
||||
year=?
|
||||
AND autocreate_type_id='1'
|
||||
");
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$numdeleted = 0;
|
||||
while ($r2 = $q2->fetch(PDO::FETCH_OBJ)) {
|
||||
// okay now we can start deleting things! whew!
|
||||
// first delete any linkings to the team
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$numdeleted++;
|
||||
}
|
||||
if ($numdeleted)
|
||||
@ -89,24 +90,24 @@ if (get_value_or_default($action) == 'deleteall') {
|
||||
$q2 = $pdo->prepare("SELECT *
|
||||
FROM \tjudges_teams
|
||||
WHERE
|
||||
year='" . $config['FAIRYEAR'] . "'
|
||||
year=?
|
||||
");
|
||||
$q2->execute();
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
$numdeleted = 0;
|
||||
while ($r2 = $q2->FETCH(PDO::FETCH_OBJ)) {
|
||||
// okay now we can start deleting things! whew!
|
||||
// first delete any linkings to the team
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id='$r2->id' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_timeslots_projects_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams WHERE id=? AND year=?");
|
||||
$stmt->execute([$r2->id,$config['FAIRYEAR']]);
|
||||
$numdeleted++;
|
||||
}
|
||||
if ($numdeleted)
|
||||
@ -120,8 +121,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
// but when we're done, if we're "assign" then go back to edit that team
|
||||
// if we're save, then go back to the team list
|
||||
$err = false;
|
||||
$q = $pdo->prepare("UPDATE judges_teams SET num='" . $_POST['team_num'] . "', name='" . (stripslashes($_POST['team_name'])) . "' WHERE id='$edit'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE judges_teams SET num=?, name=? WHERE id=?");
|
||||
$q->execute([ $_POST['team_num'],(stripslashes($_POST['team_name'])),$edit]);
|
||||
if ($pdo->errorInfo()) {
|
||||
$err = true;
|
||||
message_push(error($pdo->errorInfo()));
|
||||
@ -133,8 +134,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
// the judges wouldnt know which projects to judge for which award. This doesnt apply for divisions
|
||||
// because the category/division is obvious based on project numbesr. A divisional judge team could easily
|
||||
// be assigned to do all of Comp Sci - Junior, Intermediate and Senior without any problems.
|
||||
$q = $pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id='" . $_POST['award'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.award_types_id=award_types.id AND award_awards.id=?");
|
||||
$q->execute([$_POST['award']]);
|
||||
$aw = $q->fetch(PDO::FETCHH_OBJ);
|
||||
|
||||
$addaward = true;
|
||||
@ -144,12 +145,12 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
award_awards,
|
||||
award_types
|
||||
WHERE
|
||||
judges_teams_awards_link.judges_teams_id='$edit'
|
||||
judges_teams_awards_link.judges_teams_id=?
|
||||
AND judges_teams_awards_link.award_awards_id=award_awards.id
|
||||
AND award_awards.award_types_id=award_types.id
|
||||
AND award_types.type='Special'
|
||||
");
|
||||
$q->exxecute();
|
||||
$q->exxecute([$edit]);
|
||||
$r = $q->fetch(PDO::FETCHH_OBJ);
|
||||
echo "special awards: $r->num";
|
||||
if ($r->num) {
|
||||
@ -162,8 +163,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
|
||||
if ($addaward) {
|
||||
// link up the award
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('" . $_POST['award'] . "','$edit','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$_POST['award'],$edit,$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Award assigned to team')));
|
||||
}
|
||||
}
|
||||
@ -182,8 +183,8 @@ if ((get_value_or_default($action) == 'save' || $action == 'assign') && $edit) {
|
||||
}
|
||||
|
||||
if (get_value_or_default($action) == 'unassign') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id='$edit' AND award_awards_id='" . $_GET['unassign'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_teams_awards_link WHERE judges_teams_id=? AND award_awards_id=? AND year=?");
|
||||
$stmt->execute([$edit,$_GET['unassign'],$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Award unassigned from judge team')));
|
||||
// keep editing the same team
|
||||
$action = 'edit';
|
||||
@ -191,8 +192,8 @@ if (get_value_or_default($action) == 'unassign') {
|
||||
|
||||
if (get_value_or_default($action) == 'createall') {
|
||||
// first make sure we dont have any non-divisional award teams (dont want people hitting refresh and adding all the teams twice
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
if ($r->c) {
|
||||
message_push(error(i18n("Cannot 'Create All' teams when any divisional teams currently exist. Try deleting all existing non-divisional teams first.")));
|
||||
@ -207,18 +208,18 @@ if (get_value_or_default($action) == 'createall') {
|
||||
award_types
|
||||
WHERE \t
|
||||
award_awards.award_types_id=award_types.id
|
||||
AND award_awards.year='" . $config['FAIRYEAR'] . "'
|
||||
AND award_types.year='" . $config['FAIRYEAR'] . "'
|
||||
AND award_awards.year=?
|
||||
AND award_types.year=?
|
||||
AND award_types_id!='1'
|
||||
ORDER BY
|
||||
award_types_order,
|
||||
award_awards.order,
|
||||
name");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
|
||||
// startat
|
||||
$q2 = $pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year='{$config['FAIRYEAR']}'");
|
||||
$q2->execute();
|
||||
$q2 = $pdo->prepare("SELECT MAX(num) AS lastnum FROM judges_teams WHERE year=?");
|
||||
$q2->execute([$config['FAIRYEAR']]);
|
||||
$r2 = $q2->fetch(PDO::FETCH_OBJ);
|
||||
if ($r2->lastnum)
|
||||
$num = $r2->lastnum + 1;
|
||||
@ -239,8 +240,8 @@ if (get_value_or_default($action) == 'createall') {
|
||||
$team_id = $pdo->lastInsertId();
|
||||
if ($team_id) {
|
||||
// now link the new team to the award
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES ('$r->id','$team_id','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams_awards_link (award_awards_id,judges_teams_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$r->id,$team_id,$config['FAIRYEAR']]);
|
||||
message_push(happy(i18n('Created team #%1: %2', array($num, $name))));
|
||||
} else {
|
||||
message_push(error(i18n('Error creating team #%1: %2', array($num, $name))));
|
||||
@ -251,8 +252,8 @@ if (get_value_or_default($action) == 'createall') {
|
||||
}
|
||||
|
||||
if (get_value_or_default($action) == 'add' && $_GET['num']) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES ('" . $_GET['num'] . "','" . $config['FAIRYEAR'] . "')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_teams(num,year) VALUES (?,?)");
|
||||
$stmt->execute([$_GET['num'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$edit = $pdo->lastInsertId();
|
||||
$action = 'edit';
|
||||
@ -342,10 +343,10 @@ function addclicked()
|
||||
)
|
||||
LEFT JOIN judges_teams_awards_link ON award_awards.id = judges_teams_awards_link.award_awards_id
|
||||
WHERE
|
||||
award_awards.year='" . $config['FAIRYEAR'] . "' AND
|
||||
award_awards.year=? AND
|
||||
judges_teams_awards_link.award_awards_id IS NULL
|
||||
AND award_types.id=award_awards.award_types_id
|
||||
AND award_types.year='{$config['FAIRYEAR']}'
|
||||
AND award_types.year=?
|
||||
ORDER BY
|
||||
award_type_order,
|
||||
name";
|
||||
@ -353,7 +354,7 @@ function addclicked()
|
||||
|
||||
echo '<tr><td colspan=2>';
|
||||
$q = $pdo->prepare($querystr);
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo '<select name="award">';
|
||||
@ -395,8 +396,8 @@ function addclicked()
|
||||
|
||||
echo '<table width="95%">';
|
||||
echo '<tr><td>';
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS c FROM judges_teams WHERE autocreate_type_id!='1' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
if (!$r->c) {
|
||||
echo '<a href="judges_teams.php?action=createall">' . i18n('Automatically create one new team for every non-divisional award') . '</a><br />';
|
||||
|
||||
@ -92,16 +92,16 @@ if ($action == 'saveround') {
|
||||
if ($save == true) {
|
||||
if ($round_id == 0) {
|
||||
/* New entry */
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,year) VALUES('0',?)");
|
||||
$stmt->execute([$config['FAIRYEAR']]);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`='$date',
|
||||
starttime='$starttime', endtime='$endtime',
|
||||
`name`='$name',
|
||||
`type`='$type' WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET `date`=?,
|
||||
starttime=?, endtime=?,
|
||||
`name`=?,
|
||||
`type`=? WHERE id=?");
|
||||
$stmt->execute([$date,$starttime,$endtime,$name,$type,$round_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
message_push(happy(i18n('Round successfully saved')));
|
||||
@ -110,18 +110,18 @@ if ($action == 'saveround') {
|
||||
}
|
||||
|
||||
if ($action == 'deleteround') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id=?");
|
||||
$stmt->execute([$round_id]);
|
||||
/* Also delete all timeslots */
|
||||
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id='$round_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE round_id=?");
|
||||
$stmt->execute([$round_id]);
|
||||
message_push(happy(i18n('Round successfully removed')));
|
||||
$action = '';
|
||||
}
|
||||
if ($action == 'deletetimeslot') {
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id='$timeslot_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM judges_timeslots WHERE id=?");
|
||||
$stmt->execute([$timeslot_id]);
|
||||
message_push(happy(i18n('Timeslot successfully removed')));
|
||||
$action = '';
|
||||
}
|
||||
@ -129,8 +129,8 @@ if ($action == 'deletetimeslot') {
|
||||
if ($action == 'savetimeslot') {
|
||||
$save = true;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$date = $round_data['date'];
|
||||
@ -152,15 +152,15 @@ if ($action == 'savetimeslot') {
|
||||
if ($save == true) {
|
||||
if ($timeslot_id == 0) {
|
||||
/* New entry */
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES('$round_id',
|
||||
'$date','timeslot','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,date,type,year) VALUES(?,
|
||||
?,'timeslot',?)");
|
||||
$stmt->execute([$round_id,$date,$config['FAIRYEAR']]);
|
||||
$timeslot_id = $pdo->lastInsertId();
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime='$starttime', endtime='$endtime'
|
||||
WHERE id='$timeslot_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET starttime=?, endtime=?
|
||||
WHERE id=?");
|
||||
$stmt->execute([$starttime,$endtime,$timeslot_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
message_push(happy(i18n('Timeslot successfully saved')));
|
||||
@ -176,8 +176,8 @@ if ($action == 'savemultiple') {
|
||||
$break = intval($_POST['break']);
|
||||
|
||||
if (array_key_exists('starttime_hour', $_POST) && array_key_exists('starttime_minute', $_POST) && $addnum && $duration) {
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$date = $round_data['date'];
|
||||
@ -242,8 +242,8 @@ if ($action == 'addround' || $action == 'editround') {
|
||||
$r['date'] = $config['dates']['fairdate'];
|
||||
} else {
|
||||
echo '<h3>Edit Judging Round</h3>';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
if ($q->rowCount() != 1) {
|
||||
echo "UNKNOWN ROUND $round_id";
|
||||
exit;
|
||||
@ -289,8 +289,8 @@ if ($action == 'addtimeslot' || $action == 'edittimeslot') {
|
||||
echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
|
||||
echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($action == 'addtimeslot') {
|
||||
@ -299,8 +299,8 @@ if ($action == 'addtimeslot' || $action == 'edittimeslot') {
|
||||
$r['date'] = $round_data['date'];
|
||||
} else {
|
||||
echo '<h3>Edit Judging Timeslot</h3>';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$timeslot_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$timeslot_id]);
|
||||
if ($q->rowCount() != 1) {
|
||||
echo "UNKNOWN ROUND $round_id";
|
||||
exit;
|
||||
@ -334,8 +334,8 @@ if ($action == 'addmultiple') {
|
||||
echo "<input type=\"hidden\" name=\"round_id\" value=\"$round_id\">\n";
|
||||
echo "<input type=\"hidden\" name=\"timeslot_id\" value=\"$timeslot_id\">\n";
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id='$round_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE id=?");
|
||||
$q->execute([$round_id]);
|
||||
$round_data = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
echo '<table border="0">';
|
||||
@ -375,12 +375,12 @@ if ($action == '') {
|
||||
echo '<th>' . i18n('Actions') . '</th>';
|
||||
echo '</tr>';
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='{$config['FAIRYEAR']}' AND `type`!='timeslot' ORDER BY date,starttime");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=? AND `type`!='timeslot' ORDER BY date,starttime");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r->id}' ORDER BY `date`,`starttime`");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=? ORDER BY `date`,`starttime`");
|
||||
$qq->execute([$r->id]);
|
||||
$c = $qq->rowCount() + 1;
|
||||
|
||||
echo "<td rowspan=\"$c\"><b>" . format_date($r->date) . '</b></td>';
|
||||
|
||||
@ -51,10 +51,10 @@ if ($_GET['projectid']) {
|
||||
$score_error = '*** ERROR **** You entered a value greater than 100.00';
|
||||
}
|
||||
$stmt = $pdo->prepare("UPDATE judges_teams_timeslots_projects_link
|
||||
\t \t\t\t\t\tSET score=" . $score
|
||||
. ' WHERE judges_teams_id = ' . $_POST['team_' . $curr_team . '_id']
|
||||
. " and projects_id =$project_id and year=$year");
|
||||
$stmt->execute();
|
||||
\t \t\t\t\t\tSET score=?"
|
||||
. ' WHERE judges_teams_id =?'
|
||||
. " and projects_id =? and year=?");
|
||||
$stmt->execute([$score,$_POST['team_' . $curr_team . '_id'],$project_id,$year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
$curr_team--;
|
||||
@ -64,18 +64,18 @@ if ($_GET['projectid']) {
|
||||
?>
|
||||
<?
|
||||
if ($project_id) {
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE projects.id = '" . $project_id . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projects WHERE projects.id =?");
|
||||
$q->execute([$project_id]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$project_number = $r->projectnumber;
|
||||
$project_title = $r->title;
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$cats[$r->id] = $r->category;
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$year]);
|
||||
|
||||
$q = $pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id,
|
||||
\t score,
|
||||
@ -83,8 +83,8 @@ if ($project_id) {
|
||||
\t FROM judges_teams_timeslots_projects_link,
|
||||
\t judges_teams
|
||||
\t WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id
|
||||
\t AND projects_id = " . $project_id . ' ORDER BY judges_teams_id');
|
||||
$q->execute();
|
||||
\t AND projects_id =? ORDER BY judges_teams_id");
|
||||
$q->execute([$project_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo 'Project# ' . $project_number . ' ' . $project_title . '<br />';
|
||||
if ($score_error != '') {
|
||||
|
||||
@ -101,15 +101,15 @@ if ($_GET['csv'] != 'yes') {
|
||||
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($_GET['csv'] == 'yes') {
|
||||
echo "$r->projectnumber \t $r->title \t" . $cats[$r->projectcategories_id] . "\t" . $divs[$r->projectdivisions_id] . " \t $r->score \t $r->norm_score ";
|
||||
echo "$r->projectnumber \t ? \t ? \t ? \t ? \t ? ";
|
||||
$p = $pdo->prepare("SELECT judges_teams_timeslots_projects_link.judges_teams_id,
|
||||
\t \t\t\t\t score,
|
||||
\t judges_teams.num
|
||||
\t FROM judges_teams_timeslots_projects_link,
|
||||
\t judges_teams
|
||||
\t WHERE judges_teams_timeslots_projects_link.judges_teams_id = judges_teams.id
|
||||
\t AND projects_id = " . $r->projectid . ' ORDER BY judges_teams_id');
|
||||
$p->execute();
|
||||
\t AND projects_id =? ORDER BY judges_teams_id");
|
||||
$p->execute([$r->title,$cats[$r->projectcategories_id] ,$divs[$r->projectdivisions_id],$r->score,$r->norm_score,$r->projectid]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($s = $p->fetch(PDO::FETCH_OBJ)) {
|
||||
$team = getJudgingTeam($s->judges_teams_id);
|
||||
|
||||
@ -293,8 +293,8 @@ function countwords()
|
||||
<?
|
||||
// ###### Feature Specific - filtering divisions by category
|
||||
if ($config['filterdivisionbycategory'] == 'yes') {
|
||||
$q = $pdo->prepare('SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=' . $projectcategories_id . " AND projectdivisions.year='" . $config['FAIRYEAR'] . "' AND projectcategoriesdivisions_link.year='" . $config['FAIRYEAR'] . "' ORDER BY division");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare('SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=? AND projectdivisions.year=? AND projectcategoriesdivisions_link.year=? ORDER BY division');
|
||||
$q->execute([$projectcategories_id,$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
// ###
|
||||
} else
|
||||
|
||||
@ -98,8 +98,8 @@ if (array_key_exists('username', $_GET)) {
|
||||
$username = $_GET['username'];
|
||||
$type = $_GET['type'];
|
||||
$un = $username;
|
||||
$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username='$un' GROUP BY uid");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id,MAX(year),deleted FROM users WHERE username=? GROUP BY uid");
|
||||
$q->execute([$un]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
if ($q->rowCount()) {
|
||||
@ -119,8 +119,8 @@ if (array_key_exists('username', $_GET)) {
|
||||
}
|
||||
} else {
|
||||
// undelete them?
|
||||
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id=?");
|
||||
$stmt->execute([$r->id]);
|
||||
// then load them?
|
||||
$u = user_load($r->id);
|
||||
}
|
||||
|
||||
@ -164,9 +164,9 @@ if (get_value_from_array($_GET, 'action') == 'update') {
|
||||
$user = user_load($id);
|
||||
|
||||
// Determine if there is a more recent uid that may possibly be in the current FAIRYEAR (allows refresh page to work)
|
||||
$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid='{$user['uid']}'
|
||||
$query = $pdo->prepare("SELECT id,uid,year FROM users WHERE uid=?
|
||||
ORDER BY year DESC LIMIT 1");
|
||||
$query->execute();
|
||||
$query->execute([$user['uid']]);
|
||||
|
||||
$user_new = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
@ -178,9 +178,9 @@ if (get_value_from_array($_GET, 'action') == 'update') {
|
||||
message_push(happy(i18n('User Updated')));
|
||||
|
||||
// find the newly updated user
|
||||
$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid='{$user['uid']}'
|
||||
$q_reload = $pdo->prepare("SELECT id FROM users WHERE uid=?
|
||||
ORDER BY year DESC LIMIT 1");
|
||||
$q_reload->execute();
|
||||
$q_reload->execute([$user['uid']]);
|
||||
|
||||
$reload_user = $q_reload->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
@ -296,16 +296,16 @@ $querystr = "SELECT
|
||||
GROUP BY uid
|
||||
HAVING
|
||||
u1.deleted='no'
|
||||
$having_year
|
||||
$where_types
|
||||
$where_complete
|
||||
?
|
||||
?
|
||||
?
|
||||
ORDER BY
|
||||
lastname ASC,
|
||||
firstname ASC,
|
||||
year DESC";
|
||||
|
||||
$q = $pdo->prepare($querystr);
|
||||
$q->execute();
|
||||
$q->execute([$having_year,$where_types,$where_complete]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$num = $q->rowCount();
|
||||
@ -358,8 +358,8 @@ while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
if (in_array('fair', $types)) {
|
||||
$qq = $pdo->prepare("SELECT * FROM users_fair
|
||||
LEFT JOIN fairs ON fairs.id=users_fair.fairs_id
|
||||
WHERE users_id='{$r['id']}'");
|
||||
|
||||
WHERE users_id=?");
|
||||
$qq->execute([$r['id']]);
|
||||
$rr = $qq->fetch(PDO::FETCH_ASSOC);
|
||||
$name = '{' . get_value_from_array($rr, 'name') . '}' . ((trim($name) == '') ? '' : "<br />($name)");
|
||||
}
|
||||
|
||||
@ -56,21 +56,21 @@ switch ($action) {
|
||||
}
|
||||
|
||||
// first check how many we are allowed to have
|
||||
$q = $pdo->prepare("SELECT number FROM award_prizes WHERE id='$prize_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT number FROM award_prizes WHERE id=?");
|
||||
$q->execute([$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$number = $r['number'];
|
||||
|
||||
/* Get the award info */
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id=?");
|
||||
$q->execute([$award_awards_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$a = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
/* Get the project */
|
||||
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id='$projects_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT fairs_id FROM projects WHERE id=?");
|
||||
$q->execute([$projects_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$p = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$fairs_id = $p['fairs_id'];
|
||||
@ -89,24 +89,24 @@ switch ($action) {
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners
|
||||
LEFT JOIN projects ON winners.projects_id=projects.id
|
||||
WHERE
|
||||
projects.fairs_id='$fairs_id'
|
||||
awards_prizes_id='$prize_id'");
|
||||
$q->execute();
|
||||
projects.fairs_id=?
|
||||
awards_prizes_id=?");
|
||||
$q->execute([$fairs_id,$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$count = $r['count'];
|
||||
} else {
|
||||
/* Count is the total number assigned */
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id='$prize_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT COUNT(*) AS count FROM winners WHERE awards_prizes_id=?");
|
||||
$q->execute([$prize_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$count = $r['count'];
|
||||
}
|
||||
|
||||
if ($count < $number) {
|
||||
$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES ('$prize_id','$projects_id','{$config['FAIRYEAR']}')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO winners (awards_prizes_id,projects_id,year) VALUES (?,?,?)");
|
||||
$stmt->execute([$prize_id,$projects_id,$config['FAIRYEAR']]);
|
||||
happy_('Winning project added');
|
||||
} else {
|
||||
error_('This prize cannot accept any more winners. Maximum: %1', $number);
|
||||
@ -119,8 +119,8 @@ switch ($action) {
|
||||
$projects_id = intval($_GET['projects_id']);
|
||||
|
||||
if ($prize_id && $projects_id) {
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id='$prize_id' AND projects_id='$projects_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM winners WHERE awards_prizes_id=? AND projects_id=?");
|
||||
$stmt->execute([$prize_id,$projects_id]);
|
||||
happy_('Winning project removed');
|
||||
}
|
||||
exit;
|
||||
@ -140,12 +140,12 @@ switch ($action) {
|
||||
award_awards ,
|
||||
award_types
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND \taward_types.year=award_awards.year
|
||||
AND\taward_awards.id='$award_awards_id'
|
||||
AND\taward_awards.id=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$award_awards_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -177,12 +177,12 @@ switch ($action) {
|
||||
award_awards ,
|
||||
award_types
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND \taward_types.year=award_awards.year
|
||||
AND\taward_awards.id='$award_awards_id'
|
||||
AND\taward_awards.id=?
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$award_awards_id]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -218,15 +218,15 @@ switch ($action) {
|
||||
|
||||
case 'additional_materials':
|
||||
$fairs_id = intval($_GET['fairs_id']);
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id='$award_awards_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE id=?");
|
||||
$q->execute([$award_awards_id]);
|
||||
if ($fairs_id == 0) {
|
||||
echo "Unsupported Action: Can't get additional materials for fairs_id=0. Edit the project and set it's fair to anything except 'Local/Unspecified'.";
|
||||
exit;
|
||||
}
|
||||
$a = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id='$fairs_id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM fairs WHERE id=?");
|
||||
$q->execute([$fairs_id]);
|
||||
$fair = $q->fetch(PDO::FETCH_ASSOC);
|
||||
$pdf = fair_additional_materials($fair, $a, $config['FAIRYEAR']);
|
||||
foreach ($pdf['header'] as $h)
|
||||
@ -412,17 +412,17 @@ $q = $pdo->prepare("SELECT
|
||||
award_types.type,
|
||||
sponsors.organization
|
||||
FROM
|
||||
award_awards $fair_join,
|
||||
award_awards ?,
|
||||
award_types,
|
||||
sponsors
|
||||
WHERE
|
||||
award_awards.year='{$config['FAIRYEAR']}'
|
||||
award_awards.year=?
|
||||
AND\taward_awards.award_types_id=award_types.id
|
||||
AND\taward_types.year='{$config['FAIRYEAR']}'
|
||||
AND\taward_types.year=?
|
||||
AND\taward_awards.sponsors_id=sponsors.id
|
||||
$fair_where
|
||||
?
|
||||
ORDER BY awards_order");
|
||||
$q->execute();
|
||||
$q->execute([$fair_join,$config['FAIRYEAR'],$config['FAIRYEAR'],$fair_where]);
|
||||
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
@ -500,11 +500,11 @@ function print_award(&$r, $fairs_id, $editor = false, $editor_data = array())
|
||||
FROM
|
||||
award_prizes
|
||||
WHERE
|
||||
award_awards_id='{$r['id']}'
|
||||
AND award_prizes.year='{$config['FAIRYEAR']}'
|
||||
award_awards_id=?
|
||||
AND award_prizes.year=?
|
||||
ORDER BY
|
||||
`order`");
|
||||
$q->execute();
|
||||
$q->execute([$r['id'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
echo '<table width="100%"><tr><td>';
|
||||
@ -535,9 +535,9 @@ function print_award(&$r, $fairs_id, $editor = false, $editor_data = array())
|
||||
winners
|
||||
LEFT JOIN projects ON projects.id=winners.projects_id
|
||||
WHERE
|
||||
winners.awards_prizes_id='{$pr->id}'
|
||||
$fairs_where ");
|
||||
$cq->execute();
|
||||
winners.awards_prizes_id=?
|
||||
? ");
|
||||
$cq->execute([$pr->id,$fairs_where]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$count = $cq->rowCount();
|
||||
// echo "winners=$count";
|
||||
|
||||
@ -32,8 +32,8 @@ require ('../common.inc.php');
|
||||
global $pdo;
|
||||
|
||||
// first, lets make sure someone isng tryint to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$pn = trim($_GET['n']);
|
||||
@ -56,20 +56,21 @@ if ($r->test) {
|
||||
LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
AND projects.projectnumber='$pn'
|
||||
AND projects.projectnumber=?
|
||||
LIMIT 1
|
||||
");
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR'],$pn]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$r = $q->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$regid = $r['reg_id'];
|
||||
|
||||
$q2 = $pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
|
||||
$q2->execute();
|
||||
$q2 = $pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id=? ORDER BY lastname");
|
||||
$q2->execute([$regid]);
|
||||
$students = '';
|
||||
while ($stud = $q2->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($stud->webfirst == 'yes')
|
||||
|
||||
@ -31,8 +31,8 @@ require ('../common.inc.php');
|
||||
|
||||
global $pdo;
|
||||
// first, lets make sure someone isnt trying to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
if ($r->test) {
|
||||
@ -52,16 +52,16 @@ if ($r->test) {
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
1
|
||||
AND registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
ORDER BY
|
||||
projectcategories.id,
|
||||
projectdivisions.id,
|
||||
projects.projectnumber
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$lastcat = 'something_that_does_not_exist';
|
||||
|
||||
@ -31,8 +31,8 @@ require ('../common.inc.php');
|
||||
|
||||
global $pdo;
|
||||
// first, lets make sure someone isnt trying to see something that they arent allowed to!
|
||||
$q = $pdo->prepare("SELECT (NOW()>='" . $config['dates']['postparticipants'] . "') AS test");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT (NOW()>=?) AS test");
|
||||
$q->execute([$config['dates']['postparticipants']]);
|
||||
$r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$ret = array();
|
||||
|
||||
@ -56,16 +56,16 @@ if ($r->test) {
|
||||
LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id
|
||||
WHERE
|
||||
1
|
||||
AND registrations.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectcategories.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND registrations.year=?
|
||||
AND projectcategories.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND (status='complete' OR status='paymentpending')
|
||||
ORDER BY
|
||||
projectcategories.id,
|
||||
projectdivisions.id,
|
||||
projects.projectnumber
|
||||
");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
$lastcat = 'something_that_does_not_exist';
|
||||
|
||||
@ -40,13 +40,13 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
$dump .= '#SFIAB FAIR NAME: ' . $config['fairname'] . "\n";
|
||||
$dump .= "#-------------------------------------------------\n";
|
||||
|
||||
$tableq = $pdo->prepare("SHOW TABLES FROM `$DBNAME`");
|
||||
$tableq->execute();
|
||||
$tableq = $pdo->prepare("SHOW TABLES FROM ?");
|
||||
$tableq->execute($DBNAME);
|
||||
while ($tr = $tableq->fetch(PDO::FETCH_NUM)) {
|
||||
$table = $tr[0];
|
||||
$dump .= "#TABLE: $table\n";
|
||||
$columnq = $pdo->prepare("SHOW COLUMNS FROM `$table`");
|
||||
$columnq->execute();
|
||||
$columnq = $pdo->prepare("SHOW COLUMNS FROM ?");
|
||||
$columnq->execute($table);
|
||||
$str = "INSERT INTO `$table` (";
|
||||
unset($fields);
|
||||
$fields = array();
|
||||
@ -57,8 +57,8 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
$str = substr($str, 0, -1);
|
||||
$str .= ') VALUES (';
|
||||
|
||||
$dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
|
||||
$dataq->execute();
|
||||
$dataq = $pdo->prepare("SELECT * FROM `$table` ORDER BY ?");
|
||||
$dataq->execute([$fields[0]]);
|
||||
while ($data = $dataq->fetch(PDO::FETCH_OBJ)) {
|
||||
$insertstr = $str;
|
||||
foreach ($fields AS $field) {
|
||||
@ -171,25 +171,25 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
if (mb_ereg('^[a-z0-9]{32}$', $_POST['realfilename']) && file_exists('../data/backuprestore/' . $_POST['realfilename'])) {
|
||||
$filename = $_POST['realfilename'];
|
||||
echo i18n('Proceeding with database restore from %1', array($_POST['filename'])) . '...';
|
||||
$lines = file("../data/backuprestore/$filename");
|
||||
$lines = file("../data/backuprestore/?");
|
||||
$err = false;
|
||||
echo '<pre>';
|
||||
foreach ($lines AS $line) {
|
||||
$line = trim($line);
|
||||
if (mb_ereg('^#TABLE: (.*)', $line, $args)) {
|
||||
// empty out the table
|
||||
$sql = 'TRUNCATE TABLE `' . $args[1] . '`';
|
||||
$sql = 'TRUNCATE TABLE ?';
|
||||
// echo $sql."\n";
|
||||
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$args[1]]);
|
||||
} else if (mb_ereg('^#', $line)) {
|
||||
// just skip it
|
||||
} else {
|
||||
// insert the new data
|
||||
|
||||
$stmt = $pdo->prepare($line);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$filename]);
|
||||
if ($pdo->errorInfo()) {
|
||||
echo $line . "\n";
|
||||
echo $pdo->errorInfo() . "\n";
|
||||
@ -226,13 +226,13 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
user_purge($judge, 'judge');
|
||||
} else {
|
||||
// Find max year of judge
|
||||
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = ' . $judge['uid'] . ' ORDER BY year DESC limit 1');
|
||||
$max_year_query->execute();
|
||||
$max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid =? ORDER BY year DESC limit 1');
|
||||
$max_year_query->execute([$judge['uid']]);
|
||||
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
|
||||
// Grab old judge info.
|
||||
// Old judge info consists of all entries in the database that are not the most recent for the specific judge
|
||||
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid =' . $judge['uid'] . ' AND year NOT LIKE ' . $judge_max_year['year']);
|
||||
$deletable->execute();
|
||||
$deletable = $pdo->prepare('SELECT * FROM users WHERE uid =? AND year NOT LIKE ?');
|
||||
$deletable->execute([$judge['uid'],$judge_max_year['year']]);
|
||||
// and if they have old data from previous fair years
|
||||
if ($deletable->rowCount() > 0) {
|
||||
// delete old data one by one
|
||||
@ -260,8 +260,8 @@ if (get_value_from_array($_GET, 'action') == 'backup') {
|
||||
error(i18n($pdo->errorInfo()[0]));
|
||||
}
|
||||
} else if (get_value_from_array($_POST, 'action') == 'clean_parents') {
|
||||
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !=' . $config['FAIRYEAR']);
|
||||
$query_parents->execute();
|
||||
$query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !=?');
|
||||
$query_parents->execute([$config['FAIRYEAR']]);
|
||||
while ($parent = $query_parents->fetch(PDO::FETCH_ASSOC)) {
|
||||
if (!is_array($parent['types'])) {
|
||||
$parent['types'] = array($parent['types']);
|
||||
|
||||
@ -42,21 +42,21 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
// ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'category') && isset($_POST['mingrade']) && $_POST['maxgrade']) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Category ID %1 already exists', array($_POST['id']), array('category ID')));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectcategories SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "category='" . stripslashes($_POST['category']) . "', "
|
||||
. "category_shortform='" . stripslashes($_POST['category_shortform']) . "', "
|
||||
. "mingrade='" . $_POST['mingrade'] . "', "
|
||||
. "maxgrade='" . $_POST['maxgrade'] . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "'");
|
||||
. "id=?, "
|
||||
. "category=?, "
|
||||
. "category_shortform=?, "
|
||||
. "mingrade=?, "
|
||||
. "maxgrade=?"
|
||||
. "WHERE id=?");
|
||||
echo happy(i18n('Category successfully saved'));
|
||||
$stmt->execute();
|
||||
$stmt->execute([$_POST['id'],stripslashes($_POST['category']),stripslashes($_POST['category_shortform']),$_POST['mingrade'],$_POST['maxgrade'],$_POST['saveid']]);
|
||||
}
|
||||
} else {
|
||||
echo error(i18n('All fields are required'));
|
||||
@ -66,8 +66,8 @@ if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
// ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
|
||||
if (get_value_from_array($_POST, 'id') && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount()) {
|
||||
echo error(i18n('Category ID %1 already exists', array($_POST['id']), array('category ID')));
|
||||
} else {
|
||||
@ -89,11 +89,11 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
// ###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
|
||||
// for this division exist they should be deleted
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
// ####
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
echo happy(i18n('Category successfully removed'));
|
||||
}
|
||||
|
||||
@ -118,8 +118,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo '<input type="hidden" name="action" value="' . get_value_from_array($_GET, 'action') . "\">\n";
|
||||
if (get_value_from_array($_GET, 'action') == 'edit') {
|
||||
echo '<input type="hidden" name="saveid" value="' . get_value_from_array($_GET, 'edit') . "\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE id='" . get_value_from_array($_GET, 'edit') . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE id=? AND year=?");
|
||||
$q->execute([get_value_from_array($_GET, 'edit'),$config['FAIRYEAR']]);
|
||||
$categoryr = $q->fetch(PDO::FETCH_OBJ);
|
||||
$buttontext = 'Save';
|
||||
} else if (get_value_from_array($_GET, 'action') == 'new') {
|
||||
@ -135,8 +135,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo ' <td><input type="submit" value="' . i18n($buttontext) . '"></td>';
|
||||
echo '</tr>';
|
||||
} else {
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY mingrade");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=? ORDER BY mingrade");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
echo " <td align=\"center\">$r->id</td>";
|
||||
|
||||
@ -57,8 +57,8 @@ if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
$d = stripslashes($val);
|
||||
$t = stripslashes($_POST['savetimes'][$key]);
|
||||
$v = "$d $t";
|
||||
$stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='" . $config['FAIRYEAR'] . "' AND id='$key'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE dates SET date=? WHERE year=? AND id=?");
|
||||
$stmt->execute([$v,$config['FAIRYEAR'],$key]);
|
||||
}
|
||||
}
|
||||
echo happy(i18n('Dates successfully saved'));
|
||||
@ -83,8 +83,8 @@ $dates = array('fairdate' => array(),
|
||||
|
||||
/* Now copy the SQL data into the above array */
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM dates WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY date");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM dates WHERE year=? ORDER BY date");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$dates[$r->name]['description'] = $r->description;
|
||||
$dates[$r->name]['id'] = $r->id;
|
||||
@ -131,12 +131,12 @@ foreach ($dates as $dn => $d) {
|
||||
$def = $defaultdates[$dn];
|
||||
// hmm if we dont have a record for this date this year, INSERT the sql from the default
|
||||
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
|
||||
'" . $def->date . "',
|
||||
'" . $dn . "',
|
||||
'" . $def->description . "',
|
||||
'" . $config['FAIRYEAR'] . "'
|
||||
?,
|
||||
?,
|
||||
?,
|
||||
?
|
||||
)");
|
||||
$stmt->execute();
|
||||
$stmt->execute([$def->date,$dn,$def->description,$config['FAIRYEAR']]);
|
||||
$d['id'] = $pdo->lastInsertId();
|
||||
$d['description'] = $def->description;
|
||||
$d['date'] = $def->date;
|
||||
|
||||
@ -45,22 +45,22 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'division')) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Division ID %1 already exists', array($_POST['id']), array('division ID')));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectdivisions SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "division='" . stripslashes($_POST['division']) . "', "
|
||||
. "division_shortform='" . stripslashes($_POST['division_shortform']) . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "' AND year='{$config['FAIRYEAR']}'");
|
||||
$stmt->execute();
|
||||
. "id=?, "
|
||||
. "division=?, "
|
||||
. "division_shortform=?"
|
||||
. "WHERE id=? AND year=?");
|
||||
$stmt->execute([$_POST['id'],stripslashes($_POST['division']),stripslashes($_POST['division_shortform']),$_POST['saveid'],$config['FAIRYEAR']]);
|
||||
|
||||
// ###### Feature Specific - filtering divisions by category
|
||||
if ($config['filterdivisionbycategory'] == 'yes') {
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='" . $_POST['saveid'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id=? AND year=?");
|
||||
$stmt->execute([ $_POST['saveid'],$config['FAIRYEAR']]);
|
||||
if (is_array($_POST['divcat'])) {
|
||||
foreach ($_POST['divcat'] as $tempcat) {
|
||||
$stmt = $pdo->prepare('INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( '
|
||||
|
||||
@ -35,8 +35,8 @@ send_header('CWSF Project Divisions',
|
||||
// //// FIX ME!!!!!
|
||||
if (count(get_value_from_array($_POST, 'cwsfdivision', []))) {
|
||||
foreach ($_POST['cwsfdivision'] AS $k => $v) {
|
||||
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid=? WHERE id=? AND year=?");
|
||||
$stmt->execute([$v,$k,$config['FAIRYEAR']]);
|
||||
}
|
||||
echo happy(i18n('Corresponding CWSF divisions saved'));
|
||||
}
|
||||
@ -53,8 +53,8 @@ echo '<th>' . i18n('Your Division') . "</th>\n";
|
||||
echo '<th>' . i18n('Corresponding CWSF Division') . "</th>\n";
|
||||
echo '</tr>';
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY id");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY id");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
echo ' <td>' . i18n($r->division) . '</td>';
|
||||
|
||||
@ -88,7 +88,7 @@ if (get_value_from_array($_GET, 'action') == 'install' && get_value_from_array($
|
||||
$packs = loadLanguagePacks();
|
||||
$loaded = 0;
|
||||
if ($packs[$_GET['install']]) {
|
||||
$lines = file("http://www.sfiab.ca/languages/{$packs[$_GET['install']]['filename']}");
|
||||
$lines = file("http://www.sfiab.ca/languages/?");
|
||||
$totallines = count($lines);
|
||||
$numtranslations = round($totallines / 2);
|
||||
echo i18n('There are %1 translations in this language pack... processing...', array($numtranslations));
|
||||
@ -98,7 +98,7 @@ if (get_value_from_array($_GET, 'action') == 'install' && get_value_from_array($
|
||||
|
||||
if (substr($line, 0, 6) == 'UPDATE' || substr($line, 0, 6) == 'INSERT') {
|
||||
$stmt = $pdo->prepare($line);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$packs[$_GET['install']]['filename']]);
|
||||
$a = $pdo->rowwCount();
|
||||
$loaded += $a;
|
||||
} else
|
||||
|
||||
@ -43,8 +43,8 @@
|
||||
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
foreach($config['languages'] AS $lang=>$langname) {
|
||||
$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=".$pdo->quote($config['FAIRYEAR'])." and textname=".$pdo->quote($r->textname)."");
|
||||
$q_current->execute();
|
||||
$q_current = $pdo->prepare("SELECT * FROM pagetext WHERE year=? and textname=?");
|
||||
$q_current->execute([$pdo->quote($config['FAIRYEAR']),$pdo->quote($r->textname)]);
|
||||
|
||||
if ($q_current->rowCount() == 0) {
|
||||
$q1 = $pdo->prepare("INSERT INTO pagetext (`textname`,`textdescription`,`text`,`year`,`lang`) VALUES (
|
||||
@ -82,8 +82,8 @@
|
||||
|
||||
if(get_value_from_array($_GET, 'textname'))
|
||||
{
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname=? AND year=?");
|
||||
$q->execute([$_GET['textname'],$config['FAIRYEAR']]);
|
||||
//needs to be at least one entry in any languages
|
||||
if($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
@ -93,14 +93,14 @@
|
||||
|
||||
|
||||
foreach($config['languages'] AS $lang=>$langname) {
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE textname=? AND year=? AND lang=?");
|
||||
$q->execute([$_GET['textname'],$config['FAIRYEAR'],$lang]);
|
||||
$r=$q->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
if(!$r)
|
||||
{
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$pdo->quote($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES (?,?,?)");
|
||||
$stmt->execute([$pdo->quote($_GET['textname']),$config['FAIRYEAR'],$lang]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -140,8 +140,8 @@
|
||||
echo i18n("Choose a page text to edit");
|
||||
echo "<table class=\"summarytable\">";
|
||||
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
|
||||
$q->execute();
|
||||
$q=$pdo->prepare("SELECT * FROM pagetext WHERE year=? AND lang=? ORDER BY textname");
|
||||
$q->execute([$config['FAIRYEAR'],$config['default_language']]);
|
||||
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
|
||||
while($r=$q->fetch(PDO::FETCH_OBJ))
|
||||
{
|
||||
|
||||
@ -66,8 +66,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
*/
|
||||
|
||||
/* Get field list for this table */
|
||||
$q = $pdo->prepare("SHOW COLUMNS IN `$table`");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SHOW COLUMNS IN ?");
|
||||
$q->execute([$table]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while (($c = $q->fetch(PDO::FETCH_ASSOC))) {
|
||||
$col[$c['Field']] = $c;
|
||||
@ -91,8 +91,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
$where = '1';
|
||||
|
||||
/* Get data */
|
||||
$q = $pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM ? WHERE year=? AND ?");
|
||||
$q->execute([$table,$currentfairyear,$where]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$names = '`' . join('`,`', $fields) . '`';
|
||||
|
||||
@ -108,8 +108,8 @@ function roll($currentfairyear, $newfairyear, $table, $where = '', $replace = ar
|
||||
$vals .= ',' . $pdo->quote($r[$f]);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO ?(`year`,?) VALUES (??)");
|
||||
$stmt->execute([$table,$names,$newfairyear,$vals]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
}
|
||||
@ -134,8 +134,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// now the dates
|
||||
echo i18n('Rolling dates') . '<br />';
|
||||
$q = $pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
|
||||
@ -149,8 +149,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// page text
|
||||
echo i18n('Rolling page texts') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
|
||||
@ -166,8 +166,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project categories') . '<br />';
|
||||
// project categories
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
|
||||
@ -183,8 +183,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project divisions') . '<br />';
|
||||
// project divisions
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
|
||||
@ -199,8 +199,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project category-division links') . '<br />';
|
||||
// project categories divisions links
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
|
||||
@ -213,8 +213,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling project sub-divisions') . '<br />';
|
||||
// project subdivisions
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
|
||||
@ -228,8 +228,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling safety questions') . '<br />';
|
||||
// safety questions
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
|
||||
@ -245,8 +245,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
echo i18n('Rolling awards') . '<br />';
|
||||
// awards
|
||||
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_awards WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
/* Roll the one award */
|
||||
@ -265,8 +265,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling award types') . '<br />';
|
||||
// award types
|
||||
$q = $pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM award_types WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
|
||||
@ -280,8 +280,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
echo i18n('Rolling schools') . '<br />';
|
||||
// award types
|
||||
$q = $pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM schools WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$puid = ($r->principal_uid == null) ? 'NULL' : ("'" . intval($r->principal_uid) . "'");
|
||||
@ -314,8 +314,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
}
|
||||
|
||||
echo i18n('Rolling questions') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM questions WHERE year=?");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
|
||||
@ -341,8 +341,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
|
||||
// timeslots and rounds
|
||||
echo i18n('Rolling judging timeslots and rounds') . '<br />';
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=? AND round_id='0'");
|
||||
$q->execute([$currentfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$d = $newfairyear - $currentfairyear;
|
||||
@ -352,8 +352,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
$stmt->execute();
|
||||
show_pdo_errors_if_any($pdo);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id=?");
|
||||
$qq->execute([$r['id']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
|
||||
@ -365,8 +365,8 @@ if (get_value_from_array($_POST, 'action') == 'rollover' && get_value_from_array
|
||||
}
|
||||
|
||||
echo '<br /><br />';
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='FAIRYEAR' AND year=0");
|
||||
$stmt->execute([$newfairyear]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo happy(i18n('Fair year has been rolled over from %1 to %2', array($currentfairyear, $newfairyear)));
|
||||
send_footer();
|
||||
|
||||
@ -82,8 +82,8 @@ function rolloverfiscalyear($newYear)
|
||||
|
||||
// first we'll roll over fundraising_campaigns:
|
||||
$fields = '`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`';
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear =?");
|
||||
$q->execute([$oldYear]);
|
||||
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
foreach (array('startdate', 'enddate', 'followupdate') as $dateField) {
|
||||
@ -100,16 +100,16 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_campaigns (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_campaigns (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// next we'll hit findraising_donor_levels
|
||||
$fields = '`level`,`min`,`max`,`description`';
|
||||
if ($pdo->errorInfo()[0] == 0)
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear =?");
|
||||
$q->execute([$oldYear]);
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$r['fiscalyear'] = $newYear;
|
||||
$fields = array_keys($r);
|
||||
@ -117,16 +117,16 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_donor_levels (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_donor_levels (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// and now we'll do findraising_goals
|
||||
$fields = '`goal`,`name`,`description`,`system`,`budget`,`deadline`';
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
$q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT ? FROM fundraising_goals WHERE fiscalyear =?");
|
||||
$q->execute([$fields,$oldYear]);
|
||||
}
|
||||
while ($pdo->errorInfo()[0] == 0 && $r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$dateval = $r['deadline'];
|
||||
@ -142,15 +142,15 @@ function rolloverfiscalyear($newYear)
|
||||
foreach ($values as $idx => $val) {
|
||||
$values[$idx] = $val;
|
||||
}
|
||||
$query = 'INSERT INTO fundraising_goals (`' . implode('`,`', $fields) . "`) VALUES('" . implode("','", $values) . "')";
|
||||
$query = 'INSERT INTO fundraising_goals (?) VALUES(?)';
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([implode('`,`', $fields),implode("','", $values)]);
|
||||
}
|
||||
|
||||
// finally, let's update the fiscal year itself:
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='FISCALYEAR'");
|
||||
$stmt->execute([$newYear]);
|
||||
}
|
||||
|
||||
if ($pdo->errorInfo()[0] == 0) {
|
||||
|
||||
@ -67,8 +67,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
}
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='" . $_GET['remove'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id=? AND year=?");
|
||||
$stmt->execute([$_GET['remove'],$config['FAIRYEAR']]);
|
||||
echo happy(i18n('Safety question successfully removed'));
|
||||
}
|
||||
|
||||
@ -82,8 +82,8 @@ if ((get_value_from_array($_GET, 'action') == 'edit' && get_value_from_array($_G
|
||||
} else if ($_GET['action'] == 'edit') {
|
||||
$buttontext = 'Save safety question';
|
||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE id='" . $_GET['edit'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE id=? AND year=?");
|
||||
$q->execute([$_GET['edit'],$config['FAIRYEAR'] ]);
|
||||
echo '<input type="hidden" name="save" value="' . $_GET['edit'] . "\">\n";
|
||||
if (!$r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$showform = false;
|
||||
@ -141,8 +141,8 @@ echo '<br />';
|
||||
echo '<a href="safetyquestions.php?action=new">' . i18n('Add new safety question') . '</a>';
|
||||
|
||||
echo '<table class="summarytable">';
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY ord");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM safetyquestions WHERE year=? ORDER BY ord");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
echo '<tr><th>' . i18n('Ord') . '</th><th>' . i18n('Question') . '</th><th>' . i18n('Type') . '</th><th>' . i18n('Required') . '</th><th>' . i18n('Actions') . '</th></tr>';
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
|
||||
@ -56,20 +56,20 @@ if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
|
||||
$val = get_value_from_array($_POST, 'exhibitordeclaration');
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :useex, `text` = :text WHERE name = 'exhibitordeclaration'");
|
||||
$stmt->bindParam(':useex', $useex);
|
||||
$stmt->bindParam(':text', $val);
|
||||
$stmt->execute();
|
||||
$stmt->bindParam(':useex', '?');
|
||||
$stmt->bindParam(':text', '?');
|
||||
$stmt->execute([$useex,$val]);
|
||||
|
||||
$val = get_value_from_array($_POST, 'exhibitordeclaration');
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use` = :usepg, `text` = :text WHERE name = 'parentdeclaration'");
|
||||
$stmt->bindParam(':usepg', $usepg);
|
||||
$stmt->bindParam(':text', $val);
|
||||
$stmt->execute();
|
||||
$stmt->bindParam(':usepg', '?');
|
||||
$stmt->bindParam(':text', '?');
|
||||
$stmt->execute([$usepg,$val]);
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='" . get_value_from_array($_POST, 'postamble') . "' WHERE name='postamble'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`=?, `text`=? WHERE name='postamble'");
|
||||
$stmt->execute([$usepa,get_value_from_array($_POST, 'postamble')]);
|
||||
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`=?, `text`='' WHERE name='regfee'");
|
||||
$stmt->execute([$userf]);
|
||||
echo happy(i18n("$sentence_begin_participationform text successfully saved"));
|
||||
}
|
||||
|
||||
|
||||
@ -41,17 +41,17 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
|
||||
if (get_value_from_array($_POST, 'action') == 'edit') {
|
||||
if (get_value_from_array($_POST, 'id') && get_value_from_array($_POST, 'projectdivisions_id') && get_value_from_array($_POST, 'subdivision')) {
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='" . $_POST['id'] . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$_POST['id'],$config['FAIRYEAR']]);
|
||||
if ($q->rowCount() && $_POST['saveid'] != $_POST['id']) {
|
||||
echo error(i18n('Sub-Division ID %1 already exists', array($_POST['id'])));
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE projectsubdivisions SET '
|
||||
. "id='" . $_POST['id'] . "', "
|
||||
. "projectdivisions_id='" . $_POST['projectdivisions_id'] . "', "
|
||||
. "subdivision='" . stripslashes($_POST['subdivision']) . "' "
|
||||
. "WHERE id='" . $_POST['saveid'] . "'");
|
||||
$stmt->execute();
|
||||
. "id=?, "
|
||||
. "projectdivisions_id=?, "
|
||||
. "subdivision=?"
|
||||
. "WHERE id=?");
|
||||
$stmt->execute([$_POST['id'],$_POST['projectdivisions_id'],stripslashes($_POST['subdivision']),$_POST['saveid']]);
|
||||
echo happy(i18n('Sub-Division successfully saved'));
|
||||
}
|
||||
} else {
|
||||
@ -69,8 +69,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
} else
|
||||
$newid = $_POST['id'];
|
||||
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([$newid,$config['FAIRYEAR']]);
|
||||
if ($q->rowCount()) {
|
||||
echo error(i18n('Sub-Division ID %1 already exists', array($newid)));
|
||||
} else {
|
||||
@ -88,8 +88,8 @@ if (get_value_from_array($_POST, 'action') == 'new') {
|
||||
}
|
||||
|
||||
if (get_value_from_array($_GET, 'action') == 'remove' && get_value_from_array($_GET, 'remove')) {
|
||||
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='" . $_GET['remove'] . "'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id=?");
|
||||
$stmt->execute([$_GET['remove']]);
|
||||
echo happy(i18n('Sub-Division successfully removed'));
|
||||
}
|
||||
|
||||
@ -111,8 +111,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
$divisionr = array();
|
||||
if (get_value_from_array($_GET, 'action') == 'edit') {
|
||||
echo '<input type="hidden" name="saveid" value="' . get_value_from_array($_GET, 'edit') . "\">\n";
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='" . get_value_from_array($_GET, 'edit') . "' AND year='" . $config['FAIRYEAR'] . "'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM projectsubdivisions WHERE id=? AND year=?");
|
||||
$q->execute([get_value_from_array($_GET, 'edit'),$config['FAIRYEAR']]);
|
||||
$divisionr = $q->fetch(PDO::FETCH_OBJ);
|
||||
$buttontext = 'Save';
|
||||
} else if ($_GET['action'] == 'new') {
|
||||
@ -121,8 +121,8 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
echo '<tr>';
|
||||
echo ' <td>';
|
||||
echo '<select name="projectdivisions_id">';
|
||||
$dq = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='" . $config['FAIRYEAR'] . "' ORDER BY division");
|
||||
$dq->execute();
|
||||
$dq = $pdo->prepare("SELECT * FROM projectdivisions WHERE year=? ORDER BY division");
|
||||
$dq->execute([$config['FAIRYEAR']]);
|
||||
while ($dr = $dq->fetch(PDO::FETCH_OBJ)) {
|
||||
if ($dr->id == $divisionr->projectdivisions_id)
|
||||
$sel = 'selected="selected"';
|
||||
@ -146,12 +146,12 @@ if (get_value_from_array($_GET, 'action') == 'edit' || get_value_from_array($_GE
|
||||
projectsubdivisions,
|
||||
projectdivisions
|
||||
WHERE
|
||||
projectsubdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
AND projectdivisions.year='" . $config['FAIRYEAR'] . "'
|
||||
projectsubdivisions.year=?
|
||||
AND projectdivisions.year=?
|
||||
AND projectsubdivisions.projectdivisions_id=projectdivisions.id
|
||||
ORDER BY
|
||||
division,subdivision");
|
||||
$q->execute();
|
||||
$q->execute([$config['FAIRYEAR'],$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
echo '<tr>';
|
||||
|
||||
@ -46,8 +46,8 @@ while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
if (get_value_from_array($_POST, 'action') == 'save') {
|
||||
if (get_value_from_array($_POST, 'specialconfig')) {
|
||||
foreach ($_POST['specialconfig'] as $key => $val) {
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='" . stripslashes($val) . "' WHERE year='0' AND var='$key'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE year='0' AND var=?");
|
||||
$stmt->execute([stripslashes($val),$key]);
|
||||
}
|
||||
}
|
||||
message_push(happy(i18n('Configuration successfully saved')));
|
||||
|
||||
@ -3,16 +3,16 @@ function db_update_111_post()
|
||||
{
|
||||
global $config, $pdo;
|
||||
// grab the index page
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
if (!$q->rowCount()) {
|
||||
$q = $pdo->prepare("SELECT * FROM pagetext WHERE textname='index' AND year='-1'");
|
||||
$q->execute();
|
||||
}
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
// insert it into the CMS under index.html
|
||||
$stmt = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html','$r->lastupdate','$r->lang','" . $r->text . "','1')");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("INSERT INTO cms (filename,dt,lang,text,showlogo) VALUES ('index.html',?,?,?,'1')");
|
||||
$stmt->execute([$r->lastupdate,$r->lang,$r->text]);
|
||||
}
|
||||
// and remove it from the pagetext
|
||||
$stmt = $pdo->prepare("DELETE FROM pagetext WHERE textname='index'");
|
||||
|
||||
@ -4,8 +4,8 @@ function db_update_116_post()
|
||||
global $config, $pdo;
|
||||
|
||||
/* Fix the users that have a 0 year */
|
||||
$q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE `users` SET year=? WHERE year=0");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
/* Fix users without a username */
|
||||
@ -25,8 +25,8 @@ function db_update_116_post()
|
||||
$username = '';
|
||||
for ($x = 0; $x < 16; $x++)
|
||||
$username .= $available[rand(0, $len)];
|
||||
$stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET username=? WHERE id=?");
|
||||
$stmt->execute([$username,$r->id]);
|
||||
}
|
||||
|
||||
// okay now finally, there's a chance of duplicates from
|
||||
@ -37,9 +37,9 @@ function db_update_116_post()
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$orig_r = $r;
|
||||
$qq = $pdo->prepare("SELECT * FROM `users` WHERE
|
||||
(`username`='{$r['username']}' OR `email`='{$r['email']}')
|
||||
AND `id`!={$r['id']}");
|
||||
$qq->execute();
|
||||
(`username`=? OR `email`=?)
|
||||
AND `id`!=?");
|
||||
$qq->execute([$r['username'],$r['email'],$r['id']]);
|
||||
if ($qq->rowCount() == 0)
|
||||
continue;
|
||||
|
||||
@ -93,8 +93,8 @@ function db_update_116_post()
|
||||
}
|
||||
if (count($set)) {
|
||||
$query = join(',', $set);
|
||||
$stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `users` SET ? WHERE id=?");
|
||||
$stmt->execute([$query,$r['id']]);
|
||||
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
|
||||
}
|
||||
|
||||
@ -104,13 +104,13 @@ function db_update_116_post()
|
||||
|
||||
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
|
||||
/* Delete the dupe */
|
||||
$stmt = $pdo->prepare("DELETE FROM `users` $where_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("DELETE FROM `users` ?");
|
||||
$stmt->execute([$where_id]);
|
||||
/* Update volunteer linkage */
|
||||
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`=? ?");
|
||||
$stmt->execute([$r['id'],$where_users_id]);
|
||||
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`=? ?");
|
||||
$stmt->execute([$r['id'],$where_users_id]);
|
||||
|
||||
echo "done with this user.\n";
|
||||
}
|
||||
@ -120,9 +120,9 @@ function db_update_116_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
|
||||
VALUES ('{$i->id}','yes','{$i->complete}')");
|
||||
VALUES (?,'yes',?)");
|
||||
|
||||
$stmt->execute();
|
||||
$stmt->execute([$i->id,$i->complete]);
|
||||
}
|
||||
|
||||
/* Update any remaining volunteer entries */
|
||||
@ -130,9 +130,9 @@ function db_update_116_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("UPDATE users_volunteer
|
||||
SET volunteer_complete='{$i->complete}'
|
||||
WHERE users_id='{$i->id}'");
|
||||
$stmt->execute();
|
||||
SET volunteer_complete=?
|
||||
WHERE users_id=?");
|
||||
$stmt->execute([$i->complete,$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -142,8 +142,8 @@ function db_update_116_post()
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$stmt = $pdo->prepare("UPDATE users_committee
|
||||
SET committee_active='yes'
|
||||
WHERE users_id='{$i->id}'");
|
||||
$stmt->execute();
|
||||
WHERE users_id=?");
|
||||
$stmt->execute([$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
}
|
||||
|
||||
@ -196,8 +196,8 @@ function db_update_116_post()
|
||||
$updateexclude = array('id', 'uid', 'types', 'username', 'password', 'passwordset', 'oldpassword', 'year', 'created', 'lastlogin', 'firstaid', 'cpr', 'deleted', 'deleteddatetime');
|
||||
|
||||
// check if a user already exists with this username
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username='" . $j->email . "' OR email='" . $j->email . "') AND year='$j->year'");
|
||||
$uq->execute();
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username? OR email=?) AND year=?");
|
||||
$uq->execute([$j->email,$j->email,$j->year]);
|
||||
if ($j->email && $ur = $uq->fetch(PDO::FETCH_OBJ)) {
|
||||
$id = $ur->id;
|
||||
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
|
||||
@ -208,9 +208,9 @@ function db_update_116_post()
|
||||
$sqlset .= "`$f`='" . $j->$f . "', ";
|
||||
}
|
||||
}
|
||||
$sql = "UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='" . $j->email . "' WHERE id='$id'";
|
||||
$sql = "UPDATE users SET ? `types`=?,judge',`username`=? WHERE id=?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$sqlset,$ur->types,$j->email,$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo " Updated user record with judge info, but only merged:\n";
|
||||
echo " ($sqlset)\n";
|
||||
@ -218,14 +218,14 @@ function db_update_116_post()
|
||||
/* Insert the judge */
|
||||
$fields = '`' . join('`,`', array_keys($u)) . '`';
|
||||
$vals = "'" . join("','", array_values($u)) . "'";
|
||||
$q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO users (?) VALUES (?)");
|
||||
$q->execute([$fields,$vals]);
|
||||
$id = $pdo->lastInsertId();
|
||||
|
||||
if ($map[$j->id]['uid'] == '') {
|
||||
$map[$j->id]['uid'] = $id;
|
||||
$q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("UPDATE users SET `uid`=? WHERE id=?");
|
||||
$q->execute([$id,$id]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -246,8 +246,8 @@ function db_update_116_post()
|
||||
// $j->attending_lunch,
|
||||
|
||||
/* catprefs */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id=? AND year=?");
|
||||
$q->execute([$j->id,$j->year]);
|
||||
$catpref = array();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$catpref[$i->projectcategories_id] = $i->rank;
|
||||
@ -256,8 +256,8 @@ function db_update_116_post()
|
||||
$uj['cat_prefs'] = serialize($catpref);
|
||||
|
||||
/* divprefs and subdivision prefs */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id=? AND year=?");
|
||||
$q->execute([$j->id,$j->year]);
|
||||
$divpref = array();
|
||||
$divsubpref = array();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -270,8 +270,8 @@ function db_update_116_post()
|
||||
$uj['divsub_prefs'] = serialize($divsubpref);
|
||||
|
||||
/* languages */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id=?");
|
||||
$q->execute([$j->id]);
|
||||
$langs = array();
|
||||
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
@ -291,8 +291,8 @@ function db_update_116_post()
|
||||
'willing_chair' => 'Willing Chair');
|
||||
foreach ($qmap as $field => $head) {
|
||||
/* Find the question ID */
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE year=? AND db_heading=?");
|
||||
$q->execute([$j->year,$head]);
|
||||
if ($q->rowCount() == 0) {
|
||||
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
|
||||
continue;
|
||||
@ -302,10 +302,10 @@ function db_update_116_post()
|
||||
|
||||
/* Now find the answer */
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE
|
||||
year='{$j->year}' AND
|
||||
registrations_id='{$j->id}' AND
|
||||
questions_id='{$i->id}'");
|
||||
$q->execute();
|
||||
year=? AND
|
||||
registrations_id=? AND
|
||||
questions_id=?");
|
||||
$q->execute([$j->year,$j->id,$i->id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
if ($q->rowCount() == 0) {
|
||||
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
|
||||
@ -319,8 +319,8 @@ function db_update_116_post()
|
||||
|
||||
$fields = '`' . join('`,`', array_keys($uj)) . '`';
|
||||
$vals = "'" . join("','", array_values($uj)) . "'";
|
||||
$q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("INSERT INTO users_judge (?) VALUES (?)");
|
||||
$q->execute([$fields,$vals]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
/*
|
||||
@ -329,24 +329,24 @@ function db_update_116_post()
|
||||
*/
|
||||
|
||||
/* judges_teams_link */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$jtl[$i->id] = $id;
|
||||
|
||||
/* judges_specialawards_sel */
|
||||
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$jsal[$i->id] = $id;
|
||||
|
||||
/* question_answers */
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
|
||||
$q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id=? AND year=?");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$j->id,$j->year]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ))
|
||||
$qa[$i->id] = $id;
|
||||
@ -355,21 +355,21 @@ function db_update_116_post()
|
||||
/* Now write back the judge ids */
|
||||
if (count($jtl)) {
|
||||
foreach ($jtl as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE judges_teams_link SET judges_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
if (count($jsal)) {
|
||||
foreach ($jsal as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
if (count($qa)) {
|
||||
foreach ($qa as $id => $new_id)
|
||||
$q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
|
||||
$q = $pdo->prepare("UPDATE question_answers SET registrations_id=? WHERE id=? ");
|
||||
|
||||
$q->execute();
|
||||
$q->execute([$new_id,$id]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@ -9,20 +9,20 @@ function db_update_117_post()
|
||||
'willing_chair' => 'Willing Chair');
|
||||
|
||||
foreach ($qmap as $field => $head) {
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE db_heading='{$head}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT id FROM questions WHERE db_heading=?");
|
||||
$q->execute([$head]);
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$id = $i->id;
|
||||
|
||||
/* Drop all answers for this question */
|
||||
$stmt = $pdo->prepare("DELETE FROM question_answers
|
||||
WHERE questions_id='$id'");
|
||||
$stmt->execute();
|
||||
WHERE questions_id=?");
|
||||
$stmt->execute([$id]);
|
||||
}
|
||||
|
||||
/* Now dump the question itself */
|
||||
$stmt = $pdo->prepare("DELETE FROM questions
|
||||
WHERE id='$id'");
|
||||
$stmt->execute();
|
||||
WHERE id=?");
|
||||
$stmt->execute([$id]);
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,8 +23,8 @@ function db_update_118_post()
|
||||
$active = 'yes';
|
||||
}
|
||||
// see if a user exists with this email
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username='" . $r->email . "' OR email='" . $r->email . "') ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
|
||||
$uq->execute();
|
||||
$uq = $pdo->prepare("SELECT * FROM users WHERE (username=? OR email=?) ORDER BY year DESC LIMIT 1"); // AND year='$r->year'");
|
||||
$uq->execute([ $r->email,$r->email]);
|
||||
if ($r->email && $ur = $uq->fetch(PDO::FETCH_OBJ)) {
|
||||
$user_id = $ur->id;
|
||||
echo "Using existing users.id=$user_id for award_contacts.id=$r->id because email address ($r->email) matches\n";
|
||||
@ -37,9 +37,9 @@ function db_update_118_post()
|
||||
$sqlset .= "`$f`='" . $r->$f . "', ";
|
||||
}
|
||||
}
|
||||
$sql = "UPDATE users SET $sqlset `types`='{$ur->types},sponsor' WHERE id='$user_id'";
|
||||
$sql = "UPDATE users SET ? `types`=?,sponsor' WHERE id=?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$sqlset,$ur->types,$user_id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
echo " Updated user record\n";
|
||||
} else {
|
||||
@ -70,8 +70,8 @@ function db_update_118_post()
|
||||
|
||||
$user_id = $pdo->lastInsertId();
|
||||
// and link it to themselves as a starting record
|
||||
$stmt = $pdo->prepare("UPDATE users SET uid='$user_id' WHERE id='$user_id'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE users SET uid=? WHERE id=?");
|
||||
$stmt->execute([$user_id,$user_id]);
|
||||
echo "Creating new users.id=$user_id for award_contacts.id=$r->id\n";
|
||||
}
|
||||
|
||||
|
||||
@ -4,8 +4,8 @@ function db_update_122_post()
|
||||
{
|
||||
global $config, $pdo;
|
||||
$year = $config['FAIRYEAR'];
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year=?");
|
||||
$q->execute([$year]);
|
||||
$round = array();
|
||||
while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
|
||||
$type = $r['type'];
|
||||
@ -27,21 +27,21 @@ function db_update_122_post()
|
||||
|
||||
foreach ($round as $type => $d) {
|
||||
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
|
||||
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
|
||||
$stmt->execute();
|
||||
VALUES ('0',?,?,?,?,?)");
|
||||
$stmt->execute([$type,$d['date'],$d['starttime'],$d['endtime'],$year]);
|
||||
$round_id = $pdo->lastInsertId();
|
||||
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
|
||||
round_id='$round_id', type='timeslot'
|
||||
round_id=?, type='timeslot'
|
||||
|
||||
WHERE type='$type' AND year='$year'");
|
||||
$stmt->execute();
|
||||
WHERE type=? AND year=?");
|
||||
$stmt->execute([$round_id,$type,$year]);
|
||||
/* Undo the set we just did to the round we just inserted */
|
||||
$stmt = $pdo->prepare("UPDATE judges_timeslots SET
|
||||
round_id='0',type='$type'
|
||||
round_id='0',type=?
|
||||
|
||||
WHERE id='$round_id'");
|
||||
$stmt->execute();
|
||||
WHERE id=?");
|
||||
$stmt->execute([$type,$round_id]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -26,9 +26,9 @@ function db_update_129_pre()
|
||||
$stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
|
||||
`url`,`website`,`username`,`password`,`enable_stats`,
|
||||
`enable_awards`,`enable_winners`) VALUES (
|
||||
'', '$name', '', 'ysf', '$url', '$web',
|
||||
'$username','$password','no','$en','$en')");
|
||||
$stmt->execute();
|
||||
'',?, '', 'ysf',?,?,
|
||||
?,?,'no',?,?)");
|
||||
$stmt->execute([$name,$url,$web,$username,$password,$en,$en]);
|
||||
|
||||
/* Link the fair to the user */
|
||||
$u['fairs_id'] = $pdo->lastInsertId();
|
||||
@ -48,9 +48,9 @@ function db_update_129_pre()
|
||||
if (!in_array($old_id, $keys))
|
||||
continue;
|
||||
|
||||
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
|
||||
WHERE id='{$r['id']}'");
|
||||
$qq->execute();
|
||||
$qq = $pdo->prepare("UPDATE award_awards SET award_sources_id=?
|
||||
WHERE id=?");
|
||||
$qq->execute([$source_map[$old_id],$r['id']]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -240,8 +240,8 @@ function db129_user_set_password($id, $password = NULL)
|
||||
/* pass $u by reference so we can update it */
|
||||
$save_old = false;
|
||||
if ($password == NULL) {
|
||||
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT passwordset FROM users WHERE id=?");
|
||||
$q->execute([$id]);
|
||||
$u = $q->fetch(PDO::FETCH_ASSOC);
|
||||
/* Generate a new password */
|
||||
$password = db129_user_generate_password(12);
|
||||
@ -260,9 +260,9 @@ function db129_user_set_password($id, $password = NULL)
|
||||
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||
$set .= "password='$p', passwordset=$save_set ";
|
||||
|
||||
$query = "UPDATE users SET $set WHERE id='$id'";
|
||||
$query = "UPDATE users SET ? WHERE id=?";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$set,$id]);
|
||||
show_pdo_errors_if_any($pdo);
|
||||
|
||||
return $password;
|
||||
|
||||
@ -5,8 +5,8 @@ function db_update_81_post()
|
||||
$q->execute();
|
||||
while ($i = $q->fetch(PDO::FETCH_OBJ)) {
|
||||
$asid = $i->award_sponsors_id;
|
||||
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id=? LIMIT 1");
|
||||
$stmt->execute([$asid]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@ -40,10 +40,10 @@ function db_update_87_post()
|
||||
}
|
||||
}
|
||||
if ($newval != false) {
|
||||
$query = "UPDATE users SET passwordset=$newval WHERE id='$id'";
|
||||
$query = "UPDATE users SET passwordset=? WHERE id=?";
|
||||
echo "$query\n";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$stmt->execute([$newval,$id]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,8 +38,8 @@ $r = $q->fetch(PDO::FETCH_OBJ);
|
||||
$config = array('FAIRYEAR' => $r->val);
|
||||
|
||||
/* Load config just in case there's a PHP script that wants it */
|
||||
$q = $pdo->prepare("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'");
|
||||
$q->execute();
|
||||
$q = $pdo->prepare("SELECT * FROM config WHERE year=?");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
while ($r = $q->fetch(PDO::FETCH_OBJ))
|
||||
$config[$r->var] = $r->val;
|
||||
|
||||
@ -129,8 +129,8 @@ if ($dbcodeversion && $dbdbversion) {
|
||||
}
|
||||
|
||||
echo "\nAll done - updating new DB version to $dbcodeversion\n";
|
||||
$stmt = $pdo->prepare("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
|
||||
$stmt->execute();
|
||||
$stmt = $pdo->prepare("UPDATE config SET val=? WHERE var='DBVERSION' AND year='0'");
|
||||
$stmt->execute([$dbcodeversion]);
|
||||
}
|
||||
} else {
|
||||
echo "ERROR: dbcodeversion and dbdbversion are not defined\n";
|
||||
|
||||
@ -85,16 +85,16 @@ function judge_status_questions($u)
|
||||
*/
|
||||
global $config, $pdo;
|
||||
// get the questions we're looking for
|
||||
$q = $pdo->prepare('SELECT id FROM questions WHERE year=' . $config['FAIRYEAR'] . " AND required='yes'");
|
||||
$q->execute([]);
|
||||
$q = $pdo->prepare('SELECT id FROM questions WHERE year=?'"AND required='yes'");
|
||||
$q->execute([$config['FAIRYEAR']]);
|
||||
$idList = array();
|
||||
while ($row = $q->fetch(PDO::FETCH_ASSOC))
|
||||
$idList[] = $row['id'];
|
||||
|
||||
$rval = 'complete';
|
||||
if (count($idList)) {
|
||||
$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(' . implode(',', $idList) . ') AND users_id=' . $u['id'] . ' AND answer IS NOT NULL');
|
||||
$q->execute();
|
||||
$q = $pdo->prepare('SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(?) AND users_id=? AND answer IS NOT NULL');
|
||||
$q->execute([implode(',', $idList),$u['id']]);
|
||||
$row = $q->fetch(PDO::FETCH_ASSOC);
|
||||
if (intval($row['tally']) != count($idList))
|
||||
$rval = 'incomplete';
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user