Compare commits

..

2 Commits

Author SHA1 Message Date
f7c6c506a1 Mysql conversion 2024-12-10 19:40:23 -05:00
bf8a23fc85 converted mysql to pdo 2024-12-09 01:06:15 -05:00
82 changed files with 1860 additions and 1353 deletions

View File

@ -2,12 +2,14 @@
include "../data/config.inc.php"; include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS); mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME); mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_percent'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val; $percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='judge_scheduler_activity'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val; $status=$r->val;
echo "$percent:$status\n"; echo "$percent:$status\n";

View File

@ -247,7 +247,7 @@ $report_students_fields = array(
'group_by' => array('students.registrations_id')), 'group_by' => array('students.registrations_id')),
'allnames_split' => array( 'allnames_split' => array(
'name' => "Student -- All Student Names (REQUIRES MYSQL 5.0) (Split) ", 'name' => "Student -- All Student Names (REQUIRES 5.0) (Split) ",
'header' => 'Student(s)', 'header' => 'Student(s)',
'width' => 3.0, 'width' => 3.0,
'scalable' => true, 'scalable' => true,

View File

@ -28,12 +28,14 @@ ogram; see the file COPYING. If not, write to
include "../data/config.inc.php"; include "../data/config.inc.php";
mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS); mysql_connect($DBHOST,substr($DBUSER,0,16),$DBPASS);
mysql_select_db($DBNAME); mysql_select_db($DBNAME);
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_percent'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$percent=$r->val; $percent=$r->val;
$q=mysql_query("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'"); $q=$pdo->prepare("SELECT val FROM config WHERE year='0' AND var='tours_assigner_activity'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$status=$r->val; $status=$r->val;
echo "$percent:$status\n"; echo "$percent:$status\n";

View File

@ -24,14 +24,15 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isng tryint to see something that they arent allowed to! //first, lets make sure someone isng tryint to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$pn=trim(mysql_real_escape_string($_GET['n'])); $pn=trim($_GET['n']);
if($r->test) { if($r->test) {
$q=mysql_query("SELECT $q=$pdo->prepare("SELECT
registrations.id AS reg_id, registrations.id AS reg_id,
registrations.status, registrations.status,
projects.title, projects.title,
@ -55,14 +56,15 @@
AND projects.projectnumber='$pn' AND projects.projectnumber='$pn'
LIMIT 1 LIMIT 1
"); ");
echo mysql_error(); echo $pdo->errorInfo();
$r=mysql_fetch_assoc($q); $r=$q->fetch(PDO::FETCH_ASSOC);
$regid=$r['reg_id']; $regid=$r['reg_id'];
$q2=mysql_query("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname"); $q2=$pdo->prepare("SELECT firstname,lastname,webfirst,weblast,schools.school FROM students JOIN schools ON students.schools_id=schools.id WHERE registrations_id='$regid' ORDER BY lastname");
$q2->execute();
$students=""; $students="";
while($stud=mysql_fetch_object($q2)) { while($stud=$q2->fetch(PDO::FETCH_OBJ)) {
if($stud->webfirst=="yes") if($stud->webfirst=="yes")
$students.="$stud->firstname "; $students.="$stud->firstname ";

View File

@ -24,12 +24,13 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to! //first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test) { if($r->test) {
$q=mysql_query("SELECT registrations.id AS reg_id, $q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status, registrations.status,
projects.title, projects.title,
projects.projectnumber, projects.projectnumber,
@ -54,11 +55,12 @@
projectdivisions.id, projectdivisions.id,
projects.projectnumber projects.projectnumber
"); ");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist"; $lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist"; $lastdiv="something_that_does_not_exist";
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
if(!$r->title) $t="{no title}"; if(!$r->title) $t="{no title}";
else $t=$r->title; else $t=$r->title;

View File

@ -24,14 +24,15 @@
require("../common.inc.php"); require("../common.inc.php");
//first, lets make sure someone isnt trying to see something that they arent allowed to! //first, lets make sure someone isnt trying to see something that they arent allowed to!
$q=mysql_query("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>='".$config['dates']['postparticipants']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ret=array(); $ret=array();
if($r->test) { if($r->test) {
$ret['status']="ok"; $ret['status']="ok";
$q=mysql_query("SELECT registrations.id AS reg_id, $q=$pdo->prepare("SELECT registrations.id AS reg_id,
registrations.status, registrations.status,
projects.id AS projects_id, projects.id AS projects_id,
projects.title, projects.title,
@ -57,12 +58,13 @@
projectdivisions.id, projectdivisions.id,
projects.projectnumber projects.projectnumber
"); ");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$lastcat="something_that_does_not_exist"; $lastcat="something_that_does_not_exist";
$lastdiv="something_that_does_not_exist"; $lastdiv="something_that_does_not_exist";
$projects=array(); $projects=array();
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::fETCH_OBJ)) {
if(!$r->title) $t="{no title}"; if(!$r->title) $t="{no title}";
else $t=$r->title; else $t=$r->title;

View File

@ -39,7 +39,7 @@
GROUP BY users.uid ORDER BY ord,users.lastname "); GROUP BY users.uid ORDER BY ord,users.lastname ");
//if there's nobody in this committee, then just skip it and go on to the next one. //if there's nobody in this committee, then just skip it and go on to the next one.
if(mysql_num_rows($q2)==0) if($q2->rowCount()==0)
continue; continue;
echo "<tr>"; echo "<tr>";

View File

@ -842,8 +842,8 @@ function emit_time_selector($name,$selected="")
function emit_province_selector($name,$selected="",$extra="") function emit_province_selector($name,$selected="",$extra="")
{ {
global $config; global $config;
$q=("SELECT * FROM provinces WHERE countries_code='".mysql_escape_string($config['country'])."' ORDER BY province"); $q=("SELECT * FROM provinces WHERE countries_code='".$config['country']."' ORDER BY province");
if(mysql_num_rows($q)==1) if($q->rowCount()==1)
{ {
$r = $q->fetch(); $r = $q->fetch();
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">"; echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
@ -1184,7 +1184,7 @@ function committee_warnings()
AND award_awards.award_source_fairs_id IS NOT NULL AND award_awards.award_source_fairs_id IS NOT NULL
AND fairs.type='ysc' "); AND fairs.type='ysc' ");
echo pdo->errorInfo(); echo pdo->errorInfo();
if(mysql_num_rows($qq) > 0) { if($qq->rowCount() > 0) {
$warn; $warn;
break; break;

View File

@ -40,23 +40,26 @@ $dump.="#SFIAB DB VERSION: ".$config['DBVERSION']."\n";
$dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n"; $dump.="#SFIAB FAIR NAME: ".$config['fairname']."\n";
$dump.="#-------------------------------------------------\n"; $dump.="#-------------------------------------------------\n";
$tableq=mysql_query("SHOW TABLES FROM `$DBNAME`"); $tableq=$pdo->prepare("SHOW TABLES FROM `$DBNAME`");
while($tr=mysql_fetch_row($tableq)) { $tableq->execute();
while($tr=$tableq->fetch(PDO::FETCH_NUM)) {
$table=$tr[0]; $table=$tr[0];
$dump.="#TABLE: $table\n"; $dump.="#TABLE: $table\n";
$columnq=mysql_query("SHOW COLUMNS FROM `$table`"); $columnq=$pdo->prepare("SHOW COLUMNS FROM `$table`");
$columnq->execute();
$str="INSERT INTO `$table` ("; $str="INSERT INTO `$table` (";
unset($fields); unset($fields);
$fields=array(); $fields=array();
while($cr=mysql_fetch_object($columnq)) { while($cr=$columnq->fetch(PDO:;FETCH_OBJ)) {
$str.="`".$cr->Field."`,"; $str.="`".$cr->Field."`,";
$fields[]=$cr->Field; $fields[]=$cr->Field;
} }
$str=substr($str,0,-1); $str=substr($str,0,-1);
$str.=") VALUES ("; $str.=") VALUES (";
$dataq=mysql_query("SELECT * FROM `$table` ORDER BY `{$fields[0]}`"); $dataq=$pdo->prepare("SELECT * FROM `$table` ORDER BY `{$fields[0]}`");
while($data=mysql_fetch_object($dataq)) { $dataq->execute();
while($data=$dataq->fetch(PDO::FETCH_OBJ)) {
$insertstr=$str; $insertstr=$str;
foreach($fields AS $field) { foreach($fields AS $field) {
if(is_null($data->$field)) if(is_null($data->$field))
@ -167,7 +170,9 @@ else if($_POST['action']=="restoreproceed") {
//empty out the table //empty out the table
$sql="TRUNCATE TABLE `".$args[1]."`"; $sql="TRUNCATE TABLE `".$args[1]."`";
// echo $sql."\n"; // echo $sql."\n";
mysql_query($sql);
$stmt = $pdo->prepare($sql);
$stmt->execute();
} }
else if(mb_ereg("^#",$line)) { else if(mb_ereg("^#",$line)) {
//just skip it //just skip it
@ -175,10 +180,12 @@ else if($_POST['action']=="restoreproceed") {
else else
{ {
//insert the new data //insert the new data
mysql_query($line);
if(mysql_error()) { $stmt = $pdo->prepare($line);
$stmt->execute();
if($pdo->errorInfo()) {
echo $line."\n"; echo $line."\n";
echo mysql_error()."\n"; echo $pdo->errorInfo()."\n";
$err=true; $err=true;
} }
} }
@ -203,11 +210,12 @@ else if($_POST['action']=="restoreproceed") {
else if ($_POST['action'] == 'clean_judges') { else if ($_POST['action'] == 'clean_judges') {
//select all judges //select all judges
$query = mysql_query('SELECT * FROM users WHERE types LIKE "judge"'); $query = $pdo->prepare('SELECT * FROM users WHERE types LIKE "judge"');
echo mysql_error(); $query->execute();
echo $pdo->errorInfo();
// Go through each judge and test: // Go through each judge and test:
while($judge = mysql_fetch_assoc($query)){ while($judge = $query->fetch(PDO::FETCH_ASSOC)){
//if they are deleted //if they are deleted
if ($judge['deleted'] == 'yes') { if ($judge['deleted'] == 'yes') {
@ -222,16 +230,17 @@ else if ($_POST['action'] == 'clean_judges') {
else{ else{
// Find max year of judge // Find max year of judge
$max_year_query = mysql_query('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1'); $max_year_query = $pdo->prepare('SELECT year FROM users WHERE uid = '. $judge['uid'] .' ORDER BY year DESC limit 1');
$judge_max_year = mysql_fetch_assoc($max_year_query); $max_year_query->execute();
$judge_max_year = $max_year_query->fetch(PDO::FETCH_ASSOC);
// Grab old judge info. // Grab old judge info.
// Old judge info consists of all entries in the database that are not the most recent for the specific judge // Old judge info consists of all entries in the database that are not the most recent for the specific judge
$deletable = mysql_query('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']); $deletable = $pdo->prepare('SELECT * FROM users WHERE uid ='. $judge['uid'] .' AND year NOT LIKE '.$judge_max_year['year']);
$deletable->execute();
// and if they have old data from previous fair years // and if they have old data from previous fair years
if (mysql_num_rows($deletable) > 0){ if ($deletable->rowCount() > 0){
// delete old data one by one // delete old data one by one
while ($old_judge_data = mysql_fetch_assoc($deletable)){ while ($old_judge_data = $deletable->fetch(PDO::FETCH_ASSOC)){
if (!is_array($old_judge_data['type'])){ if (!is_array($old_judge_data['type'])){
$old_judge_data['types'] = array($old_judge_data['types']); $old_judge_data['types'] = array($old_judge_data['types']);
} }
@ -250,9 +259,10 @@ else if ($_POST['action'] == 'clean_judges') {
,"backup_restore" ,"backup_restore"
); );
mysql_query("OPTIMIZE TABLE users, users_judge"); $stmt = $pdo->prepare("OPTIMIZE TABLE users, users_judge");
$stmt->execute();
$str = mysql_error(); $str = $pdo->errorInfo();
echo $str; echo $str;
@ -265,9 +275,9 @@ else if ($_POST['action'] == 'clean_judges') {
} }
else if ($_POST['action'] == 'clean_parents') { else if ($_POST['action'] == 'clean_parents') {
$query_parents = mysql_query('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']); $query_parents = $pdo->prepare('SELECT * FROM users WHERE types LIKE "parent" AND year !='.$config['FAIRYEAR']);
$query_parents->execute();
while($parent = mysql_fetch_assoc($query_parents)){ while($parent = $query_parents->fetch(PDO::FETCH_ASSOC)){
if (!is_array($parent['types'])){ if (!is_array($parent['types'])){
$parent['types'] = array($parent['types']); $parent['types'] = array($parent['types']);
@ -283,9 +293,10 @@ else if ($_POST['action'] == 'clean_parents') {
,"backup_restore" ,"backup_restore"
); );
mysql_query("OPTIMIZE TABLE users, users_parent"); $stmt = $pdo->prepare("OPTIMIZE TABLE users, users_parent");
$stmt->execute();
$str = mysql_error(); $str = $pdo->errorInfo();
echo $str; echo $str;

View File

@ -31,7 +31,7 @@
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php', 'SFIAB Configuration' => 'config/index.php',
'Age Categories' => 'config/categories.php'),"project_age_categories"); 'Age Categories' => 'config/categories.php'),"project_age_categories");
} else { } else
send_header("Age Categories", send_header("Age Categories",
array('Committee Main' => 'committee_main.php', array('Committee Main' => 'committee_main.php',
'SFIAB Configuration' => 'config/index.php'),"project_age_categories"); 'SFIAB Configuration' => 'config/index.php'),"project_age_categories");
@ -42,22 +42,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $q->execute();
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) echo $pdo->errorInfo();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID"))); echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
} }
else else
{ {
mysql_query("UPDATE projectcategories SET ". $stmt = $pdo->prepare("UPDATE projectcategories SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"category='".mysql_escape_string(stripslashes($_POST['category']))."', ". "category='".stripslashes($_POST['category'])."', ".
"category_shortform='".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ". "category_shortform='".stripslashes($_POST['category_shortform'])."', ".
"mingrade='".$_POST['mingrade']."', ". "mingrade='".$_POST['mingrade']."', ".
"maxgrade='".$_POST['maxgrade']."' ". "maxgrade='".$_POST['maxgrade']."' ".
"WHERE id='".$_POST['saveid']."'"); "WHERE id='".$_POST['saveid']."'");
echo happy(i18n("Category successfully saved")); echo happy(i18n("Category successfully saved"));
$stmt->execute();
} }
} }
else else
@ -71,21 +73,24 @@
//ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden //ues isset($_POST['mingrade']) instead of just $_POST['mingrade'] to allow entering 0 for kindergarden
if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade']) if($_POST['id'] && $_POST['category'] && isset($_POST['mingrade']) && $_POST['maxgrade'])
{ {
$q=mysql_query("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectcategories WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID"))); echo error(i18n("Category ID %1 already exists",array($_POST['id']),array("category ID")));
} }
else else
{ {
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ". $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['category']))."', ". "'".stripslashes($_POST['category'])."', ".
"'".mysql_escape_string(stripslashes($_POST['category_shortform']))."', ". "'".stripslashes($_POST['category_shortform'])."', ".
"'".$_POST['mingrade']."', ". "'".$_POST['mingrade']."', ".
"'".$_POST['maxgrade']."', ". "'".$_POST['maxgrade']."', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
$pdo->execute();
echo happy(i18n("Category successfully added")); echo happy(i18n("Category successfully added"));
} }
} }
else else
@ -98,9 +103,11 @@
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectcategories_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
//#### //####
mysql_query("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategories WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Category successfully removed")); echo happy(i18n("Category successfully removed"));
} }
@ -125,8 +132,9 @@
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$categoryr=mysql_fetch_object($q); $q->execute();
$categoryr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")

View File

@ -53,10 +53,11 @@ $error_ids = array();
if($_POST['savedates']) { if($_POST['savedates']) {
foreach($_POST['savedates'] as $key=>$val) { foreach($_POST['savedates'] as $key=>$val) {
//put the date and time back together //put the date and time back together
$d = mysql_escape_string(stripslashes($val)); $d = stripslashes($val);
$t =mysql_escape_string(stripslashes($_POST['savetimes'][$key])); $t =stripslashes($_POST['savetimes'][$key]);
$v="$d $t"; $v="$d $t";
mysql_query("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'"); $stmt = $pdo->prepare("UPDATE dates SET date='$v' WHERE year='".$config['FAIRYEAR']."' AND id='$key'");
$stmt->execute();
} }
} }
echo happy(i18n("Dates successfully saved")); echo happy(i18n("Dates successfully saved"));
@ -128,13 +129,14 @@ foreach($dates as $dn=>$d) {
if(!$d['id']) { if(!$d['id']) {
$def=$defaultdates[$dn]; $def=$defaultdates[$dn];
//hmm if we dont have a record for this date this year, INSERT the sql from the default //hmm if we dont have a record for this date this year, INSERT the sql from the default
mysql_query("INSERT INTO dates (date,name,description,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($def->date)."', '".$def->date."',
'".mysql_real_escape_string($dn)."', '".$dn."',
'".mysql_real_escape_string($def->description)."', '".$def->description."',
'".$config['FAIRYEAR']."' '".$config['FAIRYEAR']."'
)"); )");
$d['id']=mysql_insert_id(); $stmt->execute();
$d['id']=$pdo->lastInsertId();
$d['description']=$def->description; $d['description']=$def->description;
$d['date']=$def->date; $d['date']=$def->date;
} }

View File

@ -44,31 +44,34 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
if($_POST['id'] && $_POST['division'] ) if($_POST['id'] && $_POST['division'] )
{ {
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) $q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID"))); echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
} }
else else
{ {
mysql_query("UPDATE projectdivisions SET ". $stmt = $pdo->prepare("UPDATE projectdivisions SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"division='".mysql_escape_string(stripslashes($_POST['division']))."', ". "division='".stripslashes($_POST['division'])."', ".
"division_shortform='".mysql_escape_string(stripslashes($_POST['division_shortform']))."' ". "division_shortform='".stripslashes($_POST['division_shortform'])."' ".
"WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'"); "WHERE id='".$_POST['saveid']."' AND year='{$config['FAIRYEAR']}'");
$stmt->execute();
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
mysql_query("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link WHERE projectdivisions_id='".$_POST['saveid']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['divcat'])) if(is_array($_POST['divcat']))
{ {
foreach($_POST['divcat'] as $tempcat) foreach($_POST['divcat'] as $tempcat)
{ {
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".$tempcat."', ". "'".$tempcat."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
} }
} }
} }
@ -87,26 +90,29 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
if($_POST['id'] && $_POST['division']) if($_POST['id'] && $_POST['division'])
{ {
$q=mysql_query("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID"))); echo error(i18n("Division ID %1 already exists",array($_POST['id']),array("division ID")));
} }
else else
{ {
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,year) VALUES ( ".
"'".$_POST['id']."', ". "'".$_POST['id']."', ".
"'".mysql_escape_string(stripslashes($_POST['division']))."', ". "'".stripslashes($_POST['division'])."', ".
"'".mysql_escape_string(stripslashes($_POST['division_shortform']))."', ". "'".stripslashes($_POST['division_shortform'])."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
foreach($_POST['divcat'] as $tempcat){ foreach($_POST['divcat'] as $tempcat){
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( ".
"'".$tempcat."', ". "'".$tempcat."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
} }
} }
//####### //#######
@ -123,8 +129,10 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
{ {
//###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links //###### Feature Specific - filtering divisions by category - not conditional, cause even if they have the filtering turned off..if any links
//for this division exist they should be deleted //for this division exist they should be deleted
mysql_query("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM projectcategoriesdivisions_link where projectdivisions_id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt->execute();
$stmt = $pdo->prepare("DELETE FROM projectdivisions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Division successfully removed")); echo happy(i18n("Division successfully removed"));
} }
@ -151,8 +159,9 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")
@ -167,11 +176,13 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
echo " <td>"; echo " <td>";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY mingrade");
while($categoryr=mysql_fetch_object($q)){ $q->execute();
while($categoryr=$q->fetch(PDO::FETCH_OBJ)){
$query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'"; $query="SELECT * FROM projectcategoriesdivisions_link WHERE projectdivisions_id=".$divisionr->id." AND projectcategories_id=".$categoryr->id." AND year='".$config['FAIRYEAR']."'";
$t=mysql_query($query); $t=$pdo->prepare($query);
if($t && mysql_num_rows($t)>0) $t->execute();
if($t && $t->rowCount()>0)
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>"; echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" checked=\"checked\" /> $categoryr->category</nobr><br/>";
else else
echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>"; echo "<nobr><input type=\"checkbox\" name=\"divcat[]\" value=\"$categoryr->id\" /> $categoryr->category</nobr><br/>";
@ -195,18 +206,19 @@ if($_GET['action']=="edit" || $_GET['action']=="new") {
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
$c=mysql_query("SELECT category FROM projectcategoriesdivisions_link, projectcategories $c=$pdo->prepare("SELECT category FROM projectcategoriesdivisions_link, projectcategories
WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id WHERE projectcategoriesdivisions_link.projectcategories_id = projectcategories.id
AND projectdivisions_id='$r->id' AND projectdivisions_id='$r->id'
AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."' AND projectcategories.year='".$config['FAIRYEAR']."'
ORDER BY projectcategories.mingrade"); ORDER BY projectcategories.mingrade");
echo mysql_error(); $c->execute();
echo $pdo->errorInfo();
if(!$c){ if(!$c){
$tempcat="&nbsp;"; $tempcat="&nbsp;";
}else{ }else{
$tempcat=""; $tempcat="";
while($categoryr=mysql_fetch_object($c)){ while($categoryr=$c->fetch(PDO::FETCH_OBJ){
$tempcat.=",".$categoryr->category; $tempcat.=",".$categoryr->category;
} }
$tempcat=substr($tempcat,1); $tempcat=substr($tempcat,1);

View File

@ -36,7 +36,8 @@
{ {
foreach($_POST['cwsfdivision'] AS $k=>$v) foreach($_POST['cwsfdivision'] AS $k=>$v)
{ {
mysql_query("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("UPDATE projectdivisions SET cwsfdivisionid='$v' WHERE id='$k' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
} }
echo happy(i18n("Corresponding CWSF divisions saved")); echo happy(i18n("Corresponding CWSF divisions saved"));
} }
@ -54,8 +55,9 @@ echo "<br />";
echo "<th>".i18n("Corresponding CWSF Division")."</th>\n"; echo "<th>".i18n("Corresponding CWSF Division")."</th>\n";
echo "</tr>"; echo "</tr>";
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr>"; echo "<tr>";
echo " <td>".i18n($r->division)."</td>"; echo " <td>".i18n($r->division)."</td>";

View File

@ -109,8 +109,9 @@
if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT") if(substr($line,0,6)=="UPDATE" || substr($line,0,6)=="INSERT")
{ {
mysql_query($line); $stmt = $pdo->prepare($line);
$a=mysql_affected_rows(); $stmt->execute();
$a=$pdo->rowwCount();
$loaded+=$a; $loaded+=$a;
} }
else else

View File

@ -57,16 +57,17 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
{ {
foreach($config['languages'] AS $lang=>$langname) { foreach($config['languages'] AS $lang=>$langname) {
$textvar="text_$lang"; $textvar="text_$lang";
$text=mysql_escape_string(stripslashes($_POST[$textvar])); $text=stripslashes($_POST[$textvar]);
mysql_query("UPDATE pagetext $stmt = $pdo->prepare("UPDATE pagetext
SET SET
lastupdate=NOW(), lastupdate=NOW(),
text='$text' text='$text'
WHERE WHERE
textname='".mysql_escape_string($_POST['textname'])."' textname='".$_POST['textname']."'
AND year='".$config['FAIRYEAR']."' AND year='".$config['FAIRYEAR']."'
AND lang='$lang'"); AND lang='$lang'");
$stmt->execute();
} }
echo happy(i18n("Page texts successfully saved")); echo happy(i18n("Page texts successfully saved"));
@ -74,9 +75,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
if($_GET['textname']) if($_GET['textname'])
{ {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//needs to be at least one entry in any languages //needs to be at least one entry in any languages
if($r=mysql_fetch_object($q)) if($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<form method=\"post\" action=\"pagetexts.php\">"; echo "<form method=\"post\" action=\"pagetexts.php\">";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
@ -84,13 +86,15 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
foreach($config['languages'] AS $lang=>$langname) { foreach($config['languages'] AS $lang=>$langname) {
$q=mysql_query("SELECT * FROM pagetext WHERE textname='".mysql_escape_string($_GET['textname'])."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE textname='".$_GET['textname']."' AND year='".$config['FAIRYEAR']."' AND lang='$lang'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(!$r) if(!$r)
{ {
mysql_query("INSERT INTO pagetext (textname,year,lang) VALUES ('".mysql_escape_string($_GET['textname'])."','".$config['FAIRYEAR']."','$lang')"); $stmt = $pdo->prepare("INSERT INTO pagetext (textname,year,lang) VALUES ('".$_GET['textname']."','".$config['FAIRYEAR']."','$lang')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never"; if($r->lastupdate=="0000-00-00 00:00:00" || !$r->lastupdate) $lastupdate="Never";
@ -129,9 +133,10 @@ $q = $pdo->prepare("SELECT * FROM pagetext WHERE year='-1' ORDER BY textname");
echo i18n("Choose a page text to edit"); echo i18n("Choose a page text to edit");
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
$q=mysql_query("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='".$config['FAIRYEAR']."' AND lang='".$config['default_language']."' ORDER BY textname");
$q->execute();
echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>"; echo "<tr><th>".i18n("Page Text Description")."</th><th>".i18n("Last Update")."</th></tr>";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>"; echo "<tr><td><a href=\"pagetexts.php?textname=$r->textname\">$r->textdescription</a></td>";
if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never"; if($r->lastupdate=="0000-00-00 00:00:00") $lastupdate="Never";

View File

@ -63,8 +63,9 @@
*/ */
/* Get field list for this table */ /* Get field list for this table */
$q = mysql_query("SHOW COLUMNS IN `$table`"); $q = $pdo->prepare("SHOW COLUMNS IN `$table`");
while(($c = mysql_fetch_assoc($q))) { $q->execute();
while(($c = $q->fech(PDDO::FETCH_ASSOC))) {
$col[$c['Field']] = $c; $col[$c['Field']] = $c;
} }
@ -83,23 +84,25 @@
if($where == '') $where='1'; if($where == '') $where='1';
/* Get data */ /* Get data */
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear' AND $where"); $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear' AND $where");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`'; $names = '`'.join('`,`', $fields).'`';
/* Process data */ /* Process data */
while($r=mysql_fetch_assoc($q)) { while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$vals = ''; $vals = '';
foreach($fields as $f) { foreach($fields as $f) {
if(array_key_exists($f, $replace)) if(array_key_exists($f, $replace))
$vals .= ",'".mysql_real_escape_string($replace[$f])."'"; $vals .= ",'".$replace[$f]."'";
else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL) else if($col[$f]['Null'] == 'YES' && $r[$f] == NULL)
$vals .= ',NULL'; $vals .= ',NULL';
else else
$vals .= ",'".mysql_real_escape_string($r[$f])."'"; $vals .= ",'".$r[$f]."'";
} }
mysql_query("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)"); $stmt = $pdo->prepare("INSERT INTO `$table`(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
@ -125,97 +128,112 @@
//now the dates //now the dates
echo i18n("Rolling dates")."<br />"; echo i18n("Rolling dates")."<br />";
$q=mysql_query("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT DATE_ADD(date,INTERVAL 365 DAY) AS newdate,name,description FROM dates WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO dates (date,name,description,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->newdate)."', $stmt = $pdo->prepare("INSERT INTO dates (date,name,description,year) VALUES (
'".mysql_real_escape_string($r->name)."', '".$r->newdate."',
'".mysql_real_escape_string($r->description)."', '".$r->name."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->description."',
'".$newfairyear."')");
$stmt->execute();
//page text //page text
echo i18n("Rolling page texts")."<br />"; echo i18n("Rolling page texts")."<br />";
$q=mysql_query("SELECT * FROM pagetext WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM pagetext WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->textname)."', $stmt = $pdo->prepare("INSERT INTO pagetext (textname,textdescription,text,lastupdate,year,lang) VALUES (
'".mysql_real_escape_string($r->textdescription)."', '".$r->textname."',
'".mysql_real_escape_string($r->text)."', '".$r->textdescription."',
'".mysql_real_escape_string($r->lastupdate)."', '".$r->text."',
'".mysql_real_escape_string($newfairyear)."', '".$r->lastupdate."',
'".mysql_real_escape_string($r->lang)."')"); '".$newfairyear)."',
'".$r->lang."')";
$stmt->execute();
echo i18n("Rolling project categories")."<br />"; echo i18n("Rolling project categories")."<br />";
//project categories //project categories
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectcategories (id,category,category_shortform,mingrade,maxgrade,year) VALUES (
'".mysql_real_escape_string($r->category)."', '".$r->id."',
'".mysql_real_escape_string($r->category_shortform)."', '".$r->category."',
'".mysql_real_escape_string($r->mingrade)."', '".$r->category_shortform."',
'".mysql_real_escape_string($r->maxgrade)."', '".$r->mingrade."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->maxgrade."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project divisions")."<br />"; echo i18n("Rolling project divisions")."<br />";
//project divisions //project divisions
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectdivisions (id,division,division_shortform,cwsfdivisionid,year) VALUES (
'".mysql_real_escape_string($r->division)."', '".$r->id."',
'".mysql_real_escape_string($r->division_shortform)."', '".$r->division."',
'".mysql_real_escape_string($r->cwsfdivisionid)."', '".$r->division_shortform."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->cwsfdivisionid."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project category-division links")."<br />"; echo i18n("Rolling project category-division links")."<br />";
//project categories divisions links //project categories divisions links
$q=mysql_query("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectcategoriesdivisions_link WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->projectdivisions_id)."', $stmt = $pdo->prepare("INSERT INTO projectcategoriesdivisions_link (projectdivisions_id,projectcategories_id,year) VALUES (
'".mysql_real_escape_string($r->projectcategories_id)."', '".$r->projectdivisions_id."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->projectcategories_id."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling project sub-divisions")."<br />"; echo i18n("Rolling project sub-divisions")."<br />";
//project subdivisions //project subdivisions
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES (
'".mysql_real_escape_string($r->projectsubdivisions_id)."', '".$r->id."',
'".mysql_real_escape_string($r->subdivision)."', '".$r->projectsubdivisions_id."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->subdivision."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling safety questions")."<br />"; echo i18n("Rolling safety questions")."<br />";
//safety questions //safety questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->question)."', $stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_real_escape_string($r->type)."', '".$r->question."',
'".mysql_real_escape_string($r->required)."', '".$r->type."',
'".mysql_real_escape_string($r->ord)."', '".$r->required."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->ord."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling awards")."<br />"; echo i18n("Rolling awards")."<br />";
//awards //awards
$q=mysql_query("SELECT * FROM award_awards WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_awards WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
/* Roll the one award */ /* Roll the one award */
roll($cy, $ny, 'award_awards', "id='{$r->id}'"); roll($cy, $ny, 'award_awards', "id='{$r->id}'");
$award_awards_id=mysql_insert_id(); $award_awards_id=$pdo->lastInsertId();
roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'", roll($cy, $ny, 'award_awards_projectcategories', "award_awards_id='{$r->id}'",
array('award_awards_id' => $award_awards_id)); array('award_awards_id' => $award_awards_id));
@ -229,60 +247,66 @@
echo i18n("Rolling award types")."<br />"; echo i18n("Rolling award types")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM award_types WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM award_types WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
mysql_query("INSERT INTO award_types (id,type,`order`,year) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
'".mysql_real_escape_string($r->id)."', $stmt = $pdo->prepare("INSERT INTO award_types (id,type,`order`,year) VALUES (
'".mysql_real_escape_string($r->type)."', '".$r->id."',
'".mysql_real_escape_string($r->order)."', '".$r->type."',
'".mysql_real_escape_string($newfairyear)."')"); '".$r->order."',
'".$newfairyear."')");
$stmt->execute();
echo i18n("Rolling schools")."<br />"; echo i18n("Rolling schools")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."', '".$r->school."',
'".mysql_real_escape_string($r->schoollang)."', '".$r->schoollang."',
'".mysql_real_escape_string($r->schoollevel)."', '".$r->schoollevel."',
'".mysql_real_escape_string($r->board)."', '".$r->board."',
'".mysql_real_escape_string($r->district)."', '".$r->district."',
'".mysql_real_escape_string($r->phone)."', '".$r->phone."',
'".mysql_real_escape_string($r->fax)."', '".$r->fax."',
'".mysql_real_escape_string($r->address)."', '".$r->address."',
'".mysql_real_escape_string($r->city)."', '".$r->city."',
'".mysql_real_escape_string($r->province_code)."', '".$r->province_code."',
'".mysql_real_escape_string($r->postalcode)."',$puid, '".$r->postalcode."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid, '".$r->schoolemail."',$shuid,
'".mysql_real_escape_string($r->accesscode)."', '".$r->accesscode."',
NULL, NULL,
'".mysql_real_escape_string($r->junior)."', '".$r->junior."',
'".mysql_real_escape_string($r->intermediate)."', '".$r->intermediate."',
'".mysql_real_escape_string($r->senior)."', '".$r->senior."',
'".mysql_real_escape_string($r->registration_password)."', '".$r->registration_password."',
'".mysql_real_escape_string($r->projectlimit)."', '".$r->projectlimit."',
'".mysql_real_escape_string($r->projectlimitper)."', '".$r->projectlimitper."',
'".mysql_real_escape_string($newfairyear)."')"); '".$newfairyear."')");
$stmt->execute();
} }
echo i18n("Rolling questions")."<br />"; echo i18n("Rolling questions")."<br />";
$q = mysql_query("SELECT * FROM questions WHERE year='$currentfairyear'"); $q = $pdo->prepare("SELECT * FROM questions WHERE year='$currentfairyear'");
while($r=mysql_fetch_object($q)) $q->execute();
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES ( while($r=$q->fetch(PDO::FETCH_OBJ))
$stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) VALUES (
'', '',
'$newfairyear', '$newfairyear',
'".mysql_real_escape_string($r->section)."', '".$r->section."',
'".mysql_real_escape_string($r->db_heading)."', '".$r->db_heading."',
'".mysql_real_escape_string($r->question)."', '".$r->question."',
'".mysql_real_escape_string($r->type)."', '".$r->type."',
'".mysql_real_escape_string($r->required)."', '".$r->required."',
'".mysql_real_escape_string($r->ord)."')"); '".$r->ord."')");
$stmt->execute();
//regfee items //regfee items
echo i18n("Rolling registration fee items")."<br />"; echo i18n("Rolling registration fee items")."<br />";
@ -294,26 +318,31 @@
//timeslots and rounds //timeslots and rounds
echo i18n('Rolling judging timeslots and rounds')."<br />"; echo i18n('Rolling judging timeslots and rounds')."<br />";
$q=mysql_query("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'"); $q=$pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$currentfairyear' AND round_id='0'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_assoc($q)) { echo $pdo->errorInfo();
while($r=$q->fech(PDDO::FETCH_ASSOC)) {
$d = $newfairyear - $currentfairyear; $d = $newfairyear - $currentfairyear;
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`,`name`)
VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','0','{$r['type']}',DATE_ADD('{$r['date']}', INTERVAL $d YEAR),
'{$r['starttime']}','{$r['endtime']}','{$r['name']}')"); '{$r['starttime']}','{$r['endtime']}','{$r['name']}')");
echo mysql_error(); $stmt->execute();
$round_id = mysql_insert_id(); echo $pdo->errorInfo();
$qq = mysql_query("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'"); $round_id = $pdo->lastInsertId();
echo mysql_error(); $qq = $pdo->prepare("SELECT * FROM judges_timeslots WHERE round_id='{$r['id']}'");
while($rr=mysql_fetch_assoc($qq)) { $qq->execute();
mysql_query("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`) echo $pdo->errorInfo();
while($rr=$qq->fetch(PDO::FETCH_ASSOC)) {
$stmt = $pdo->prepare("INSERT INTO judges_timeslots (`year`,`round_id`,`type`,`date`,`starttime`,`endtime`)
VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR), VALUES ('$newfairyear','$round_id','timeslot',DATE_ADD('{$rr['date']}', INTERVAL $d YEAR),
'{$rr['starttime']}','{$rr['endtime']}')"); '{$rr['starttime']}','{$rr['endtime']}')");
$stmt->execute();
} }
} }
echo "<br /><br />"; echo "<br /><br />";
mysql_query("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0"); $stmt = $pdo->prepare("UPDATE config SET val='$newfairyear' WHERE var='FAIRYEAR' AND year=0");
$stmt->execute();
echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear))); echo happy(i18n("Fair year has been rolled over from %1 to %2",array($currentfairyear,$newfairyear)));
send_footer(); send_footer();
exit; exit;

View File

@ -81,8 +81,9 @@ function rolloverfiscalyear($newYear){
// first we'll roll over fundraising_campaigns: // first we'll roll over fundraising_campaigns:
$fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`"; $fields = "`name`,`type`,`startdate`,`enddate`,`followupdate`,`active`,`target`,`fundraising_goal`,`filterparameters`";
$q = mysql_query("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_campaigns WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ $q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
foreach(array('startdate','enddate','followupdate') as $dateField){ foreach(array('startdate','enddate','followupdate') as $dateField){
$dateval = $r[$dateField]; $dateval = $r[$dateField];
$parts = explode('-', $dateval); $parts = explode('-', $dateval);
@ -95,33 +96,37 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_campaigns (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// next we'll hit findraising_donor_levels // next we'll hit findraising_donor_levels
$fields = "`level`,`min`,`max`,`description`"; $fields = "`level`,`min`,`max`,`description`";
if(mysql_error() == null) if($pdo->errorInfo() == null)
$q = mysql_query("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_donor_levels WHERE fiscalyear = $oldYear");
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ $q->execute();
while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$r['fiscalyear'] = $newYear; $r['fiscalyear'] = $newYear;
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_donor_levels (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// and now we'll do findraising_goals // and now we'll do findraising_goals
$fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`"; $fields = "`goal`,`name`,`description`,`system`,`budget`,`deadline`";
if(mysql_error() == null){ if($pdo->errorInfo() == null){
$q = mysql_query("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear"); $q = $pdo->prepare("SELECT $fields FROM fundraising_goals WHERE fiscalyear = $oldYear");
$q->execute();
} }
while(mysql_error() == null && $r = mysql_fetch_assoc($q)){ while($pdo->errorInfo() == null && $r = $q->fetch(PDO::FETCH_ASSOC)){
$dateval = $r['deadline']; $dateval = $r['deadline'];
$parts = explode('-', $dateval); $parts = explode('-', $dateval);
if($parts[0] != '0000') if($parts[0] != '0000')
@ -133,22 +138,24 @@ function rolloverfiscalyear($newYear){
$fields = array_keys($r); $fields = array_keys($r);
$values = array_values($r); $values = array_values($r);
foreach($values as $idx => $val){ foreach($values as $idx => $val){
$values[$idx] = mysql_real_escape_string($val); $values[$idx] = $val;
} }
$query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')"; $query = "INSERT INTO fundraising_goals (`" . implode("`,`", $fields) . "`) VALUES('" . implode("','", $values) . "')";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
// finally, let's update the fiscal year itself: // finally, let's update the fiscal year itself:
if(mysql_error() == null){ if($pdo->errorInfo() == null){
mysql_query("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'"); $stmt = $pdo->prepare("UPDATE config SET val='$newYear' WHERE var='FISCALYEAR'");
$stmt->execute();
} }
if(mysql_error() == null){ if($pdo->errorInfo() == null){
$config['FISCALYEAR'] = $newYear; $config['FISCALYEAR'] = $newYear;
echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear))); echo happy(i18n("Fiscal year has been rolled over from %1 to %2", array($oldYear, $newYear)));
}else{ }else{
echo error(mysql_error()); echo error($pdo->errorInfo());
} }
} }

View File

@ -37,13 +37,14 @@
if(!ereg("^[0-9]*$",$_POST['ord'])) if(!ereg("^[0-9]*$",$_POST['ord']))
echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord']))); echo notice(i18n("Defaulting non-numeric order value %1 to 0",array($_POST['ord'])));
mysql_query("UPDATE safetyquestions SET $stmt = $pdo->prepare("UPDATE safetyquestions SET
question='".mysql_escape_string(stripslashes($_POST['question']))."', question='".stripslashes($_POST['question'])."',
`type`='".mysql_escape_string(stripslashes($_POST['type']))."', `type`='".stripslashes($_POST['type'])."',
`required`='".mysql_escape_string(stripslashes($_POST['required']))."', `required`='".stripslashes($_POST['required'])."',
ord='".mysql_escape_string(stripslashes($_POST['ord']))."' ord='".stripslashes($_POST['ord'])."'
WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'"); WHERE id='".$_POST['save']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully saved")); echo happy(i18n("Safety question successfully saved"));
} }
@ -55,14 +56,15 @@
{ {
if($_POST['question']) if($_POST['question'])
{ {
mysql_query("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO safetyquestions (question,type,required,ord,year) VALUES (
'".mysql_escape_string(stripslashes($_POST['question']))."', '".stripslashes($_POST['question'])."',
'".mysql_escape_string(stripslashes($_POST['type']))."', '".stripslashes($_POST['type'])."',
'".mysql_escape_string(stripslashes($_POST['required']))."', '".stripslashes($_POST['required'])."',
'".mysql_escape_string(stripslashes($_POST['ord']))."', '".stripslashes($_POST['ord'])."',
'".$config['FAIRYEAR']."' '".$config['FAIRYEAR']."'
)"); )");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo happy(i18n("Safety question successfully added")); echo happy(i18n("Safety question successfully added"));
} }
@ -72,7 +74,8 @@
if($_GET['action']=="remove" && $_GET['remove']) if($_GET['action']=="remove" && $_GET['remove'])
{ {
mysql_query("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM safetyquestions WHERE id='".$_GET['remove']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Safety question successfully removed")); echo happy(i18n("Safety question successfully removed"));
} }
@ -91,9 +94,10 @@
{ {
$buttontext="Save safety question"; $buttontext="Save safety question";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"save\" value=\"".$_GET['edit']."\">\n";
if(!$r=mysql_fetch_object($q)) if(!$r=$q->fetch(PDO::FETCH_OBJ))
{ {
$showform=false; $showform=false;
echo error(i18n("Invalid safety question")); echo error(i18n("Invalid safety question"));

View File

@ -40,11 +40,16 @@
if($_POST['usepostamble']) $usepa="1"; else $usepa="0"; if($_POST['usepostamble']) $usepa="1"; else $usepa="0";
if($_POST['useregfee']) $userf="1"; else $userf="0"; if($_POST['useregfee']) $userf="1"; else $userf="0";
mysql_query("UPDATE signaturepage SET `use`='$useex', `text`='".mysql_escape_string(stripslashes($_POST['exhibitordeclaration']))."' WHERE name='exhibitordeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$useex', `text`='".stripslashes($_POST['exhibitordeclaration'])."' WHERE name='exhibitordeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepg', `text`='".mysql_escape_string(stripslashes($_POST['parentdeclaration']))."' WHERE name='parentdeclaration'"); $stmt->execute();
mysql_query("UPDATE signaturepage SET `use`='$usete', `text`='".mysql_escape_string(stripslashes($_POST['teacherdeclaration']))."' WHERE name='teacherdeclaration'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepg', `text`='".stripslashes($_POST['parentdeclaration'])."' WHERE name='parentdeclaration'");
mysql_query("UPDATE signaturepage SET `use`='$usepa', `text`='".mysql_escape_string(stripslashes($_POST['postamble']))."' WHERE name='postamble'"); $stmt->execute();
mysql_query("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'"); $stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usete', `text`='".stripslashes($_POST['teacherdeclaration'])."' WHERE name='teacherdeclaration'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$usepa', `text`='".stripslashes($_POST['postamble'])."' WHERE name='postamble'");
$stmt->execute();
$stmt = $pdo->prepare("UPDATE signaturepage SET `use`='$userf', `text`='' WHERE name='regfee'");
$stmt->execute();
echo happy(i18n("$sentence_begin_participationform text successfully saved")); echo happy(i18n("$sentence_begin_participationform text successfully saved"));
} }

View File

@ -42,18 +42,20 @@
{ {
if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] ) if($_POST['id'] && $_POST['projectdivisions_id'] && $_POST['subdivision'] )
{ {
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='".$_POST['id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q) && $_POST['saveid']!=$_POST['id']) $q->execute();
if($q->rowCount() && $_POST['saveid']!=$_POST['id'])
{ {
echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id']))); echo error(i18n("Sub-Division ID %1 already exists",array($_POST['id'])));
} }
else else
{ {
mysql_query("UPDATE projectsubdivisions SET ". $stmt = $pdo->prepare("UPDATE projectsubdivisions SET ".
"id='".$_POST['id']."', ". "id='".$_POST['id']."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ". "projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"subdivision='".mysql_escape_string(stripslashes($_POST['subdivision']))."' ". "subdivision='".stripslashes($_POST['subdivision'])."' ".
"WHERE id='".$_POST['saveid']."'"); "WHERE id='".$_POST['saveid']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully saved")); echo happy(i18n("Sub-Division successfully saved"));
} }
} }
@ -69,26 +71,29 @@
{ {
if(!$_POST['id']) if(!$_POST['id'])
{ {
$idq=mysql_query("SELECT MAX(id) AS id FROM projectsubdivisions"); $idq=$pdo->prepare("SELECT MAX(id) AS id FROM projectsubdivisions");
$idr=mysql_fetch_object($idq); $idq->execute();
$idr=$idq->fetch(PDO::fETCH_OBJ);
$newid=$idr->id+1; $newid=$idr->id+1;
} }
else else
$newid=$_POST['id']; $newid=$_POST['id'];
$q=mysql_query("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM projectsubdivisions WHERE id='$newid' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("Sub-Division ID %1 already exists",array($newid))); echo error(i18n("Sub-Division ID %1 already exists",array($newid)));
} }
else else
{ {
mysql_query("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ". $stmt = $pdo->prepare("INSERT INTO projectsubdivisions (id,projectdivisions_id,subdivision,year) VALUES ( ".
"'$newid', ". "'$newid', ".
"'".$_POST['projectdivisions_id']."', ". "'".$_POST['projectdivisions_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['subdivision']))."', ". "'".stripslashes($_POST['subdivision'])."', ".
"'".$config['FAIRYEAR']."') "); "'".$config['FAIRYEAR']."') ");
$stmt->execute();
echo happy(i18n("Sub-Division successfully added")); echo happy(i18n("Sub-Division successfully added"));
} }
} }
@ -100,7 +105,8 @@
if($_GET['action']=="remove" && $_GET['remove']) if($_GET['action']=="remove" && $_GET['remove'])
{ {
mysql_query("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'"); $stmt = $pdo->prepare("DELETE FROM projectsubdivisions WHERE id='".$_GET['remove']."'");
$stmt->execute();
echo happy(i18n("Sub-Division successfully removed")); echo happy(i18n("Sub-Division successfully removed"));
} }
@ -123,8 +129,9 @@
if($_GET['action']=="edit") if($_GET['action']=="edit")
{ {
echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n"; echo "<input type=\"hidden\" name=\"saveid\" value=\"".$_GET['edit']."\">\n";
$q=mysql_query("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE id='".$_GET['edit']."' AND year='".$config['FAIRYEAR']."'");
$divisionr=mysql_fetch_object($q); $q->execute();
$divisionr=$q->fetch(PDO::FETCH_OBJ);
$buttontext="Save"; $buttontext="Save";
} }
else if($_GET['action']=="new") else if($_GET['action']=="new")
@ -134,8 +141,9 @@
echo "<tr>"; echo "<tr>";
echo " <td>"; echo " <td>";
echo "<select name=\"projectdivisions_id\">"; echo "<select name=\"projectdivisions_id\">";
$dq=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division"); $dq=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
while($dr=mysql_fetch_object($dq)) $dq->execute();
while($dr=$dq->fetch(PDO::FETCH_OBJ))
{ {
if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel=""; if($dr->id==$divisionr->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$dr->id\">$dr->division</option>\n"; echo "<option $sel value=\"$dr->id\">$dr->division</option>\n";

View File

@ -46,7 +46,8 @@
if($_POST['action']=="save") { if($_POST['action']=="save") {
if($_POST['specialconfig']) { if($_POST['specialconfig']) {
foreach($_POST['specialconfig'] as $key=>$val) { foreach($_POST['specialconfig'] as $key=>$val) {
mysql_query("UPDATE config SET val='".mysql_escape_string(stripslashes($val))."' WHERE year='0' AND var='$key'"); $stmt = $pdo->prepare("UPDATE config SET val='".stripslashes($val)."' WHERE year='0' AND var='$key'");
$stmt->execute();
} }
} }
message_push(happy(i18n("Configuration successfully saved"))); message_push(happy(i18n("Configuration successfully saved")));
@ -98,11 +99,12 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n"; echo "<input type=\"hidden\" name=\"category\" value=\"Special\">\n";
echo "<table cellpadding=\"3\">"; echo "<table cellpadding=\"3\">";
$q=mysql_query("SELECT * FROM config WHERE year=0 ORDER BY var"); $q=$pdo->prepare("SELECT * FROM config WHERE year=0 ORDER BY var");
$q->execute();
echo "<tr><td colspan=\"2\">"; echo "<tr><td colspan=\"2\">";
echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing"); echo i18n("Warning, modifying values on this configuration variables page could cause your SFIAB to stop working. Only change anything on this page if you really know what you are doing");
echo "</td></tr>"; echo "</td></tr>";
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") { if($r->var=="FAIRYEAR" || $r->var=="DBVERSION" || $r->var=="FISCALYEAR") {
echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>"; echo "<tr><td><b>$r->var</b> - ".i18n($r->description)."</td><td>$r->val</td></tr>";
} }

View File

@ -95,7 +95,7 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
OR config.year='-1') OR config.year='-1')
ORDER BY config.year DESC"; ORDER BY config.year DESC";
$r2 = ($q); $r2 = ($q);
if(mysql_num_rows($r2) < 1) { if($r2->rowCount() < 1) {
/* Uhoh, this shouldn't happen */ /* Uhoh, this shouldn't happen */
echo "ERROR, Variable '$var' doesn't exist"; echo "ERROR, Variable '$var' doesn't exist";
exit; exit;
@ -103,13 +103,13 @@ function config_update_variables($fairyear=NULL, $lastfairyear=NULL)
$v = $r2->fetch(); $v = $r2->fetch();
("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES ( ("INSERT INTO config (var,val,category,type,type_values,ord,description,year) VALUES (
'".pdo->quote($v->var)."', '".$v->var."',
'".pdo->quote($v->val)."', '".$v->val."',
'".pdo->quote($v->category)."', '".$v->category."',
'".pdo->quote($v->type)."', '".$v->type."',
'".pdo->quote($v->type_values)."', '".$v->type_values."',
'".pdo->quote($v->ord)."', '".$v->ord."',
'".pdo->quote($v->description)."', '".$v->description."',
'$fairyear')"); '$fairyear')");
} }
} }
@ -213,7 +213,7 @@ function config_editor($category, $year, $array_name, $self)
print("<td>"); print("<td>");
$val = htmlspecialchars($var[$k]['val']); $val = htmlspecialchars($var[$k]['val']);
$name = "${array_name}[$k]"; $name = "{$array_name}[$k]";
switch($var[$k]['type']) { switch($var[$k]['type']) {
case "yesno": case "yesno":

View File

@ -103,7 +103,7 @@ function tochange() {
//if there's nobody in this committee, then just skip it and go on to the next one. //if there's nobody in this committee, then just skip it and go on to the next one.
// FIX ME !!!!! // FIX ME !!!!!
if(mysql_num_rows($q2)==0) if($q2->rowCount()==0)
continue; continue;
echo "<option value=\"\">{$r->name}</option>\n"; echo "<option value=\"\">{$r->name}</option>\n";

View File

@ -4,38 +4,44 @@ function db_update_116_post()
global $config; global $config;
/* Fix the users that have a 0 year */ /* Fix the users that have a 0 year */
$q = mysql_query("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0"); $q = $pdo->prepare("UPDATE `users` SET year={$config['FAIRYEAR']} WHERE year=0");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
/* Fix users without a username */ /* Fix users without a username */
mysql_query("UPDATE `users` SET `username`=`email` WHERE `username`=''"); $stmt = $pdo->prepare("UPDATE `users` SET `username`=`email` WHERE `username`=''");
$stmt->execute();
/*randomize usernames for any user that doesnt have a username at this point */ /*randomize usernames for any user that doesnt have a username at this point */
$q=mysql_query("SELECT id FROM `users` WHERE username=''"); $q=$pdo->prepare("SELECT id FROM `users` WHERE username=''");
$q->execute();
//this is ripped from user.inc.php's generate passsword function. //this is ripped from user.inc.php's generate passsword function.
//yes there's a chance of collisions, but i think highly unlikely enough that we //yes there's a chance of collisions, but i think highly unlikely enough that we
//dont need to worry about it. //dont need to worry about it.
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
$len=strlen($available) - 1; $len=strlen($available) - 1;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
$username=""; $username="";
for($x=0;$x<16;$x++) for($x=0;$x<16;$x++)
$username.=$available{rand(0,$len)}; $username.=$available{rand(0,$len)};
mysql_query("UPDATE users SET username='$username' WHERE id='$r->id'"); $stmt = $pdo->prepare("UPDATE users SET username='$username' WHERE id='$r->id'");
$stmt->execute();
} }
//okay now finally, there's a chance of duplicates from //okay now finally, there's a chance of duplicates from
//committee/volunteer that were in here before, so we need to merge //committee/volunteer that were in here before, so we need to merge
//them //them
$q = mysql_query("SELECT * FROM `users` WHERE types LIKE '%committee%'"); $q = $pdo->prepare("SELECT * FROM `users` WHERE types LIKE '%committee%'");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$orig_r = $r; $orig_r = $r;
$qq = mysql_query("SELECT * FROM `users` WHERE $qq = $pdo->prepare("SELECT * FROM `users` WHERE
(`username`='{$r['username']}' OR `email`='{$r['email']}') (`username`='{$r['username']}' OR `email`='{$r['email']}')
AND `id`!={$r['id']}"); AND `id`!={$r['id']}");
if(mysql_num_rows($qq) == 0) continue; $qq->execute();
if($qq->rowCount() == 0) continue;
echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n"; echo "User id {$r['id']} ({$r['username']} {$r['email']}) has multiple users, merging...\n";
@ -48,7 +54,7 @@ function db_update_116_post()
* */ * */
$delete_ids = array(); $delete_ids = array();
$delete_userids = array(); $delete_userids = array();
while($rr = mysql_fetch_assoc($qq)) { while($rr = $qq->fetch(PDO::FETCH_ASSOC)) {
$delete_ids[] = "`id`={$rr['id']}"; $delete_ids[] = "`id`={$rr['id']}";
$delete_userids[] = "`users_id`={$rr['id']}"; $delete_userids[] = "`users_id`={$rr['id']}";
$keys = array_keys($rr); $keys = array_keys($rr);
@ -86,7 +92,8 @@ function db_update_116_post()
} }
if(count($set)) { if(count($set)) {
$query = join(',',$set); $query = join(',',$set);
mysql_query("UPDATE `users` SET $query WHERE id={$r['id']}"); $stmt = $pdo->prepare("UPDATE `users` SET $query WHERE id={$r['id']}");
$stmt->execute();
echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n"; echo "Update query: UPDATE `users` SET $query WHERE id={$r['id']}\n";
} }
@ -96,38 +103,47 @@ function db_update_116_post()
echo "Merged... Deleting duplicate and adjusting volunteer tables...\n"; echo "Merged... Deleting duplicate and adjusting volunteer tables...\n";
/* Delete the dupe */ /* Delete the dupe */
mysql_query("DELETE FROM `users` $where_id"); $stmt = $pdo->prepare("DELETE FROM `users` $where_id");
$stmt->execute();
/* Update volunteer linkage */ /* Update volunteer linkage */
mysql_query("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id"); $stmt = $pdo->prepare("UPDATE `users_volunteer` SET `users_id`={$r['id']} $where_users_id");
mysql_query("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id"); $stmt->execute();
$stmt = $pdo->prepare("UPDATE `volunteer_positions_signup` SET `users_id`={$r['id']} $where_users_id");
$stmt->execute();
echo "done with this user.\n"; echo "done with this user.\n";
} }
/* Create volunteer database entries for any that don't exist */ /* Create volunteer database entries for any that don't exist */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`) while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`,`volunteer_active`,`volunteer_complete`)
VALUES ('{$i->id}','yes','{$i->complete}')"); VALUES ('{$i->id}','yes','{$i->complete}')");
}
$stmt->execute();}
/* Update any remaining volunteer entries */ /* Update any remaining volunteer entries */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%volunteer%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%volunteer%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("UPDATE users_volunteer while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_volunteer
SET volunteer_complete='{$i->complete}' SET volunteer_complete='{$i->complete}'
WHERE users_id='{$i->id}'"); WHERE users_id='{$i->id}'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
/* Every committee member role should be activated */ /* Every committee member role should be activated */
$q = mysql_query("SELECT * FROM users WHERE types LIKE '%committee%'"); $q = $pdo->prepare("SELECT * FROM users WHERE types LIKE '%committee%'");
while($i = mysql_fetch_object($q)) { $q->execute();
mysql_query("UPDATE users_committee while($i = $q->fetch(PDO::FETCH_OBJ)) {
$stmt = $pdo->prepare("UPDATE users_committee
SET committee_active='yes' SET committee_active='yes'
WHERE users_id='{$i->id}'"); WHERE users_id='{$i->id}'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
/* Convert Judges */ /* Convert Judges */
@ -136,11 +152,12 @@ function db_update_116_post()
$jsal = array(); $jsal = array();
/* Select all judges, duplicate rows for each year */ /* Select all judges, duplicate rows for each year */
$jq = mysql_query("SELECT * FROM judges $jq = $pdo->prepare("SELECT * FROM judges
LEFT JOIN judges_years ON judges_years.judges_id=judges.id LEFT JOIN judges_years ON judges_years.judges_id=judges.id
ORDER BY year"); ORDER BY year");
$jq->execute();
while($j = mysql_fetch_object($jq)) { while($j = $jq->fetch(PDO::FETCH_OBJ)) {
if(!is_array($map[$j->id])) { if(!is_array($map[$j->id])) {
$map[$j->id] = array('uid' => ''); $map[$j->id] = array('uid' => '');
@ -149,28 +166,28 @@ function db_update_116_post()
$u = array( 'id' => '', $u = array( 'id' => '',
'uid' => $map[$j->id]['uid'], 'uid' => $map[$j->id]['uid'],
'types' => 'judge', 'types' => 'judge',
'firstname' => mysql_escape_string($j->firstname), 'firstname' => $j->firstname,
'lastname' => mysql_escape_string($j->lastname), 'lastname' => $j->lastname,
'username' => mysql_escape_string($j->email), 'username' => $j->email,
'email' => mysql_escape_string($j->email), 'email' => $j->email,
'sex' => '', 'sex' => '',
'password' => mysql_escape_string($j->password), 'password' => $j->password,
'passwordset' => $j->lastlogin, 'passwordset' => $j->lastlogin,
'oldpassword' => '', 'oldpassword' => '',
'year' => $j->year, 'year' => $j->year,
'phonehome' => mysql_escape_string($j->phonehome), 'phonehome' => $j->phonehome,
'phonework' => mysql_escape_string($j->phonework.(($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}")), 'phonework' => $j->phonework.($j->phoneworkext=='') ? '' : " x{$j->phoneworkext}",
'phonecell' => mysql_escape_string($j->phonecell), 'phonecell' => $j->phonecell,
'fax' => '', 'fax' => '',
'organization' => mysql_escape_string($j->organization), 'organization' => $j->organization,
'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */ 'lang' => '', /* FIXME, or unused for judges?, this is preferred communication language, not judging languages */
'created' => $j->created, 'created' => $j->created,
'lastlogin' => $j->lastlogin, 'lastlogin' => $j->lastlogin,
'address' => mysql_escape_string($j->address), 'address' => $j->address,
'address2' => mysql_escape_string($j->address2), 'address2' => $j->address2,
'city' => mysql_escape_string($j->city), 'city' => $j->city,
'province' => mysql_escape_string($j->province), 'province' => $j->province,
'postalcode' => mysql_escape_string($j->postalcode), 'postalcode' => $j->postalcode,
'firstaid' => 'no', 'firstaid' => 'no',
'cpr' => 'no', 'cpr' => 'no',
'deleted' => $j->deleted, 'deleted' => $j->deleted,
@ -179,20 +196,22 @@ function db_update_116_post()
$updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime"); $updateexclude=array("id","uid","types","username","password","passwordset","oldpassword","year","created","lastlogin","firstaid","cpr","deleted","deleteddatetime");
//check if a user already exists with this username //check if a user already exists with this username
$uq=mysql_query("SELECT * FROM users WHERE (username='".mysql_real_escape_string($j->email)."' OR email='".mysql_real_escape_string($j->email)."') AND year='$j->year'"); $uq=$pdo->prepare("SELECT * FROM users WHERE (username='".$j->email."' OR email='".$j->email."') AND year='$j->year'");
if($j->email && $ur=mysql_fetch_object($uq)) { $uq->execute();
if($j->email && $ur=$uq->fetch(PDO::FETCH_OBJ) {
$id=$ur->id; $id=$ur->id;
echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n"; echo "Using existing users.id=$id for judges.id=$j->id because email address/year ($j->email/$j->year) matches\n";
$sqlset=""; $sqlset="";
foreach($u AS $f=>$v) { foreach($u AS $f=>$v) {
if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) { if(!$ur->$f && $j->$f && !in_array($f,$updateexclude)) {
$sqlset.="`$f`='".mysql_real_escape_string($j->$f)."', "; $sqlset.="`$f`='".$j->$f."', ";
} }
} }
$sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".mysql_real_escape_string($j->email)."' WHERE id='$id'"; $sql="UPDATE users SET $sqlset `types`='{$ur->types},judge',`username`='".$j->email."' WHERE id='$id'";
mysql_query($sql); $stmt = $pdo->prepare($sql);
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo " Updated user record with judge info, but only merged:\n"; echo " Updated user record with judge info, but only merged:\n";
echo " ($sqlset)\n"; echo " ($sqlset)\n";
@ -202,21 +221,23 @@ function db_update_116_post()
/* Insert the judge */ /* Insert the judge */
$fields = '`'.join('`,`', array_keys($u)).'`'; $fields = '`'.join('`,`', array_keys($u)).'`';
$vals = "'".join("','", array_values($u))."'"; $vals = "'".join("','", array_values($u))."'";
$q = mysql_query("INSERT INTO users ($fields) VALUES ($vals)"); $q = $pdo->prepare("INSERT INTO users ($fields) VALUES ($vals)");
$id = mysql_insert_id(); $q->execute();
$id = $pdo->lastInsertId();
if($map[$j->id]['uid'] == '') { if($map[$j->id]['uid'] == '') {
$map[$j->id]['uid'] = $id; $map[$j->id]['uid'] = $id;
$q = mysql_query("UPDATE users SET `uid`='$id' WHERE id='$id'"); $q = $pdo->prepare("UPDATE users SET `uid`='$id' WHERE id='$id'");
$q->execute();
} }
} }
$uj = array( 'users_id' => "$id", $uj = array( 'users_id' => "$id",
'judge_active' => 'yes', 'judge_active' => 'yes',
'highest_psd' => mysql_escape_string($j->highest_psd), 'highest_psd' => $j->highest_psd,
'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no', 'special_award_only' => ($j->typepref == 'speconly') ? 'yes' : 'no',
'expertise_other' => mysql_escape_string((($j->professional_quals != '')?($j->professional_quals."\n"):''). 'expertise_other' => (($j->professional_quals != '')?($j->professional_quals."\n"):'').
$j->expertise_other), $j->expertise_other,
/* These need to get pulled from the questions */ /* These need to get pulled from the questions */
'years_school' => $j->years_school, 'years_school' => $j->years_school,
'years_regional' => $j->years_regional, 'years_regional' => $j->years_regional,
@ -227,33 +248,36 @@ function db_update_116_post()
// $j->attending_lunch, // $j->attending_lunch,
/* catprefs */ /* catprefs */
$q = mysql_query("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_catpref WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$catpref = array(); $catpref = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
$catpref[$i->projectcategories_id] = $i->rank; $catpref[$i->projectcategories_id] = $i->rank;
} }
$uj['cat_prefs'] = mysql_escape_string(serialize($catpref)); $uj['cat_prefs'] = serialize($catpref);
/* divprefs and subdivision prefs */ /* divprefs and subdivision prefs */
$q = mysql_query("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_expertise WHERE judges_id='{$j->id}' AND year='{$j->year}'");
$q->execute();
$divpref = array(); $divpref = array();
$divsubpref = array(); $divsubpref = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
if($i->projectdivisions_id) if($i->projectdivisions_id)
$divpref[$i->projectdivisions_id] = $i->val; $divpref[$i->projectdivisions_id] = $i->val;
else if ($i->projectsubdivisions_id) else if ($i->projectsubdivisions_id)
$divsubpref[$i->projectsubdivisions_id] = $i->val; $divsubpref[$i->projectsubdivisions_id] = $i->val;
} }
$uj['div_prefs'] = mysql_escape_string(serialize($divpref)); $uj['div_prefs'] = serialize($divpref);
$uj['divsub_prefs'] = mysql_escape_string(serialize($divsubpref)); $uj['divsub_prefs'] = serialize($divsubpref);
/* languages */ /* languages */
$q = mysql_query("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'"); $q = $pdo->prepare("SELECT * FROM judges_languages WHERE judges_id='{$j->id}'");
$q->execute();
$langs = array(); $langs = array();
while($i = mysql_fetch_object($q)) { while($i = $q->fetch(PDO::FETCH_OBJ)) {
$langs[] = $i->languages_lang; $langs[] = $i->languages_lang;
} }
$uj['languages'] = mysql_escape_string(serialize($langs)); $uj['languages'] = serialize($langs);
/* Map judges questions back to the profile. We're going to keep questions we need for /* Map judges questions back to the profile. We're going to keep questions we need for
* judge scheduling as hard-coded questions so users can't erase them. * judge scheduling as hard-coded questions so users can't erase them.
@ -264,25 +288,27 @@ function db_update_116_post()
'willing_chair' => 'Willing Chair'); 'willing_chair' => 'Willing Chair');
foreach($qmap as $field=>$head) { foreach($qmap as $field=>$head) {
/* Find the question ID */ /* Find the question ID */
$q = mysql_query("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'"); $q = $pdo->prepare("SELECT id FROM questions WHERE year='{$j->year}' AND db_heading='{$head}'");
if(mysql_num_rows($q) == 0) { $q->execute();
if($q->rowCount() == 0) {
echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n"; echo "Warning: Question '$head' for judge {$j->id} doesn't exist in year '{$j->year}', cannot copy answer.\n";
continue; continue;
} }
$i = mysql_fetch_object($q); $i = $q->fetch(PDO::FETCH_OBJ);
/* Now find the answer */ /* Now find the answer */
$q = mysql_query("SELECT * FROM question_answers WHERE $q = $pdo->prepare("SELECT * FROM question_answers WHERE
year='{$j->year}' AND year='{$j->year}' AND
registrations_id='{$j->id}' AND registrations_id='{$j->id}' AND
questions_id='{$i->id}'"); questions_id='{$i->id}'");
echo mysql_error(); $q->execute();
if(mysql_num_rows($q) == 0) { echo $pdo->errorInfo();
if($q->rowCount() == 0) {
echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n"; echo "Warning: Judge {$j->id} did not answer question '$head' in year '{$j->year}', cannot copy answer.\n";
continue; continue;
} }
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC)
$uj[$field] = $i['answer']; $uj[$field] = $i['answer'];
} }
@ -290,42 +316,55 @@ function db_update_116_post()
$fields = '`'.join('`,`', array_keys($uj)).'`'; $fields = '`'.join('`,`', array_keys($uj)).'`';
$vals = "'".join("','", array_values($uj))."'"; $vals = "'".join("','", array_values($uj))."'";
$q = mysql_query("INSERT INTO users_judge ($fields) VALUES ($vals)"); $q = $pdo->prepare("INSERT INTO users_judge ($fields) VALUES ($vals)");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
/* FIXUP all the judging tables (but don't write back yet, we don't want to /* FIXUP all the judging tables (but don't write back yet, we don't want to
* accidentally create a duplicate judges_id and overwrite it later) */ * accidentally create a duplicate judges_id and overwrite it later) */
/* judges_teams_link */ /* judges_teams_link */
$q = mysql_query("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_teams_link WHERE judges_id='{$j->id}' AND year='{$j->year}'");
while($i = mysql_fetch_object($q))
$q->execute();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jtl[$i->id] = $id; $jtl[$i->id] = $id;
/* judges_specialawards_sel */ /* judges_specialawards_sel */
$q = mysql_query("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE judges_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q)) $q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$jsal[$i->id] = $id; $jsal[$i->id] = $id;
/* question_answers */ /* question_answers */
$q = mysql_query("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'"); $q = $pdo->prepare("SELECT * FROM question_answers WHERE registrations_id='{$j->id}' AND year='{$j->year}'");
echo mysql_error();
while($i = mysql_fetch_object($q)) $q->execute();
echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ))
$qa[$i->id] = $id; $qa[$i->id] = $id;
} }
/* Now write back the judge ids */ /* Now write back the judge ids */
if(count($jtl)) { if(count($jtl)) {
foreach($jtl as $id=>$new_id) foreach($jtl as $id=>$new_id)
$q = mysql_query("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE judges_teams_link SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
if(count($jsal)) { if(count($jsal)) {
foreach($jsal as $id=>$new_id) foreach($jsal as $id=>$new_id)
$q = mysql_query("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE judges_specialaward_sel SET judges_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
if(count($qa)) { if(count($qa)) {
foreach($qa as $id=>$new_id) foreach($qa as $id=>$new_id)
$q = mysql_query("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' "); $q = $pdo->prepare("UPDATE question_answers SET registrations_id='$new_id' WHERE id='$id' ");
$q->execute();
} }
} }
?> ?>

View File

@ -4,9 +4,10 @@ function db_update_122_post()
{ {
global $config; global $config;
$year = $config['FAIRYEAR']; $year = $config['FAIRYEAR'];
$q = mysql_query("SELECT * FROM judges_timeslots WHERE year='$year'"); $q = $pdo->prepare("SELECT * FROM judges_timeslots WHERE year='$year'");
$q->execute();
$round = array(); $round = array();
while($r = mysql_fetch_assoc($q)) { while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$type = $r['type']; $type = $r['type'];
if(!array_key_exists($type, $round)) { if(!array_key_exists($type, $round)) {
@ -25,18 +26,22 @@ function db_update_122_post()
} }
foreach($round as $type=>$d) { foreach($round as $type=>$d) {
mysql_query("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year) $stmt = $pdo->prepare("INSERT INTO judges_timeslots (round_id,type,date,starttime,endtime,year)
VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')"); VALUES ('0','$type','{$d['date']}','{$d['starttime']}','{$d['endtime']}','$year')");
$round_id = mysql_insert_id(); $stmt->execute();
$round_id = $pdo->lastInsertId();
mysql_query("UPDATE judges_timeslots SET $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='$round_id', type='timeslot' round_id='$round_id', type='timeslot'
WHERE type='$type' AND year='$year'");
WHERE type='$type' AND year='$year'");
$stmt->execute();
/* Undo the set we just did to the round we just inserted */ /* Undo the set we just did to the round we just inserted */
mysql_query("UPDATE judges_timeslots SET $stmt = $pdo->prepare("UPDATE judges_timeslots SET
round_id='0',type='$type' round_id='0',type='$type'
WHERE id='$round_id'"); WHERE id='$round_id'");
$stmt->execute();
} }
} }

View File

@ -5,29 +5,31 @@ function db_update_129_pre()
{ {
/* Load all external award sources */ /* Load all external award sources */
$source_map = array(); $source_map = array();
$q = mysql_query("SELECT * FROM award_sources"); $q = $pdo->prepare("SELECT * FROM award_sources");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = m$q->fetch(PDO::FETCH_ASSOC) {
/* Make a user, use the password generator to get /* Make a user, use the password generator to get
* a random username */ * a random username */
$u = db129_user_create('fair', db129_user_generate_password()); $u = db129_user_create('fair', db129_user_generate_password());
/* Add a Fair Entry */ /* Add a Fair Entry */
$name = mysql_escape_string($r['name']); $name = $r['name'];
$url = mysql_escape_string($r['url']); $url = $r['url'];
$website = mysql_escape_string($r['website']); $website = $r['website'];
$username = mysql_escape_string($r['username']); $username = $r['username'];
$password = mysql_escape_string($r['password']); $password = $r['password'];
$en = ($r['enabled'] == 'no') ? 'no' : 'yes'; $en = ($r['enabled'] == 'no') ? 'no' : 'yes';
mysql_query("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`, $stmt = $pdo->prepare("INSERT INTO fairs (`id`,`name`,`abbrv`,`type`,
`url`,`website`,`username`,`password`,`enable_stats`, `url`,`website`,`username`,`password`,`enable_stats`,
`enable_awards`,`enable_winners`) VALUES ( `enable_awards`,`enable_winners`) VALUES (
'', '$name', '', 'ysf', '$url', '$web', '', '$name', '', 'ysf', '$url', '$web',
'$username','$password','no','$en','$en')"); '$username','$password','no','$en','$en')");
$stmt->execute();
/* Link the fair to the user */ /* Link the fair to the user */
$u['fairs_id'] = mysql_insert_id(); $u['fairs_id'] = $pdo->lastInsertId();
/* Record the old sources_id to new sources_id mapping */ /* Record the old sources_id to new sources_id mapping */
$source_map[$r['id']] = $u['fairs_id']; $source_map[$r['id']] = $u['fairs_id'];
@ -36,14 +38,16 @@ function db_update_129_pre()
} }
/* Map all awards to their new source IDs */ /* Map all awards to their new source IDs */
$q = mysql_query("SELECT * FROM award_awards"); $q = $pdo->prepare("SELECT * FROM award_awards");
$q->execute();
$keys = array_keys($source_map); $keys = array_keys($source_map);
while($r = mysql_fetch_assoc($q)) { while($r = m$q->fetch(PDO::FETCH_ASSOC)) {
$old_id = $r['award_sources_id']; $old_id = $r['award_sources_id'];
if(!in_array($old_id, $keys)) continue; if(!in_array($old_id, $keys)) continue;
$qq = mysql_query("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}' $qq = $pdo->prepare("UPDATE award_awards SET award_sources_id='{$source_map[$old_id]}'
WHERE id='{$r['id']}'"); WHERE id='{$r['id']}'");
$qq->execute();
} }

View File

@ -147,16 +147,17 @@ function db129_user_load($user, $uid = false)
$id = intval($user); $id = intval($user);
$query .= " `users`.`id`='$id'"; $query .= " `users`.`id`='$id'";
} }
$q=mysql_query($query); $q=$pdo->prepare($query);
$q->execute();
if(mysql_num_rows($q)!=1) { if($q->rowCount()!=1) {
echo "Query [$query] returned ".mysql_num_rows($q)." rows\n"; echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>"; // echo "<pre>";
// print_r(debug_backtrace()); // print_r(debug_backtrace());
return false; return false;
} }
$ret = mysql_fetch_assoc($q); $ret = $q->fetch(PDO::FETCH_ASSOC);
/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would /* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
* simply return the previous year (where deleted=no) */ * simply return the previous year (where deleted=no) */
@ -220,8 +221,9 @@ function db129_user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */ /* pass $u by reference so we can update it */
$save_old = false; $save_old = false;
if($password == NULL) { if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'"); $q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q); $q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */ /* Generate a new password */
$password = db129_user_generate_password(12); $password = db129_user_generate_password(12);
/* save the old password only if it's not an auto-generated one */ /* save the old password only if it's not an auto-generated one */
@ -234,13 +236,14 @@ function db129_user_set_password($id, $password = NULL)
$save_set = 'NOW()'; $save_set = 'NOW()';
} }
$p = mysql_escape_string($password); $p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : ''; $set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set "; $set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'"; $query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query); $stmt = $pdo->prepare($query);
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
return $password; return $password;
} }
@ -264,17 +267,18 @@ function db129_user_save_type_list($u, $db, $fields)
} }
if(is_array($u[$f])) if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f])); $data = serialize($u[$f]);
else else
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "`$f`='$data'"; $set .= "`$f`='$data'";
} }
if($set != "") { if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'"; $query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
if(mysql_error()) { $stmt->execute();
echo mysql_error(); if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query"); echo error("Full query: $query");
} }
} }
@ -337,7 +341,7 @@ function db129_user_save($u)
// if($f == 'types') // if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'"; // $set .= "$f='".implode(',', $u[$f])."'";
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "$f='$data'"; $set .= "$f='$data'";
} }
//echo "<pre>"; //echo "<pre>";
@ -345,9 +349,10 @@ function db129_user_save($u)
//echo "</pre>"; //echo "</pre>";
if($set != "") { if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'"; $query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]"; // echo "query=[$query]";
echo mysql_error(); echo $pdo->errorInfo();
} }
/* Save the password if it changed */ /* Save the password if it changed */
@ -364,7 +369,8 @@ function db129_user_save($u)
function db129_user_delete_committee($u) function db129_user_delete_committee($u)
{ {
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'"); $stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
} }
function db129_user_delete_volunteer($u) function db129_user_delete_volunteer($u)
@ -375,9 +381,11 @@ function db129_user_delete_judge($u)
{ {
global $config; global $config;
$id = $u['id']; $id = $u['id'];
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'"); $stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id='$id'");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'"); $stmt->execute();
} $stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
$stmt->execute();}
function db129_user_delete_fair($u) function db129_user_delete_fair($u)
{ {
@ -412,7 +420,8 @@ function db129_user_delete($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else { } else {
$finish_delete = true; $finish_delete = true;
} }
@ -423,7 +432,8 @@ function db129_user_delete($u, $type=false)
$finish_delete = true; $finish_delete = true;
} }
if($finish_delete == true) { if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
$stmt->execute();
} }
} }
@ -453,7 +463,8 @@ function db129_user_purge($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else { } else {
$finish_purge = true; $finish_purge = true;
} }
@ -461,18 +472,21 @@ function db129_user_purge($u, $type=false)
* out the entry */ * out the entry */
call_user_func("db129_user_delete_$type", $u); call_user_func("db129_user_delete_$type", $u);
// call_user_func("user_purge_$type", $u); // call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else { } else {
/* Delete the whole user */ /* Delete the whole user */
foreach($u['types'] as $t) { foreach($u['types'] as $t) {
call_user_func("db129_user_delete_$t", $u); call_user_func("db129_user_delete_$t", $u);
// call_user_func("user_purge_$t", $u); // call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
} }
$finish_purge = true; $finish_purge = true;
} }
if($finish_purge == true) { if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
} }
} }
@ -482,12 +496,13 @@ function db129_user_dupe_row($db, $key, $val, $newval)
{ {
global $config; global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */ $nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'"); $q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) { $q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n"; echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit; exit;
} }
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval; $i[$key] = $newval;
foreach($i as $k=>$v) { foreach($i as $k=>$v) {
@ -496,7 +511,7 @@ function db129_user_dupe_row($db, $key, $val, $newval)
else if($k == 'year') else if($k == 'year')
$i[$k] = $config['FAIRYEAR']; $i[$k] = $config['FAIRYEAR'];
else else
$i[$k] = '\''.mysql_escape_string($v).'\''; $i[$k] = '\''.$v.'\'';
} }
$keys = '`'.join('`,`', array_keys($i)).'`'; $keys = '`'.join('`,`', array_keys($i)).'`';
@ -504,10 +519,11 @@ function db129_user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)"; $q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]"; // echo "Dupe Query: [$q]";
$r = mysql_query($q); $r = $pdo->prepare($q);
echo mysql_error(); $r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id(); $id = $pdo->lastInsertId();
return $id; return $id;
} }
/* Used by the login scripts to copy one user from one year to another */ /* Used by the login scripts to copy one user from one year to another */
@ -521,9 +537,10 @@ function db129_user_dupe($u, $new_year)
* - That previous entry has deleted=no */ * - That previous entry has deleted=no */
/* Find the last entry */ /* Find the last entry */
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}' $q = $pdo->prepare("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
ORDER BY year DESC LIMIT 1"); ORDER BY year DESC LIMIT 1");
$r = mysql_fetch_object($q); $q->execute();
$r = $q->fetch(PDO::FETCH_OBJ);
if($r->deleted == 'yes') { if($r->deleted == 'yes') {
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n"; echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
exit; exit;
@ -534,7 +551,8 @@ function db129_user_dupe($u, $new_year)
} }
$id = db129_user_dupe_row('users', 'id', $u['id'], NULL); $id = db129_user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'"); $q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */ /* Load the new user */
$u2 = db129_user_load($id); $u2 = db129_user_load($id);
@ -572,11 +590,13 @@ function db129_user_create($type, $username, $u = NULL)
{ {
global $config; global $config;
if(!is_array($u)) { if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`) $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`)
VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')"); VALUES ('$type', '$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}')");
echo mysql_error(); $stmt->execute();
$uid = mysql_insert_id(); echo $pdo->errorInfo();
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'"); $uid = $pdo->lastInsertId();
$stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
$stmt->execute();
db129_user_set_password($uid, NULL); db129_user_set_password($uid, NULL);
} else { } else {
/* The user has been specified and already exists, /* The user has been specified and already exists,
@ -588,27 +608,34 @@ function db129_user_create($type, $username, $u = NULL)
exit; exit;
} }
$new_types = implode(',', $u['types']).','.$type; $new_types = implode(',', $u['types']).','.$type;
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'"); $stmt = \4pdo->prepare("UPDATE users SET types='$new_types' WHERE id='$uid'");
$stmt->execute();
} }
switch($type) { switch($type) {
case 'volunteer': case 'volunteer':
mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'student': case 'student':
// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')"); // $stmt = $pdo->prepare("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'judge': case 'judge':
mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'fair': case 'fair':
mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'committee': case 'committee':
mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')"); $stmt = $pdo->prepare("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
$stmt->execute();
break; break;
case 'sponsor': case 'sponsor':
mysql_query("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')"); $stmt = $pdo->prepare("INSERT INTO users_sponsor(`users_id`) VALUES ('$uid')");
$stmt->execute();
break; break;
} }
return db129_user_load($uid); return db129_user_load($uid);

View File

@ -4,7 +4,7 @@
function db_update_136_pre() function db_update_136_pre()
{ {
global $config; global $config;
mysql_query("UPDATE fairs SET `name` = 'Youth Science Canada', $stmt = $pdo->prepare("UPDATE fairs SET `name` = 'Youth Science Canada',
`abbrv` = 'YSC', `abbrv` = 'YSC',
`website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php', `website` = 'http://apps.ysf-fsj.ca/awarddownloader/help.php',
`enable_stats` = 'yes', `enable_stats` = 'yes',
@ -15,14 +15,16 @@ function db_update_136_pre()
WHERE WHERE
`url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'"); `url`='https://secure.ysf-fsj.ca/awarddownloader/index.php'");
$stmt->execute();
mysql_query("UPDATE fairs SET `abbrv` = 'STO', $stmt = $pdo->prepare("UPDATE fairs SET `abbrv` = 'STO',
`website` = 'http://www.scitechontario.org/awarddownloader/help.php', `website` = 'http://www.scitechontario.org/awarddownloader/help.php',
`enable_stats` = 'yes', `enable_stats` = 'yes',
`enable_awards` = 'yes', `enable_awards` = 'yes',
`enable_winners` = 'yes' `enable_winners` = 'yes'
WHERE WHERE
`url`='http://www.scitechontario.org/awarddownloader/index.php'"); `url`='http://www.scitechontario.org/awarddownloader/index.php'");
$stmt->execute();
} }

View File

@ -1,8 +1,9 @@
<? <?
function db_update_142_post() { function db_update_142_post() {
$q=mysql_query("SELECT * FROM config WHERE var='FISCALYEAR'"); $q=$pdo->prepare("SELECT * FROM config WHERE var='FISCALYEAR'");
if(mysql_num_rows($q)) { $q->execute();
if($q->rowCount()) {
//great its there, do nothing, it must have been inserted by the installer when doing a fresh install //great its there, do nothing, it must have been inserted by the installer when doing a fresh install
} }
else { else {
@ -11,7 +12,8 @@ function db_update_142_post() {
$month=date("m"); $month=date("m");
if($month>6) $fiscalyearsuggest=date("Y")+1; if($month>6) $fiscalyearsuggest=date("Y")+1;
else $fiscalyearsuggest=date("Y"); else $fiscalyearsuggest=date("Y");
mysql_query("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')"); $stmt = $pdo->prepare("INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( 'FISCALYEAR', '$fiscalyearsuggest', 'Special', '', '', '0', 'The current fiscal year that the fundraising module is using', '0')");
$stmt->execute();
} }
} }

View File

@ -17,8 +17,9 @@ $update_62_committee = array();
function db_update_62_pre() function db_update_62_pre()
{ {
global $update_62_committee; global $update_62_committee;
$q = mysql_query("SELECT * FROM committees_members"); $q = $pdo->prepare("SELECT * FROM committees_members");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$update_62_committee[] = $r; $update_62_committee[] = $r;
} }
} }
@ -31,8 +32,7 @@ function db_update_62_post()
foreach($update_62_committee as $c) { foreach($update_62_committee as $c) {
list($fn, $ln) = split(' ', $c['name'], 2); list($fn, $ln) = split(' ', $c['name'], 2);
$username = $c['email']; $username = $c['email'];
$fn = mysql_escape_string($fn);
$ln = mysql_escape_string($ln);
if($config['committee_password_expiry_days'] > 0) { if($config['committee_password_expiry_days'] > 0) {
$passwordexpiry = "DATE_ADD(CURDATE(), $passwordexpiry = "DATE_ADD(CURDATE(),
INTERVAL {$config['committee_password_expiry_days']} DAY)"; INTERVAL {$config['committee_password_expiry_days']} DAY)";
@ -46,19 +46,20 @@ function db_update_62_post()
`email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`, `email`,`phonehome`,`phonework`,`phonecell`,`fax`,`organization`,
`created`,`deleted`) `created`,`deleted`)
VALUES ('committee','$fn', '$ln', '$username', VALUES ('committee','$fn', '$ln', '$username',
'".mysql_escape_string($c['password'])."', '".$c['password']."',
$passwordexpiry, $passwordexpiry,
'{$c['email']}', '{$c['email']}',
'{$c['phonehome']}', '{$c['phonehome']}',
'{$c['phonework']}', '{$c['phonework']}',
'{$c['phonecell']}', '{$c['phonecell']}',
'{$c['fax']}', '{$c['fax']}',
'".mysql_escape_string($c['organization'])."', '".$c['organization']."',
NOW(), NOW(),
'$deleted')"; '$deleted')";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
$id = mysql_insert_id(); $id = $pdo->lastInsertId();
$access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no'; $access_admin = ($c['access_admin'] == 'Y') ? 'yes' : 'no';
$access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no'; $access_config = ($c['access_config'] == 'Y') ? 'yes' : 'no';
@ -73,14 +74,16 @@ function db_update_62_post()
'$access_admin', '$access_admin',
'$access_config', '$access_config',
'$access_super')"; '$access_super')";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
echo mysql_error(); echo $pdo->errorInfo();
/* Update committee links */ /* Update committee links */
$q = "UPDATE committees_link SET users_id='$id' $q = "UPDATE committees_link SET users_id='$id'
WHERE committees_members_id='{$c['id']}'"; WHERE committees_members_id='{$c['id']}'";
mysql_query($q); $stmt = $pdo->prepare($q);
$stmt->execute();
echo "$q\n"; echo "$q\n";
} }

View File

@ -1,10 +1,12 @@
<? <?
function db_update_81_post() function db_update_81_post()
{ {
$q = mysql_query("SELECT DISTINCT award_sponsors_id FROM award_contacts"); $q = $pdo->prepare("SELECT DISTINCT award_sponsors_id FROM award_contacts");
while($i = mysql_fetch_object($q)) { $q->execute();
while($i = m$q->fetch(PDO::FETCH_OBJ)) {
$asid = $i->award_sponsors_id; $asid = $i->award_sponsors_id;
mysql_query("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1"); $stmt = $pdo->prepare("UPDATE award_contacts SET `primary`='yes' WHERE award_sponsors_id='$asid' LIMIT 1");
$stmt->execute();
} }
} }
?> ?>

View File

@ -37,10 +37,11 @@ function fair_additional_materials($fair, $award, $year)
$_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif"); $_SERVER['DOCUMENT_ROOT'].$config['SFIABDIRECTORY']."/data/logo.gif");
/* Grab a list of winners */ /* Grab a list of winners */
$q = mysql_query("SELECT * FROM award_prizes $q = $pdo->prepare("SELECT * FROM award_prizes
LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id LEFT JOIN winners ON winners.awards_prizes_id=award_prizes.id
WHERE winners.year='$year' WHERE winners.year='$year'
AND winners.fairs_id='{$fair['id']}'"); AND winners.fairs_id='{$fair['id']}'");
$q2->execute();
while($r = $q->fetch()) { while($r = $q->fetch()) {
$pid = $r['projects_id']; $pid = $r['projects_id'];
$rep->newPage("","",1); $rep->newPage("","",1);

View File

@ -136,7 +136,7 @@ function fairinfo_save()
$q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}"); $q = $pdo->query("SELECT * FROM fairs WHERE id={$u['fairs_id']}");
######## FIX ME!!!!! ######## FIX ME!!!!!
if(mysql_num_rows($q)) { if($q2->rowCount()) {
$f = $q->fetch; $f = $q->fetch;
} else { } else {
$f = array(); $f = array();

View File

@ -49,7 +49,7 @@ case 'save':
$year = intval($_POST['year']); $year = intval($_POST['year']);
foreach($stats as $k=>$v) { foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]); $stats[$k] = $stats[$k];
} }
// $str = join(',',$stats); // $str = join(',',$stats);
@ -61,7 +61,8 @@ case 'save':
':year' => $year ':year' => $year
]); ]);
echo pdo->errorInfo(); echo pdo->errorInfo();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)"); $stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt->execute();
echo pdo->errorInfo(); echo pdo->errorInfo();
happy_("Fair Information Saved."); happy_("Fair Information Saved.");

View File

@ -45,13 +45,15 @@ function judge_status_expertise(&$u)
} }
/* Check to see if they have ranked all project age categories, and all divisions */ /* Check to see if they have ranked all project age categories, and all divisions */
$q=mysql_query("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectcategories WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numcats=$r->num; $numcats=$r->num;
if($numcats != count($u['cat_prefs'])) return 'incomplete'; if($numcats != count($u['cat_prefs'])) return 'incomplete';
$q=mysql_query("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT COUNT(id) AS num FROM projectdivisions WHERE year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$numdivisions=$r->num; $numdivisions=$r->num;
if($numdivisions != count($u['div_prefs'])) return 'incomplete'; if($numdivisions != count($u['div_prefs'])) return 'incomplete';
@ -75,14 +77,16 @@ function judge_status_questions($u){
*/ */
global $config; global $config;
// get the questions we're looking for // get the questions we're looking for
$q = mysql_query("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'"); $q = $pdo->prepare("SELECT id FROM questions WHERE year=" . $config['FAIRYEAR'] . " AND required='yes'");
$q->execute();
$idList = array(); $idList = array();
while($row = mysql_fetch_assoc($q)) $idList[] = $row['id']; while($row = $q->fetch(PDO::FETCH_ASSOC)) $idList[] = $row['id'];
$rval = 'complete'; $rval = 'complete';
if(count($idList)){ if(count($idList)){
$q = mysql_query("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL"); $q = $pdo->prepare("SELECT COUNT(*) AS tally FROM question_answers WHERE questions_id IN(" . implode(',', $idList) . ") AND users_id=" . $u['id'] . " AND answer IS NOT NULL");
$row = mysql_fetch_assoc($q); $q->execute();
$row = $q->fetch(PDO::FETCH_ASSOC);
if(intval($row['tally']) != count($idList)) $rval = 'incomplete'; if(intval($row['tally']) != count($idList)) $rval = 'incomplete';
} }
return $rval; return $rval;
@ -100,9 +104,10 @@ function judge_status_special_awards(&$u)
* - judge has selected between min and max preferences * - judge has selected between min and max preferences
*/ */
$qq = mysql_query("SELECT COUNT(id) AS num FROM judges_specialaward_sel $qq = $pdo->prepare("SELECT COUNT(id) AS num FROM judges_specialaward_sel
WHERE users_id='{$u['id']}'"); WHERE users_id='{$u['id']}'");
$rr = mysql_fetch_object($qq); $qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
$awards_selected = $rr->num; $awards_selected = $rr->num;
// echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})"; // echo "$awards_selected awards selected, ({$config['judges_specialaward_min']} - {$config['judges_specialaward_max']})";
@ -127,9 +132,9 @@ function judge_status_availability(&$u)
global $config; global $config;
if($config['judges_availability_enable'] == 'no') return 'complete'; if($config['judges_availability_enable'] == 'no') return 'complete';
$q = mysql_query("SELECT id FROM judges_availability $q = $pdo->prepare("SELECT id FROM judges_availability
WHERE users_id=\"{$u['id']}\""); WHERE users_id=\"{$u['id']}\"");
if(mysql_num_rows($q) > 0) return 'complete'; if($q->rowCount() > 0) return 'complete';
return 'incomplete'; return 'incomplete';
} }

View File

@ -46,9 +46,10 @@ $u = user_load($eid);
$times = array(); $times = array();
/* Load the judging rounds */ /* Load the judging rounds */
$q = mysql_query("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type"); $q = $pdo->prepare("SELECT date,starttime,endtime,name FROM judges_timeslots WHERE round_id='0' AND year='{$config['FAIRYEAR']}' ORDER BY starttime,type");
$q2->execute();
$x = 0; $x = 0;
while($r = mysql_fetch_object($q)) { while($r = $q->fetch(PDO::FETCH_OBJ)) {
$found = false; $found = false;
foreach($times as $xx => $t) { foreach($times as $xx => $t) {
if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) { if($t['date'] == $r->date && $t['starttime'] == $r->starttime && $t['endtime'] == $r->endtime) {
@ -68,16 +69,18 @@ while($r = mysql_fetch_object($q)) {
switch($_GET['action']) { switch($_GET['action']) {
case 'save': case 'save':
mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
$stmt->execute();
if(is_array($_POST['time']) ) { if(is_array($_POST['time']) ) {
foreach($_POST['time'] as $x) { foreach($_POST['time'] as $x) {
if(trim($times[$x]['starttime']) == '') continue; if(trim($times[$x]['starttime']) == '') continue;
mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`) $stmt = $pdo->prepare("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
VALUES ('{$u['id']}', VALUES ('{$u['id']}',
'{$times[$x]['date']}', '{$times[$x]['date']}',
'{$times[$x]['starttime']}','{$times[$x]['endtime']}')"); '{$times[$x]['starttime']}','{$times[$x]['endtime']}')");
$stmt->execute();
} }
} }
happy_("Time Availability preferences successfully saved"); happy_("Time Availability preferences successfully saved");
@ -124,10 +127,10 @@ if($_SESSION['embed'] != true) {
<table> <table>
<? <?
/* Get all their available times */ /* Get all their available times */
$q = mysql_query("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`"); $q = $pdo->prepare("SELECT * FROM judges_availability WHERE users_id=\"{$u['id']}\" ORDER BY `start`");
$q->execute();
$sel = array(); $sel = array();
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
foreach($times as $x=>$t) { foreach($times as $x=>$t) {
if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) { if($r->start == $t['starttime'] && $r->end == $t['endtime'] && $r->date == $t['date']) {
$sel[$x] = true; $sel[$x] = true;

View File

@ -131,10 +131,11 @@ echo "<div id=\"expertise_info_status\"></div>\n";
echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n"; echo "<form name=\"expertiseform\" id=\"judgeexpertise_form\">\n";
echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n"; echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
$q=mysql_query("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='{$config['FAIRYEAR']}' ORDER BY mingrade");
$q->execute();
echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>"; echo "<br /><h4>".i18n("Age Category Preferences")."</h4><br>";
echo "<table class=\"editor\" style=\"width: 300px;\" >"; echo "<table class=\"editor\" style=\"width: 300px;\" >";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr><td class=\"label\" >"; echo "<tr><td class=\"label\" >";
echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade)); echo i18n("%1 (Grades %2-%3)",array(i18n($r->category),$r->mingrade,$r->maxgrade));
@ -171,9 +172,10 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
echo "<table>\n"; echo "<table>\n";
//query all of the categories //query all of the categories
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='{$config['FAIRYEAR']}' ORDER BY division");
$q->execute();
$first = true; $first = true;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
$trclass = ($trclass == 'odd') ? 'even' : 'odd'; $trclass = ($trclass == 'odd') ? 'even' : 'odd';
if($first == true) { if($first == true) {
@ -198,8 +200,9 @@ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\">\n";
//only show the sub-divisions if the 'main' division is scored >=3 //only show the sub-divisions if the 'main' division is scored >=3
if($u['div_prefs'][$r->id]>=3) { if($u['div_prefs'][$r->id]>=3) {
$subq=mysql_query("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision"); $subq=$pdo->prepare("SELECT * FROM projectsubdivisions WHERE projectdivisions_id='$r->id' AND year='".$config['FAIRYEAR']."' ORDER BY subdivision");
while($subr=mysql_fetch_object($subq)) { $subq->execute();
while($subr=$subq->fetch(PDO::FETCH_OBJ)) {
echo "<tr>"; echo "<tr>";
echo "<td>&nbsp;</td>"; echo "<td>&nbsp;</td>";
$ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : ''; $ch = ($u['div_prefs_sub'][$subr->id]) ? "checked=\"checked\"" : '';

View File

@ -49,8 +49,9 @@
$scheduleok=false; $scheduleok=false;
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") { if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$scheduleok=$r->test; $scheduleok=$r->test;
} }
else { else {
@ -61,9 +62,10 @@
/* Check for any judging team assignment this year for this judge, /* Check for any judging team assignment this year for this judge,
* if there is one, print the judge scheule link in an obvious place, * if there is one, print the judge scheule link in an obvious place,
* it's less obvious below */ * it's less obvious below */
$q = mysql_query("SELECT id FROM judges_teams_link WHERE $q = $pdo->prepare("SELECT id FROM judges_teams_link WHERE
users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'"); users_id='{$u['id']}' AND year='{$config['FAIRYEAR']}'");
if(mysql_num_rows($q) > 0) { $q2->execute();
if($q2->rowCount() > 0) {
echo '<span style="font-size: 1.2em; font-weight: bold;">'; echo '<span style="font-size: 1.2em; font-weight: bold;">';
echo i18n("You have been assigned to a judging team. %1Click here%2 to view the judging schedule", echo i18n("You have been assigned to a judging team. %1Click here%2 to view the judging schedule",
array("<a href=\"judge_schedule.php\">","</a>")); array("<a href=\"judge_schedule.php\">","</a>"));

View File

@ -62,7 +62,7 @@ case 'save':
$u['years_regional'] = intval($_POST['years_regional']); $u['years_regional'] = intval($_POST['years_regional']);
$u['years_national'] = intval($_POST['years_national']); $u['years_national'] = intval($_POST['years_national']);
$u['highest_psd'] = stripslashes($_POST['highest_psd']); $u['highest_psd'] = stripslashes($_POST['highest_psd']);
$u['private_info'] = mysql_escape_string(iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info']))); $u['private_info'] = iconv("UTF-8","ISO-8859-1//TRANSLIT",stripslashes($_POST['private_info']));
//check if judge has been flagged then update them //check if judge has been flagged then update them
@ -130,9 +130,10 @@ echo "<div id=\"other_info_status\"></div>\n";
<td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td> <td style="width:35%"><?=i18n("I can judge in the following languages")." ".REQUIREDFIELD?>: </td>
<td> <td>
<? <?
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname"); $q=$pdo->prepare("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : ''; $ch = (in_array($r->lang,$u['languages'])) ? 'checked="checked"' : '';
echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />"; echo "<input onclick=\"fieldChanged()\" $ch type=\"checkbox\" name=\"languages[]\" value=\"$r->lang\" /> $r->langname <br />";

View File

@ -27,29 +27,31 @@ require_once('user.inc.php');
user_auth_required(array('judge', 'committee')); user_auth_required(array('judge', 'committee'));
$pn = mysql_escape_string(stripslashes($_GET['pn'])); $pn = stripslashes($_GET['pn']);
$q=mysql_query("SELECT * FROM projects WHERE $q=$pdo->prepare("SELECT * FROM projects WHERE
projectnumber='$pn' projectnumber='$pn'
AND year='{$config['FAIRYEAR']}'"); AND year='{$config['FAIRYEAR']}'");
if(mysql_num_rows($q)==0) { $q->execute();
if($q->rowCount()==0) {
echo "not found"; echo "not found";
exit; exit;
} }
$pi = mysql_fetch_object($q); $pi = $q->fetch(PDO::FETCH_OBJ);
$sq = mysql_query("SELECT firstname,lastname,school FROM students $sq = $pdo->prepare("SELECT firstname,lastname,school FROM students
LEFT JOIN schools ON schools.id = students.schools_id LEFT JOIN schools ON schools.id = students.schools_id
WHERE WHERE
registrations_id='{$pi->registrations_id}' registrations_id='{$pi->registrations_id}'
AND students.year='{$config['FAIRYEAR']}'"); AND students.year='{$config['FAIRYEAR']}'");
$sq->execute();
$student = array(); $student = array();
while($si = mysql_fetch_object($sq)) { while($si = $sq->fetch(PDO;;FETCH_OBJ)) {
$student[] = $si->firstname.' '.$si->lastname; $student[] = $si->firstname.' '.$si->lastname;
$school = $si->school; $school = $si->school;
} }

View File

@ -54,8 +54,9 @@ $u = user_load($eid);
$scheduleok=false; $scheduleok=false;
if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") { if($config['dates']['judgescheduleavailable'] && $config['dates']['judgescheduleavailable']!="0000-00-00 00:00:00") {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['judgescheduleavailable']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$scheduleok=$r->test; $scheduleok=$r->test;
} }
else { else {
@ -72,46 +73,51 @@ if(!$scheduleok) {
/* Find all judging teams this judge is on */ /* Find all judging teams this judge is on */
$q = mysql_query("SELECT * FROM judges_teams_link $q = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id LEFT JOIN judges_teams ON judges_teams.id=judges_teams_link.judges_teams_id
WHERE judges_teams_link.users_id='{$u['id']}' WHERE judges_teams_link.users_id='{$u['id']}'
AND judges_teams_link.year='{$config['FAIRYEAR']}'"); AND judges_teams_link.year='{$config['FAIRYEAR']}'");
$q->execute();
$teams = array(); $teams = array();
while($t = mysql_fetch_assoc($q)) { while($t = $q->fetch(PDO::FETCH_ASSOC)) {
/* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */ /* Load timeslot data for this team (team -> judges_timeslots_link -> timeslot -> parent timeslot */
$qq = mysql_query("SELECT T.* FROM judges_teams_timeslots_link $qq = $pdo->prepare("SELECT T.* FROM judges_teams_timeslots_link
LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id LEFT JOIN judges_timeslots ON judges_timeslots.id=judges_teams_timeslots_link.judges_timeslots_id
LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id LEFT JOIN judges_timeslots AS T ON T.id=judges_timeslots.round_id
WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}"); WHERE judges_teams_timeslots_link.judges_teams_id={$t['judges_teams_id']}");
$tt = mysql_fetch_assoc($qq); $qq->execute();
echo mysql_error(); $tt = $qq->fetch(PDO::FETCH_ASSOC);
echo $pdo->errorInfo();
$t['timeslot'] = $tt; $t['timeslot'] = $tt;
/* Load award */ /* Load award */
$qq = mysql_query("SELECT award_awards.*,T.type FROM judges_teams_awards_link $qq = $pdo->prepare("SELECT award_awards.*,T.type FROM judges_teams_awards_link
LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id LEFT JOIN award_awards ON award_awards.id=judges_teams_awards_link.award_awards_id
LEFT JOIN award_types as T ON T.id=award_awards.award_types_id LEFT JOIN award_types as T ON T.id=award_awards.award_types_id
WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}"); WHERE judges_teams_awards_link.judges_teams_id={$t['judges_teams_id']}");
echo mysql_error(); $qq->execute();
$aa = mysql_fetch_assoc($qq); echo $pdo->errorInfo();
$aa = $qq->fetch(PDO::FETCH_ASSOC);
$t['award'] = $aa; $t['award'] = $aa;
/* Load team members */ /* Load team members */
$qq = mysql_query("SELECT * FROM judges_teams_link $qq = $pdo->prepare("SELECT * FROM judges_teams_link
LEFT JOIN users ON users.id=judges_teams_link.users_id LEFT JOIN users ON users.id=judges_teams_link.users_id
WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']} WHERE judges_teams_link.judges_teams_id={$t['judges_teams_id']}
ORDER BY judges_teams_link.captain,users.lastname,users.firstname"); ORDER BY judges_teams_link.captain,users.lastname,users.firstname");
$qq->execute();
$t['members'] = array(); $t['members'] = array();
while(($mm = mysql_fetch_assoc($qq))) { while(($mm = $qq->fetch(PDO::FETCH_ASSOC)) {
$t['members'][] = $mm; $t['members'][] = $mm;
} }
/* Load projects */ /* Load projects */
$qq = mysql_query("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link $qq = $do->prepare("SELECT projects.id,projects.projectnumber,projects.title FROM judges_teams_timeslots_projects_link
LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id LEFT JOIN projects ON projects.id=judges_teams_timeslots_projects_link.projects_id
WHERE judges_teams_id={$t['judges_teams_id']}"); WHERE judges_teams_id={$t['judges_teams_id']}");
$qq->execute();
$p = array(); $p = array();
while(($pp = mysql_fetch_assoc($qq))) while(($pp = $qq->fetch(PDO::FETCH_ASSOC)))
$p[] = $pp; $p[] = $pp;
/* If no project and it's a special award, get all nominated */ /* If no project and it's a special award, get all nominated */
if(count($p) == 0 && $aa['type'] == 'Special') { if(count($p) == 0 && $aa['type'] == 'Special') {

View File

@ -45,12 +45,14 @@ $u = user_load($eid);
switch($_GET['action']) { switch($_GET['action']) {
case 'save': case 'save':
//first delete all their old associations for this year.. //first delete all their old associations for this year..
mysql_query("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$stmt->execute();
if(array_key_exists('spaward', $_POST)) { if(array_key_exists('spaward', $_POST)) {
foreach($_POST['spaward'] AS $aid) { foreach($_POST['spaward'] AS $aid) {
mysql_query("INSERT INTO judges_specialaward_sel (users_id, award_awards_id) $stmt = $pdo->prepare("INSERT INTO judges_specialaward_sel (users_id, award_awards_id)
VALUES ('{$u['id']}','$aid')"); VALUES ('{$u['id']}','$aid')");
$stmt->execute();
} }
} }
happy_("Special Award preferences successfully saved"); happy_("Special Award preferences successfully saved");
@ -104,15 +106,16 @@ if($_SESSION['embed'] != true) {
echo "<br />"; echo "<br />";
echo "<br />"; echo "<br />";
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'"); $q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
$q->execute();
$spawards = array(); $spawards = array();
while($r=mysql_fetch_object($q)) $spawards[] = $r->award_awards_id; while($r=$q->fetch(PDO::FETCH_OBJ)) $spawards[] = $r->award_awards_id;
echo "<table>\n"; echo "<table>\n";
//query all of the awards //query all of the awards
$q=mysql_query("SELECT award_awards.id, $q=$pdo->prepare("SELECT award_awards.id,
award_awards.name, award_awards.name,
award_awards.criteria, award_awards.criteria,
sponsors.organization sponsors.organization
@ -128,8 +131,9 @@ if($_SESSION['embed'] != true) {
AND award_types.year='{$config['FAIRYEAR']}' AND award_types.year='{$config['FAIRYEAR']}'
ORDER BY ORDER BY
name"); name");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
?> ?>
<tr><td rowspan="2"> <tr><td rowspan="2">

View File

@ -220,8 +220,9 @@ class lpdf
// echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n"; // echo "breaking because nr==prevnr ($nr==$prevnr) trying to output [$textstr] (debug: fontsize=$fontsize, lineheight=$lineheight, stringwidth=$stringwidth, left=".$this->loc(0.75).", top=".$this->loc($this->yloc).", width=".$this->loc(7).", height=$lineheight)\n";
break; break;
} }
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'"); $q=$pdo->prepare("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
if($r=@mysql_fetch_object($q)) $q->execute();
if($r=$q->fetch(PDO::FETCH_OBJ))
$prevnr=$nr; $prevnr=$nr;
// printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight); // printf("x=%f y=%f w=%f h=%f",$this->loc(0.75),$this->loc($this->yloc),$this->loc(7),$lineheight);

View File

@ -26,7 +26,7 @@ function getProjectsEligibleForAward($award_id)
{ {
global $config; global $config;
$prjq=mysql_query("SELECT $prjq=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards_projectcategories.projectcategories_id, award_awards_projectcategories.projectcategories_id,
award_awards_projectdivisions.projectdivisions_id, award_awards_projectdivisions.projectdivisions_id,
@ -50,8 +50,9 @@ function getProjectsEligibleForAward($award_id)
ORDER BY ORDER BY
projectsort projectsort
"); ");
$prjq->execute();
$projects=array(); $projects=array();
while($prjr=mysql_fetch_object($prjq)) while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{ {
$projects[$prjr->projectnumber]=array( $projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id, "id"=>$prjr->projects_id,
@ -67,7 +68,7 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
{ {
global $config; global $config;
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language $prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
FROM FROM
award_awards, award_awards,
award_awards_projectcategories, award_awards_projectcategories,
@ -84,8 +85,9 @@ function getLanguagesOfProjectsEligibleForAward($award_id)
ORDER BY ORDER BY
language language
"); ");
$prjq->execute();
$languages=array(); $languages=array();
while($r=mysql_fetch_object($prjq)) { while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
if($r->language) if($r->language)
$languages[]=$r->language; $languages[]=$r->language;
} }
@ -97,8 +99,9 @@ function getProjectsEligibleOrNominatedForAwards($awards_ids_array)
$projects=array(); $projects=array();
foreach($awards_ids_array AS $award_id) foreach($awards_ids_array AS $award_id)
{ {
$q=mysql_query("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id"); $q=$pdo->prepare("SELECT award_types.type FROM award_awards, award_types WHERE award_awards.id='$award_id' AND award_awards.award_types_id=award_types.id");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$awardprojects=array(); $awardprojects=array();
@ -123,7 +126,7 @@ function getSpecialAwardsEligibleForProject($projectid)
{ {
global $config; global $config;
$awardsq=mysql_query("SELECT $awardsq=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards.name, award_awards.name,
award_awards.criteria, award_awards.criteria,
@ -142,7 +145,7 @@ function getSpecialAwardsEligibleForProject($projectid)
AND award_types.id=award_awards.award_types_id AND award_types.id=award_awards.award_types_id
AND award_awards.id=award_awards_projectcategories.award_awards_id AND award_awards.id=award_awards_projectcategories.award_awards_id
AND award_awards.id=award_awards_projectdivisions.award_awards_id AND award_awards.id=award_awards_projectdivisions.award_awards_id
AND projects.projectcategories_id=award_awards_projectcategories.projectcategories_id AND projects.projectcategories_ipreparequeryd=award_awards_projectcategories.projectcategories_id
AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id AND projects.projectdivisions_id=award_awards_projectdivisions.projectdivisions_id
AND award_awards.id is not null AND award_awards.id is not null
AND projects.year='".$config['FAIRYEAR']."' AND projects.year='".$config['FAIRYEAR']."'
@ -152,9 +155,10 @@ function getSpecialAwardsEligibleForProject($projectid)
ORDER BY ORDER BY
award_awards.name award_awards.name
"); ");
$awardsq->execute();
$awards=array(); $awards=array();
echo mysql_error(); echo $pdo->errorInfo();
while($r=mysql_fetch_object($awardsq)) while($r=$awardsq->fetch(PDO::FETCH_OBJ))
{ {
$awards[$r->id]=array( $awards[$r->id]=array(
"id"=>$r->id, "id"=>$r->id,
@ -170,7 +174,7 @@ function getSpecialAwardsNominatedForProject($projectid)
{ {
global $config; global $config;
$awardsq=mysql_query("SELECT $awardsq=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards.name, award_awards.name,
award_awards.criteria, award_awards.criteria,
@ -188,9 +192,10 @@ function getSpecialAwardsNominatedForProject($projectid)
ORDER BY ORDER BY
award_awards.name award_awards.name
"); ");
$awardsq->execute();
$awards=array(); $awards=array();
echo mysql_error(); echo $pdo->errorInfo();
while($r=mysql_fetch_object($awardsq)) while($r=$awardsq->fetch(PDO::FETCH_OBJ))
{ {
$awards[$r->id]=array( $awards[$r->id]=array(
"id"=>$r->id, "id"=>$r->id,
@ -205,7 +210,7 @@ function getSpecialAwardsNominatedForProject($projectid)
function getNominatedForNoSpecialAwardsForProject($projectid) function getNominatedForNoSpecialAwardsForProject($projectid)
{ {
global $config; global $config;
$awardsq=mysql_query("SELECT $awardsq=$pdo->prepare("SELECT
projects.id AS projects_id projects.id AS projects_id
FROM FROM
project_specialawards_link, project_specialawards_link,
@ -216,7 +221,8 @@ function getNominatedForNoSpecialAwardsForProject($projectid)
AND projects.id='$projectid' AND projects.id='$projectid'
AND project_specialawards_link.award_awards_id IS NULL AND project_specialawards_link.award_awards_id IS NULL
"); ");
if(mysql_num_rows($awardsq) == 1) return true; $awardsq->execute();
if($awardsq->rowCount() == 1) return true;
return false; return false;
} }
@ -228,7 +234,7 @@ function getProjectsNominatedForSpecialAward($award_id)
//are eligible for the award, instead of nominated for it. //are eligible for the award, instead of nominated for it.
if($config['specialawardnomination']!="none") if($config['specialawardnomination']!="none")
{ {
$prjq=mysql_query("SELECT $prjq=$pdo->prepare("SELECT
projects.projectnumber, projects.projectnumber,
projects.title, projects.title,
projects.language, projects.language,
@ -244,8 +250,9 @@ function getProjectsNominatedForSpecialAward($award_id)
ORDER BY ORDER BY
projectsort projectsort
"); ");
$prjq->execute();
$projects=array(); $projects=array();
while($prjr=mysql_fetch_object($prjq)) while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{ {
$projects[$prjr->projectnumber]=array( $projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id, "id"=>$prjr->projects_id,
@ -271,7 +278,7 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
//if they dont use special award nominations, then we will instead get all of the projects that //if they dont use special award nominations, then we will instead get all of the projects that
//are eligible for the award, instead of nominated for it. //are eligible for the award, instead of nominated for it.
if($config['specialawardnomination']!="none") { if($config['specialawardnomination']!="none") {
$prjq=mysql_query("SELECT DISTINCT(projects.language) AS language $prjq=$pdo->prepare("SELECT DISTINCT(projects.language) AS language
FROM FROM
project_specialawards_link, project_specialawards_link,
projects projects
@ -282,8 +289,9 @@ function getLanguagesOfProjectsNominatedForSpecialAward($award_id)
AND projects.year='".$config['FAIRYEAR']."' AND projects.year='".$config['FAIRYEAR']."'
ORDER BY language ORDER BY language
"); ");
$prjq->execute();
$languages=array(); $languages=array();
while($r=mysql_fetch_object($prjq)) { while($r=$prjq->fetch(PDO::FETCH_OBJ)) {
//dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle //dont count "" as a language, if the project doesnt have a language specified too bad they're up shit creek without a paddle
if($r->langauge) { if($r->langauge) {
$languages[]=$r->language; $languages[]=$r->language;
@ -302,7 +310,7 @@ function getSpecialAwardsNominatedByRegistrationID($id)
{ {
global $config; global $config;
$awardq=mysql_query("SELECT $awardq=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards.name, award_awards.name,
award_awards_projectcategories.projectcategories_id, award_awards_projectcategories.projectcategories_id,
@ -324,8 +332,9 @@ function getSpecialAwardsNominatedByRegistrationID($id)
ORDER BY ORDER BY
projectsort projectsort
"); ");
$awardq->execute();
$projects=array(); $projects=array();
while($prjr=mysql_fetch_object($prjq)) while($prjr=$prjq->fetch(PDO::FETCH_OBJ))
{ {
$projects[$prjr->projectnumber]=array( $projects[$prjr->projectnumber]=array(
"id"=>$prjr->projects_id, "id"=>$prjr->projects_id,
@ -340,15 +349,17 @@ function getSpecialAwardsNominatedByRegistrationID($id)
function project_load($pid) function project_load($pid)
{ {
/* Load this project */ /* Load this project */
$q = mysql_query("SELECT * FROM projects WHERE id='$pid'"); $q = $pdo->prepare("SELECT * FROM projects WHERE id='$pid'");
$proj = mysql_fetch_array($q); $q->execute();
$proj = $q->fetch();
/* Load the students */ /* Load the students */
$q = mysql_query("SELECT students.*,schools.school FROM students $q = $pdo->prepare("SELECT students.*,schools.school FROM students
LEFT JOIN schools ON schools.id=students.schools_id LEFT JOIN schools ON schools.id=students.schools_id
WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id"); WHERE registrations_id='{$proj['registrations_id']}' AND students.year='{$proj['year']}' ORDER BY students.id");
$q->execute();
$proj['num_students'] = 0; $proj['num_students'] = 0;
while($s = mysql_fetch_assoc($q)) { while($s = $q->fetch(PDO::FETCH_OBJ)) {
$proj['num_students']++; $proj['num_students']++;
$proj['student'][] = $s; $proj['student'][] = $s;
} }

View File

@ -27,13 +27,15 @@
function questions_load_answers($section, $users_id) function questions_load_answers($section, $users_id)
{ {
global $config; global $config;
$yearq=mysql_query("SELECT `year` FROM users WHERE id='$users_id'"); $yearq=$pdo->prepare("SELECT `year` FROM users WHERE id='$users_id'");
$yearr=mysql_fetch_object($yearq); $yearq->execute();
$yearr=$yearq->fetch(PDO::FETCH_OBJ);
$ans=array(); $ans=array();
$qs=questions_load_questions($section,$yearr->year); $qs=questions_load_questions($section,$yearr->year);
foreach($qs AS $id=>$question) { foreach($qs AS $id=>$question) {
$q=mysql_query("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'"); $q=$pdo->prepare("SELECT * FROM question_answers WHERE users_id='$users_id' AND questions_id='$id'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$ans[$id]=$r->answer; $ans[$id]=$r->answer;
} }
return $ans; return $ans;
@ -67,29 +69,33 @@ function questions_save_answers($section, $id, $answers)
global $config; global $config;
$qs = questions_load_questions($section,$config['FAIRYEAR']); $qs = questions_load_questions($section,$config['FAIRYEAR']);
$keys = array_keys($answers); $keys = array_keys($answers);
$q=mysql_query("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'"); $q=$pdo->prepare("SELECT * FROM questions WHERE year='{$config['FAIRYEAR']}'");
while($r=mysql_fetch_object($q)) { $q->execute();
mysql_query("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'"); while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo mysql_error(); $stmt = $pdo->prepare("DELETE FROM question_answers WHERE users_id='$id' AND questions_id='$r->id'");
$stmt->execute();
echo $pdo->errorInfo();
} }
$keys = array_keys($answers); $keys = array_keys($answers);
foreach($keys as $qid) { foreach($keys as $qid) {
/* Poll key */ /* Poll key */
mysql_query("INSERT INTO question_answers $stmt = $pdo->prepare("INSERT INTO question_answers
(users_id,questions_id,answer) VALUES( (users_id,questions_id,answer) VALUES(
'$id','$qid', '$id','$qid',
'".mysql_escape_string($answers[$qid])."')" ); '".$answers[$qid]."')" );
$stmt->execute();
} }
} }
function questions_find_question_id($section, $dbheading) function questions_find_question_id($section, $dbheading)
{ {
$q = mysql_query("SELECT id FROM questions WHERE ". $q = $pdo->prepare("SELECT id FROM questions WHERE ".
" section='$section' ". " section='$section' ".
" AND db_heading='$dbheading' "); " AND db_heading='$dbheading' ");
if(mysql_num_rows($q) == 1) { $q->execute();
$r = mysql_fetch_object($q); if($q->rowCount() == 1) {
$r = $q->fetch(PDO::FETCH_OBJ);
return $r->id; return $r->id;
} }
return 0; return 0;
@ -162,28 +168,30 @@ function questions_parse_from_http_headers($array_name)
function questions_update_question($qs) function questions_update_question($qs)
{ {
mysql_query("UPDATE questions SET $stmt = $pdo->prepare("UPDATE questions SET
`question`='".mysql_escape_string($qs['question'])."', `question`='".$qs['question']."',
`type`='".mysql_escape_string($qs['type'])."', `type`='".$qs['type']."',
`db_heading`='".mysql_escape_string($qs['db_heading'])."', `db_heading`='".$qs['db_heading']."',
`required`='".mysql_escape_string($qs['required'])."', `required`='".$qs['required']."',
`ord`=".intval($qs['ord'])." `ord`=".intval($qs['ord']."
WHERE id='{$qs['id']}' "); WHERE id='{$qs['id']}' ");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
function questions_save_new_question($qs, $year) function questions_save_new_question($qs, $year)
{ {
mysql_query("INSERT INTO questions ". $stmt = $pdo->prepare("INSERT INTO questions ".
"(question,type,section,db_heading,required,ord,year) VALUES (". "(question,type,section,db_heading,required,ord,year) VALUES (".
"'".mysql_escape_string($qs['question'])."',". "'".$qs['question']."',".
"'".mysql_escape_string($qs['type'])."',". "'".$qs['type']."',".
"'".mysql_escape_string($qs['section'])."',". "'".$qs['section']."',".
"'".mysql_escape_string($qs['db_heading'])."',". "'".$qs['db_heading']."',".
"'".mysql_escape_string($qs['required'])."',". "'".$qs['required']."',".
"'".mysql_escape_string($qs['ord'])."',". "'".$qs['ord']."',".
"'$year' )"); "'$year' )");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
@ -231,7 +239,8 @@ function questions_editor($section, $year, $array_name, $self)
$qs = questions_load_questions($section, $year); $qs = questions_load_questions($section, $year);
/* Delete this question */ /* Delete this question */
mysql_query("DELETE FROM questions WHERE id='$qid'"); $stmt = $pdo->prepare("DELETE FROM questions WHERE id='$qid'");
$stmt->execute();
/* Update the order of all questions after this one */ /* Update the order of all questions after this one */
$keys = array_keys($qs); $keys = array_keys($qs);
@ -239,7 +248,8 @@ function questions_editor($section, $year, $array_name, $self)
if($q == $qid) continue; if($q == $qid) continue;
if($qs[$q]['ord'] > $qs[$qid]['ord']) { if($qs[$q]['ord'] > $qs[$qid]['ord']) {
$qs[$q]['ord']--; $qs[$q]['ord']--;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'"); $stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
} }
} }
echo happy(i18n("Question successfully removed")); echo happy(i18n("Question successfully removed"));
@ -248,18 +258,20 @@ function questions_editor($section, $year, $array_name, $self)
if($_GET['action']=="import" && $_GET['impyear']) if($_GET['action']=="import" && $_GET['impyear'])
{ {
$x=0; $x=0;
$q = mysql_query("SELECT * FROM questions WHERE year='{$_GET['impyear']}'"); $q = $pdo->prepare("SELECT * FROM questions WHERE year='{$_GET['impyear']}'");
while($r=mysql_fetch_object($q)) { $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$x++; $x++;
mysql_query("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord) $stmt = $pdo->prepare("INSERT INTO questions (id,year,section,db_heading,question,type,required,ord)
VALUES ( VALUES (
'', '$year', '', '$year',
'".mysql_escape_string($r->section)."', '".$r->section."',
'".mysql_escape_string($r->db_heading)."', '".$r->db_heading."',
'".mysql_escape_string($r->question)."', '".$r->question."',
'".mysql_escape_string($r->type)."', '".$r->type."',
'".mysql_escape_string($r->required)."', '".$r->required."',
'".mysql_escape_string($r->ord)."')"); '".$r->ord)."')";
$stmt->execute();
} }
echo happy(i18n("%1 question(s) successfully imported", echo happy(i18n("%1 question(s) successfully imported",
@ -305,7 +317,8 @@ function questions_editor($section, $year, $array_name, $self)
if($qdir != 0) { if($qdir != 0) {
$qs[$qid]['ord'] += $qdir; $qs[$qid]['ord'] += $qdir;
/* Update the db */ /* Update the db */
mysql_query("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'"); $stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$qid]['ord']}' WHERE id='$qid'");
$stmt->execute();
$keys = array_keys($qs); $keys = array_keys($qs);
$originalq = $qs[$qid]; $originalq = $qs[$qid];
@ -314,10 +327,12 @@ function questions_editor($section, $year, $array_name, $self)
if($qs[$q]['ord'] != $qs[$qid]['ord']) continue; if($qs[$q]['ord'] != $qs[$qid]['ord']) continue;
if($qdir == 1) { if($qdir == 1) {
$qs[$q]['ord']--; $qs[$q]['ord']--;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'"); $stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
} else { } else {
$qs[$q]['ord']++; $qs[$q]['ord']++;
mysql_query("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'"); $stmt = $pdo->prepare("UPDATE questions SET ord='{$qs[$q]['ord']}' WHERE id='$q'");
$stmt->execute();
} }
/* Swap them so we don' thave to reaload the questions /* Swap them so we don' thave to reaload the questions
* */ * */

View File

@ -26,8 +26,9 @@ function registrationFormsReceived($reg_id="")
{ {
if($reg_id) $rid=$reg_id; if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT status FROM registrations WHERE id='$rid'"); $q=$pdo->prepare("SELECT status FROM registrations WHERE id='$rid'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->status=="complete" || $r->status=="paymentpending") if($r->status=="complete" || $r->status=="paymentpending")
return true; return true;
else else
@ -37,8 +38,9 @@ function registrationFormsReceived($reg_id="")
function registrationDeadlinePassed() function registrationDeadlinePassed()
{ {
global $config; global $config;
$q=mysql_query("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck"); $q=$pdo->prepare("SELECT (NOW()<'".$config['dates']['regclose']."') AS datecheck");
$datecheck=mysql_fetch_object($q); $q->execute();
$datecheck=$q->fetch(PDO::FETCH_OBJ);
if($datecheck->datecheck==1) if($datecheck->datecheck==1)
return false; return false;
else else
@ -60,13 +62,13 @@ function studentStatus($reg_id="")
if($reg_id) $rid=$reg_id; if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have the minimum, return incomplete //if we dont have the minimum, return incomplete
if(mysql_num_rows($q)<$config['minstudentsperproject']) if($q->rowCount()<$config['minstudentsperproject'])
return "incomplete"; return "incomplete";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
foreach ($required_fields AS $req) foreach ($required_fields AS $req)
{ {
@ -95,14 +97,15 @@ function emergencycontactStatus($reg_id="")
if($reg_id) $rid=$reg_id; if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
$sq=mysql_query("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'"); $sq=$pdo->prepare("SELECT id FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$numstudents=mysql_num_rows($sq); $sq->execute();
$numstudents=$sq->rowCount();
while($sr=mysql_fetch_object($sq)) while($sr=$sq->fetch(PDO::FETCH_OBJ))
{ {
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'"); $q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
$q->execute();
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
foreach ($required_fields AS $req) foreach ($required_fields AS $req)
{ {
@ -136,13 +139,13 @@ function projectStatus($reg_id="")
if($reg_id) $rid=$reg_id; if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have a project entry yet, return empty //if we dont have a project entry yet, return empty
if(!mysql_num_rows($q)) if(!$q->rowCount())
return "empty"; return "empty";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
foreach ($required_fields AS $req) foreach ($required_fields AS $req)
{ {
@ -166,18 +169,20 @@ function mentorStatus($reg_id="")
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
//first check the registrations table to see if 'nummentors' is set, or if its null //first check the registrations table to see if 'nummentors' is set, or if its null
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='$rid' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->nummentors==null) if($r->nummentors==null)
return "incomplete"; return "incomplete";
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//if we dont have the minimum, return incomplete //if we dont have the minimum, return incomplete
if(mysql_num_rows($q)<$config['minmentorserproject']) if($q->rowCount()<$config['minmentorserproject'])
return "incomplete"; return "incomplete";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
foreach ($required_fields AS $req) foreach ($required_fields AS $req)
{ {
@ -201,15 +206,17 @@ function safetyStatus($reg_id="")
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
//grab all of their answers //grab all of their answers
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='$rid'"); $q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='$rid'");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$safetyanswers[$r->safetyquestions_id]=$r->answer; $safetyanswers[$r->safetyquestions_id]=$r->answer;
} }
//now grab all the questions //now grab all the questions
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->required=="yes" && !$safetyanswers[$r->id]) if($r->required=="yes" && !$safetyanswers[$r->id])
{ {
@ -226,11 +233,12 @@ function spawardStatus($reg_id="")
if($reg_id) $rid=$reg_id; if($reg_id) $rid=$reg_id;
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='$rid'"); $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='$rid'");
$project=mysql_fetch_object($q); $q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
/* We want this query to get any awards with a NULL award_awards_id */ /* We want this query to get any awards with a NULL award_awards_id */
$awardsq=mysql_query("SELECT $awardsq=$pdo->prepare("SELECT
projects.id AS projects_id projects.id AS projects_id
FROM FROM
project_specialawards_link, project_specialawards_link,
@ -239,8 +247,9 @@ function spawardStatus($reg_id="")
project_specialawards_link.projects_id='".$project->id."' project_specialawards_link.projects_id='".$project->id."'
AND projects.year='".$config['FAIRYEAR']."' AND projects.year='".$config['FAIRYEAR']."'
"); ");
$awardsq->execute();
if(mysql_num_rows($awardsq)) if($awardsq->rowCount())
return "complete"; return "complete";
else else
return "incomplete"; return "incomplete";
@ -254,19 +263,20 @@ function tourStatus($reg_id="")
else $rid=$_SESSION['registration_id']; else $rid=$_SESSION['registration_id'];
/* Get the students for this project */ /* Get the students for this project */
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$rid' AND year='".$config['FAIRYEAR']."'");
$num_found = mysql_num_rows($q); $q->execute();
$num_found = $q->rowCount();
$ret = "complete"; $ret = "complete";
while($s=mysql_fetch_object($q)) { while($s=$q->fetch(PDO::FETCH_OBJ)) {
//grab all of their tour prefs //grab all of their tour prefs
$sid = $s->id; $sid = $s->id;
$qq=mysql_query("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank"); $qq=$pdo->prepare("SELECT * FROM tours_choice WHERE students_id='$sid' and year='{$config['FAIRYEAR']}' ORDER BY rank");
$qq->execute();
$n_tours = mysql_num_rows($qq); $n_tours = $qq->rowCount();
if($n_tours > 0) { if($n_tours > 0) {
/* See if there's a rank 0 tour (rank 0 == their tour assignment) */ /* See if there's a rank 0 tour (rank 0 == their tour assignment) */
$i = mysql_fetch_object($qq); $i = $qq->fetch(PDO::FETCH_OBJ);
if($i->rank == 0) { if($i->rank == 0) {
/* Yes, there is, no matter what, this student's tour /* Yes, there is, no matter what, this student's tour
* selection is complete. */ * selection is complete. */
@ -289,16 +299,18 @@ function namecheckStatus($reg_id="")
global $config; global $config;
if($reg_id) { if($reg_id) {
$q=mysql_query("SELECT * FROM students WHERE $q=$pdo->prepare("SELECT * FROM students WHERE
registrations_id='$reg_id' registrations_id='$reg_id'
$q->execute();
AND year='".$config['FAIRYEAR']."'"); AND year='".$config['FAIRYEAR']."'");
} else { } else {
$q=mysql_query("SELECT * FROM students WHERE $q=$pdo->prepare("SELECT * FROM students WHERE
id='{$_SESSION['students_id']}'"); id='{$_SESSION['students_id']}'");
$q->execute();
} }
/* Get the students for this project */ /* Get the students for this project */
while($s=mysql_fetch_object($q)) { while($s=$q->fetch(PDO::FETCH_OBJ)) {
if($s->namecheck_complete == 'no') { if($s->namecheck_complete == 'no') {
return 'incomplete'; return 'incomplete';
} }
@ -313,7 +325,7 @@ function generateProjectNumber($registration_id)
$reg_id = $registration_id; $reg_id = $registration_id;
$q=mysql_query("SELECT projects.projectcategories_id, $q=$pdo->prepare("SELECT projects.projectcategories_id,
projects.projectdivisions_id, projects.projectdivisions_id,
projectcategories.category_shortform, projectcategories.category_shortform,
projectdivisions.division_shortform projectdivisions.division_shortform
@ -328,8 +340,9 @@ function generateProjectNumber($registration_id)
AND projectcategories.year='{$config['FAIRYEAR']}' AND projectcategories.year='{$config['FAIRYEAR']}'
AND projectdivisions.year='{$config['FAIRYEAR']}' AND projectdivisions.year='{$config['FAIRYEAR']}'
"); ");
echo mysql_error(); $q->execute();
$r=mysql_fetch_object($q); echo $pdo->errorInfo();
$r=$q->fetch(PDO::FETCH_OBJ);
$p=array('number'=>array(), 'sort'=>array() ); $p=array('number'=>array(), 'sort'=>array() );
$p['number']['str'] = $config['project_num_format']; $p['number']['str'] = $config['project_num_format'];
@ -359,14 +372,15 @@ function generateProjectNumber($registration_id)
/* Build a total list of projects for finding a global number, and /* Build a total list of projects for finding a global number, and
* while constructing the list, build a list for the division/cat * while constructing the list, build a list for the division/cat
* sequence number */ * sequence number */
$q = mysql_query("SELECT projectnumber_seq,projectsort_seq, $q = $pdo->prepare("SELECT projectnumber_seq,projectsort_seq,
projectdivisions_id,projectcategories_id projectdivisions_id,projectcategories_id
FROM projects FROM projects
WHERE year='{$config['FAIRYEAR']}' WHERE year='{$config['FAIRYEAR']}'
AND projectnumber_seq!='0' AND projectnumber_seq!='0'
AND projectnumber IS NOT NULL"); AND projectnumber IS NOT NULL");
echo mysql_error(); $q->execute();
while($i = mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($i = $q->fetch(PDO::FETCH_OBJ)) {
if( ($r->projectdivisions_id == $i->projectdivisions_id) if( ($r->projectdivisions_id == $i->projectdivisions_id)
&&($r->projectcategories_id == $i->projectcategories_id) ) { &&($r->projectcategories_id == $i->projectcategories_id) ) {
$p['number']['n_used'][] = $i->projectnumber_seq; $p['number']['n_used'][] = $i->projectnumber_seq;
@ -439,23 +453,26 @@ function computeRegistrationFee($regid)
$ret = array(); $ret = array();
$regfee_items = array(); $regfee_items = array();
$q = mysql_query("SELECT * FROM regfee_items $q = $pdo->prepare("SELECT * FROM regfee_items
WHERE year='{$config['FAIRYEAR']}'"); WHERE year='{$config['FAIRYEAR']}'");
while($i = mysql_fetch_assoc($q)) $regfee_items[] = $i; $q->execute();
while($i = $q->fetch(PDO::FETCH_ASSOC)) $regfee_items[] = $i;
$q=mysql_query("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='$regid' AND year='".$config['FAIRYEAR']."'");
$n_students = mysql_num_rows($q); $q->execute();
$n_students = $q->rowCount();
$n_tshirts = 0; $n_tshirts = 0;
$sel = array(); $sel = array();
while($s = mysql_fetch_object($q)) { while($s = $q->fetch(PDO::FETCH_OBJ)) {
if($s->tshirt != 'none') $n_tshirts++; if($s->tshirt != 'none') $n_tshirts++;
/* Check their regfee items too */ /* Check their regfee items too */
if($config['participant_regfee_items_enable'] != 'yes') continue; if($config['participant_regfee_items_enable'] != 'yes') continue;
$sel_q = mysql_query("SELECT * FROM regfee_items_link $sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
WHERE students_id={$s->id}"); WHERE students_id={$s->id}");
while($info_q = mysql_fetch_assoc($sel_q)) { $sel_q->execute();
while($info_q = $selq->fetch(PDO::FETCH_ASSOC)) {
$sel[] = $info_q['regfee_items_id']; $sel[] = $info_q['regfee_items_id'];
} }
} }

View File

@ -31,14 +31,19 @@
$datecheck = $q->fetch(PDO::FETCH_OBJ); $datecheck = $q->fetch(PDO::FETCH_OBJ);
if($_POST['action']=="new") { if($_POST['action']=="new") {
$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']); $q=$pdo->prepare("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
if(mysql_num_rows($q)) { $q->execute();
$r=mysql_fetch_object($q); if($q->rowCount()) {
$r=$q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number']=$r->num; $_SESSION['registration_number']=$r->num;
$_SESSION['registration_id']=$r->id; $_SESSION['registration_id']=$r->id;
mysql_query("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$r->schools_id."','".$config['FAIRYEAR']."')"); $stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".$_SESSION['email']."','".$r->schools_id."','".$config['FAIRYEAR']."')");
mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id='$r->id'");
$stmt->execute();
$stmt->execute();
header("Location: register_participants_main.php"); header("Location: register_participants_main.php");
exit; exit;
@ -52,17 +57,18 @@
} }
else if($_POST['action']=="continue") { else if($_POST['action']=="continue") {
if($_POST['email']) if($_POST['email'])
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email'])); $_SESSION['email']=stripslashes($_POST['email']);
$q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".intval($_POST['regnum'])."' ". "AND registrations.num='".intval($_POST['regnum'])."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
$q->execute();
if(mysql_num_rows($q)) { if($q->rowCount()) {
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
$_SESSION['registration_number']=$r->regnum; $_SESSION['registration_number']=$r->regnum;
$_SESSION['registration_id']=$r->regid; $_SESSION['registration_id']=$r->regid;
$_SESSION['students_id']=$r->studentid; $_SESSION['students_id']=$r->studentid;
@ -78,24 +84,26 @@
} }
else if($_GET['action']=="resend" && $_SESSION['email']) { else if($_GET['action']=="resend" && $_SESSION['email']) {
//first see if the email matches directly from the registrations table //first see if the email matches directly from the registrations table
$q=mysql_query("SELECT registrations.num FROM $q=$pdo->prepare("SELECT registrations.num FROM
registrations registrations
WHERE WHERE
registrations.email='".$_SESSION['email']."' registrations.email='".$_SESSION['email']."'
AND registrations.year='".$config['FAIRYEAR']."'"); AND registrations.year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)) $q->execute();
$r=mysql_fetch_object($q); if($q->rowCount())
$r=$q->fetch(PDO::FETCH_OBJ);
else { else {
//no match from registrations, so lets see if it matches from the students table //no match from registrations, so lets see if it matches from the students table
$q=mysql_query("SELECT registrations.num FROM $q=$pdo->prepare("SELECT registrations.num FROM
registrations, registrations,
students students
WHERE WHERE
students.email='".$_SESSION['email']."' students.email='".$_SESSION['email']."'
AND students.registrations_id=registrations.id AND students.registrations_id=registrations.id
AND registrations.year='".$config['FAIRYEAR']."'"); AND registrations.year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
} }
@ -174,7 +182,7 @@ $q->execute();
if($q->rowCount()>0) { if($q->rowCount()>0) {
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
// print_r($r); // print_r($r);
echo i18n("Please enter your <b>registration number</b> in order to login"); echo i18n("Please enter your <b>registration number</b> in order to login");
echo "<input type=\"hidden\" name=\"action\" value=\"continue\">"; echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
@ -227,8 +235,9 @@ $q->execute();
else if($config['participant_registration_type']=="schoolpassword") { else if($config['participant_registration_type']=="schoolpassword") {
$showschoolpasswordform=true; $showschoolpasswordform=true;
if($_POST['schoolpassword'] && $_POST['schoolid']) { if($_POST['schoolpassword'] && $_POST['schoolid']) {
$q=mysql_query("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($_POST['schoolpassword']==$r->registration_password) { if($_POST['schoolpassword']==$r->registration_password) {
$allownew=true; $allownew=true;
@ -250,10 +259,11 @@ $q->execute();
echo "<input type=\"hidden\" name=\"action\" value=\"login\">"; echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
echo i18n("Email Address:")." ".$_SESSION['email']."<br />"; echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
echo i18n("School: "); echo i18n("School: ");
$q=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school"); $q=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q->execute();
echo "<select name=\"schoolid\">"; echo "<select name=\"schoolid\">";
echo "<option value=\"\">".i18n("Choose your school")."</option>\n"; echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
echo "<option value=\"$r->id\">$r->school</option>\n"; echo "<option value=\"$r->id\">$r->school</option>\n";
echo "</select>"; echo "</select>";
echo "<br />"; echo "<br />";
@ -303,13 +313,14 @@ $q->execute();
//random number between //random number between
//100000 and 999999 (six digit integer) //100000 and 999999 (six digit integer)
$regnum=rand(100000,999999); $regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']); $q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
}while(mysql_num_rows($q)>0); $q->execute();
}while($q->rowCount()>0);
if(!$schoolidquery) $schoolidquery="null"; if(!$schoolidquery) $schoolidquery="null";
//actually insert it //actually insert it
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (". $stmt = $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
"'$regnum',". "'$regnum',".
"'".$_SESSION['email']."',". "'".$_SESSION['email']."',".
"NOW(),". "NOW(),".
@ -317,6 +328,7 @@ $q->execute();
$schoolidquery.",". $schoolidquery.",".
$config['FAIRYEAR']. $config['FAIRYEAR'].
")"); ")");
$stmt->execute();
email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email'])); email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));

View File

@ -38,22 +38,22 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
send_header("Participant Registration - Emergency Contact Information"); send_header("Participant Registration - Emergency Contact Information");
@ -82,8 +82,9 @@ echo mysql_error();
//first, lets make sure this emergency contact really does belong to them //first, lets make sure this emergency contact really does belong to them
foreach($_POST['ids'] AS $id) foreach($_POST['ids'] AS $id)
{ {
$q=mysql_query("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM emergencycontact WHERE id='$id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1) { $q->execute();
if($q->rowCount()==1) {
$e=stripslashes($_POST['email'][$id]); $e=stripslashes($_POST['email'][$id]);
if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) { if($_POST['relation'][$id]=="Parent" && $e && user_valid_email($e)) {
if($u=user_load_by_email($e)) { if($u=user_load_by_email($e)) {
@ -106,17 +107,18 @@ echo mysql_error();
} }
} }
mysql_query("UPDATE emergencycontact SET ". $stmt = $pdo->prepare("UPDATE emergencycontact SET ".
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$id]))."', ". "firstname='".stripslashes($_POST['firstname'][$id])."', ".
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$id]))."', ". "lastname='".stripslashes($_POST['lastname'][$id])."', ".
"relation='".mysql_escape_string(stripslashes($_POST['relation'][$id]))."', ". "relation='".stripslashes($_POST['relation'][$id])."', ".
"phone1='".mysql_escape_string(stripslashes($_POST['phone1'][$id]))."', ". "phone1='".stripslashes($_POST['phone1'][$id])."', ".
"phone2='".mysql_escape_string(stripslashes($_POST['phone2'][$id]))."', ". "phone2='".stripslashes($_POST['phone2'][$id])."', ".
"phone3='".mysql_escape_string(stripslashes($_POST['phone3'][$id]))."', ". "phone3='".stripslashes($_POST['phone3'][$id])."', ".
"phone4='".mysql_escape_string(stripslashes($_POST['phone4'][$id]))."', ". "phone4='".stripslashes($_POST['phone4'][$id])."', ".
"email='".mysql_escape_string(stripslashes($_POST['email'][$id]))."' ". "email='".stripslashes($_POST['email'][$id])."' ".
"WHERE id='$id'"); "WHERE id='$id'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("Emergency contact information successfully updated")); echo notice(i18n("Emergency contact information successfully updated"));
} }
else else
@ -141,23 +143,25 @@ else if($newstatus=="complete")
} }
$sq=mysql_query("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $sq=$pdo->prepare("SELECT id,firstname,lastname FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$numstudents=mysql_num_rows($sq); $sq->execute();
$numstudents=$sq->rowCount();
echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n"; echo "<form name=\"emergencycontactform\" method=\"post\" action=\"register_participants_emergencycontact.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
while($sr=mysql_fetch_object($sq)) while($sr=$sq->fetch(PDO::FETCH_OBJ))
{ {
$q=mysql_query("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'"); $q=$pdo->prepare("SELECT * FROM emergencycontact WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."' AND students_id='$sr->id'");
$q->execute();
if(mysql_num_rows($q)==0) { if($q->rowCount()==0) {
mysql_query("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')"); $stmt = $pdo->prepare("INSERT INTO emergencycontact (registrations_id,students_id,year) VALUES ('".$_SESSION['registration_id']."','".$sr->id."','".$config['FAIRYEAR']."')");
$id=mysql_insert_id(); $stmt->execute();
$id=$pdo->lastInsertId();
unset($r); unset($r);
} }
else { else {
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
$id=$r->id; $id=$r->id;
} }

View File

@ -36,22 +36,23 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
send_header("Participant Registration - ISEF Forms"); send_header("Participant Registration - ISEF Forms");
@ -70,12 +71,12 @@ echo mysql_error();
//because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything //because it will be added below by the _FILES, and if its not added there then that means we just said yes and didnt upload anything
//so removing it makes it go all red again so you are aware //so removing it makes it go all red again so you are aware
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'"); $stmt = $po->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
$stmt->execute();
//just look at hte first letter, since its either "no:<id>" or "yes:<id>"; //just look at hte first letter, since its either "no:<id>" or "yes:<id>";
if($v[0]=="n") if($v[0]=="n")
{ {
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES ( $stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`dt`,`year`) VALUES (
'$k', '$k',
'$r->id', '$r->id',
@ -83,6 +84,7 @@ echo mysql_error();
NOW(), NOW(),
'$CURRENT_FAIRYEAR' '$CURRENT_FAIRYEAR'
)"); )");
$stmt->execute();
} }
@ -125,12 +127,14 @@ echo mysql_error();
if($pgs) $p="'$pgs'"; if($pgs) $p="'$pgs'";
else $p="null"; else $p="null";
mysql_query("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'"); $stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE ProjectID='$r->id' AND FormID='$k' AND `year`='$CURRENT_FAIRYEAR'");
mysql_query("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES ( $stmt->execute();
$stmt = $pdo->prepare("INSERT INTO TC_ProjectForms (`FormID`,`ProjectID`,`uploaded`,`filename`,`pages`,`dt`,`year`) VALUES (
$stmt->execute();
'$k', '$k',
'$r->id', '$r->id',
'1', '1',
'".mysql_escape_string($_FILES['form']['name'][$k])."', '".$_FILES['form']['name'][$k]."',
$p, $p,
NOW(), NOW(),
'$CURRENT_FAIRYEAR' '$CURRENT_FAIRYEAR'
@ -176,11 +180,13 @@ echo mysql_error();
if($_GET['action']=="delete" && $_GET['delete']) if($_GET['action']=="delete" && $_GET['delete'])
{ {
//first we need to make sure that this is their own! //first we need to make sure that this is their own!
$chq=mysql_query("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'"); $chq=$pdo->prepare("SELECT * FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
if($chr=mysql_fetch_object($chq)) $chq->execute();
if($chr=$chq->fetch(PDO::FETCH_OBJ))
{ {
@unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf"); @unlink($TCFORMSLOCATION."/".$CURRENT_FAIRYEAR."/$r->id/$chr->FormID.pdf");
mysql_query("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'"); $stmt = $pdo->prepare("DELETE FROM TC_ProjectForms WHERE id='".$_GET['delete']."' AND ProjectID='$r->id' AND `year`='$CURRENT_FAIRYEAR'");
$stmt->execute();
$display_happy=i18n("Form successfully deleted"); $display_happy=i18n("Form successfully deleted");
} }
else else
@ -245,7 +251,8 @@ function radiochange(o)
} }
*/ */
$fq=mysql_query("SELECT * FROM isefforms ORDER BY name"); $fq=$pdo->prepare("SELECT * FROM isefforms ORDER BY name");
$fq->execute();
echo "<tr>"; echo "<tr>";
echo "<th>".i18n("Form")."</th>"; echo "<th>".i18n("Form")."</th>";
@ -254,7 +261,7 @@ function radiochange(o)
echo "<th>".i18n("Upload / File")."</th>"; echo "<th>".i18n("Upload / File")."</th>";
echo "</tr>"; echo "</tr>";
while($fr=mysql_fetch_object($fq)) while($fr=$fq-fetch(PDO::FETCH_OBJ))
{ {
echo "<tr>"; echo "<tr>";
echo "<td valign=\"top\">"; echo "<td valign=\"top\">";

View File

@ -39,22 +39,23 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.status AS status, registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php?action=logout"); header("Location: register_participants.php?action=logout");
exit; exit;
} }
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Summary"); send_header("Participant Registration - Summary");
//only display the named greeting if we have their name //only display the named greeting if we have their name
@ -69,8 +70,9 @@ echo mysql_error();
{ {
//now select their project number //now select their project number
$q=mysql_query("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT projectnumber FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$projectinfo=mysql_fetch_object($q); $q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
if($r->status=="complete") if($r->status=="complete")
{ {
@ -259,8 +261,9 @@ echo "<table><tr><td>";
{ {
if($config['specialawardnomination']=="date") if($config['specialawardnomination']=="date")
{ {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
//this will return 1 if its between the dates, 0 otherwise. //this will return 1 if its between the dates, 0 otherwise.
if($r->datecheck==1) if($r->datecheck==1)
{ {
@ -281,8 +284,9 @@ echo "<table><tr><td>";
} }
} }
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'"); $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='{$config['FAIRYEAR']}'");
$project=mysql_fetch_object($q); $q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
$nominatedawards=getSpecialAwardsNominatedForProject($project->id); $nominatedawards=getSpecialAwardsNominatedForProject($project->id);
$num=count($nominatedawards); $num=count($nominatedawards);
$noawards=getNominatedForNoSpecialAwardsForProject($project->id); $noawards=getNominatedForNoSpecialAwardsForProject($project->id);

View File

@ -37,22 +37,23 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Mentor Information"); send_header("Participant Registration - Mentor Information");
echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />"; echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
@ -82,17 +83,18 @@ if($_POST['action']=="save")
if($_POST['lastname'][$x]) if($_POST['lastname'][$x])
{ {
//INSERT new record //INSERT new record
mysql_query("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (". $stmt = $pdo->prepare("INSERT INTO mentors (registrations_id,firstname,lastname,email,phone,organization,position,description,year) VALUES (".
"'".$_SESSION['registration_id']."', ". "'".$_SESSION['registration_id']."', ".
"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "'".stripslashes($_POST['firstname'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "'".stripslashes($_POST['lastname'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ". "'".stripslashes($_POST['email'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ". "'".stripslashes($_POST['phone'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ". "'".stripslashes($_POST['organization'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ". "'".stripslashes($_POST['position'][$x])."', ".
"'".mysql_escape_string(stripslashes($_POST['description'][$x]))."', ". "'".stripslashes($_POST['description'][$x])."', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]))); echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
} }
@ -101,15 +103,16 @@ if($_POST['action']=="save")
else else
{ {
//UPDATE existing record //UPDATE existing record
mysql_query("UPDATE mentors SET ". $stmt = $pdo->prepare("UPDATE mentors SET ".
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "firstname='".stripslashes($_POST['firstname'][$x])."', ".
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "lastname='".stripslashes($_POST['lastname'][$x])."', ".
"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ". "email='".stripslashes($_POST['email'][$x])."', ".
"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ". "phone='".stripslashes($_POST['phone'][$x])."', ".
"organization='".mysql_escape_string(stripslashes($_POST['organization'][$x]))."', ". "organization='".stripslashes($_POST['organization'][$x])."', ".
"position='".mysql_escape_string(stripslashes($_POST['position'][$x]))."', ". "position='".stripslashes($_POST['position'][$x])."', ".
"description='".mysql_escape_string(stripslashes($_POST['description'][$x]))."' ". "description='".stripslashes($_POST['description'][$x])."' ".
"WHERE id='".$_POST['id'][$x]."'"); "WHERE id='".$_POST['id'][$x]."'");
$stmt->execute();
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x]))); echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
} }
@ -128,10 +131,13 @@ if($_GET['action']=="removementor")
else else
{ {
//first make sure this is one belonging to this registration id //first make sure this is one belonging to this registration id
$q=mysql_query("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'"); $q=$pdo->prepare("SELECT id FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
if(mysql_num_rows($q)==1) $q->execute();
if($q->rowCount()==1)
{ {
mysql_query("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt = $pdo->prepare("DELETE FROM mentors WHERE id='".$_GET['removementor']."' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt->execute();
echo notice(i18n("Mentor successfully removed")); echo notice(i18n("Mentor successfully removed"));
} }
else else
@ -145,17 +151,19 @@ if($_GET['action']=="removementor")
//now query and display //now query and display
$q=mysql_query("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT nummentors FROM registrations WHERE id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$registrations_nummentors=$r->nummentors; $registrations_nummentors=$r->nummentors;
$q=mysql_query("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM mentors WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
$numfound=mysql_num_rows($q); $numfound=$q->rowCount();
if(isset($_GET['nummentors'])) if(isset($_GET['nummentors']))
{ {
mysql_query("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'"); $stmt = $pdo->prepare("UPDATE registrations SET nummentors='".$_GET['nummentors']."' WHERE id='".$_SESSION['registration_id']."'");
$stmt->execute();
$registrations_nummentors=$_GET['nummentors']; $registrations_nummentors=$_GET['nummentors'];
$numtoshow=$_GET['nummentors']; $numtoshow=$_GET['nummentors'];
} }
@ -198,7 +206,7 @@ else if($newstatus=="complete")
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />"; echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
for($x=1;$x<=$numtoshow;$x++) for($x=1;$x<=$numtoshow;$x++)
{ {
$mentorinfo=mysql_fetch_object($q); $mentorinfo=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>"; echo "<h3>".i18n("Mentor %1 Details",array($x))."</h3>";
//if we have a valid mentor, set their ID, so we can UPDATE when we submit //if we have a valid mentor, set their ID, so we can UPDATE when we submit
//if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit //if there is no record for this mentor, then set the ID to 0, so we will INSERT when we submit

View File

@ -38,15 +38,15 @@
exit; exit;
} }
$q=mysql_query("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='{$_SESSION['registration_id']}'");
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) { if($q->rowCount()==0) {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
while($s=mysql_fetch_object($q)) { while($s=$q->fetch(PDO::FETCH_OBJ)) {
$student_display_name[]="{$s->firstname} {$s->lastname}"; $student_display_name[]="{$s->firstname} {$s->lastname}";
} }
@ -66,9 +66,13 @@
$pu = ($_POST['punc'] == 'yes') ? true : false; $pu = ($_POST['punc'] == 'yes') ? true : false;
if($sp && $ca && $pu) { if($sp && $ca && $pu) {
$q=mysql_query("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'"); $q=$pdo->prepare("UPDATE students SET namecheck_complete='yes' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q->execute();
} else if($s->namecheck_complete!='no') { } else if($s->namecheck_complete!='no') {
$q=mysql_query("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'"); $q=$pdo->prepare("UPDATE students SET namecheck_complete='no' WHERE registrations_id='{$_SESSION['registration_id']}'");
$q->execute();
} }
} }
} }

View File

@ -41,22 +41,23 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
send_header("Participant Registration - Project Information"); send_header("Participant Registration - Project Information");
@ -86,8 +87,9 @@ echo mysql_error();
else else
{ {
//first, lets make sure this project really does belong to them //first, lets make sure this project really does belong to them
$q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1) $q->execute();
if($q->rowCount()==1)
{ {
$summarywords=preg_split("/[\s,]+/",$_POST['summary']); $summarywords=preg_split("/[\s,]+/",$_POST['summary']);
$summarywordcount=count($summarywords); $summarywordcount=count($summarywords);
@ -114,21 +116,22 @@ echo mysql_error();
else else
$shorttitle=stripslashes($_POST['shorttitle']); $shorttitle=stripslashes($_POST['shorttitle']);
mysql_query("UPDATE projects SET ". $stmt = $pdo->prepare("UPDATE projects SET ".
"title='".mysql_escape_string($title)."', ". "title='".$title."', ".
"shorttitle='".mysql_escape_string($shorttitle)."', ". "shorttitle='".$shorttitle."', ".
"projectdivisions_id='".intval($_POST['projectdivisions_id'])."', ". "projectdivisions_id='".intval($_POST['projectdivisions_id']."', ".
"projecttype='".mysql_escape_string(stripslashes($_POST['projecttype']))."', ". "projecttype='".stripslashes($_POST['projecttype'])."', ".
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ". "language='".stripslashes($_POST['language'])."', ".
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ". "req_table='".stripslashes($_POST['req_table'])."', ".
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ". "req_electricity='".stripslashes($_POST['req_electricity'])."', ".
"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ". "req_special='".stripslashes($_POST['req_special'])."', ".
"human_participants='".mysql_escape_string(stripslashes($_POST['human_participants']))."', ". "human_participants='".stripslashes($_POST['human_participants'])."', ".
"animal_participants='".mysql_escape_string(stripslashes($_POST['animal_participants']))."', ". "animal_participants='".stripslashes($_POST['animal_participants'])."', ".
"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ". "summary='".stripslashes($_POST['summary'])."', ".
"summarycountok='$summarycountok'". "summarycountok='$summarycountok'".
"WHERE id='".$_POST['id']."'"); "WHERE id='".$_POST['id']."'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
echo notice(i18n("Project information successfully updated")); echo notice(i18n("Project information successfully updated"));
} }
else else
@ -140,12 +143,14 @@ echo mysql_error();
//now lets find out their MAX grade, so we can pre-set the Age Category //now lets find out their MAX grade, so we can pre-set the Age Category
$q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'"); $q=$pdo->prepare("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
$gradeinfo=mysql_fetch_object($q); $q->execute();
$gradeinfo=$q->fetch(PDO::FETCH_OBJ);
//now lets grab all the age categories, so we can choose one based on the max grade //now lets grab all the age categories, so we can choose one based on the max grade
$q=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it) //save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
$agecategories[$r->id]['category']=$r->category; $agecategories[$r->id]['category']=$r->category;
@ -158,21 +163,26 @@ echo mysql_error();
} }
} }
//now select their project info //now select their project info
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
//check if it exists, if we didnt find any record, lets insert one $q->execute();
if(mysql_num_rows($q)==0) /check if it exists, if we didnt find any record, lets insert one
if($q->rowCount()==0)
{ {
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')"); $stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,year) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$config['FAIRYEAR']."')");
$stmt->execute();
//now query the one we just inserted //now query the one we just inserted
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
} }
$projectinfo=mysql_fetch_object($q); $projectinfo=$q->fetch(PDO::FETCH_OBJ);
//make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly //make sure that if they changed their grade on the student page, we update their projectcategories_id accordingly
if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id) if($projectcategories_id && $projectinfo->projectcategories_id!=$projectcategories_id)
{ {
echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category']))); echo notice(i18n("Age category changed, updating to %1",array($agecategories[$projectcategories_id]['category'])));
mysql_query("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'"); $stmt = $pdo->prepare("UPDATE projects SET projectcategories_id='$projectcategories_id' WHERE id='$projectinfo->id'");
$stmt->execute();
} }
@ -235,14 +245,16 @@ function countwords()
//###### Feature Specific - filtering divisions by category //###### Feature Specific - filtering divisions by category
if($config['filterdivisionbycategory']=="yes"){ if($config['filterdivisionbycategory']=="yes"){
$q=mysql_query("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division"); $q=$pdo->prepare("SELECT projectdivisions.* FROM projectdivisions,projectcategoriesdivisions_link WHERE projectdivisions.id=projectdivisions_id AND projectcategories_id=".$projectcategories_id." AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectcategoriesdivisions_link.year='".$config['FAIRYEAR']."' ORDER BY division");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
}else }else
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='".$config['FAIRYEAR']."' ORDER BY division");
$q->execute();
echo "<select name=\"projectdivisions_id\">"; echo "<select name=\"projectdivisions_id\">";
echo "<option value=\"\">".i18n("Select a division")."</option>\n"; echo "<option value=\"\">".i18n("Select a division")."</option>\n";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel=""; if($r->id == $projectinfo->projectdivisions_id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n"; echo "<option $sel value=\"$r->id\">".htmlspecialchars(i18n($r->division))."</option>\n";
@ -268,12 +280,13 @@ function countwords()
echo "</td></tr>"; echo "</td></tr>";
if($config['project_type'] == 'yes'){ if($config['project_type'] == 'yes'){
$q=mysql_query("SELECT * FROM projecttypes ORDER BY type"); $q=$pdo->prepare("SELECT * FROM projecttypes ORDER BY type");
$q->execute();
echo "<tr><td>".i18n("Project Type").": </td><td>"; echo "<tr><td>".i18n("Project Type").": </td><td>";
echo "<select name=\"projecttype\">\n"; echo "<select name=\"projecttype\">\n";
echo "<option value=\"\">".i18n("Select a project")."</option>\n"; echo "<option value=\"\">".i18n("Select a project")."</option>\n";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->type == $projectinfo->projecttype) if($r->type == $projectinfo->projecttype)
{ {

View File

@ -37,32 +37,33 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" > <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head><title><?=i18n("Division Selector")?></title> <head><title><?=i18n("Division Selector")?></title>
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" /> <link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
</head> </head>testi-bg.jpg
<body> <body>
<? <?
echo "<div id=\"emptypopup\">"; echo "<div id=\"emptypopup\">";testi-bg.jpg
if($_GET['division']) if($_GET['division'])
{ {
@ -72,8 +73,9 @@ echo mysql_error();
opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?> opener.document.forms.projectform.projectdivisions_id.selectedIndex=<?=$_GET['division']?>
</script> </script>
<? <?
$q=mysql_query("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE id='".$_GET['division']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
echo "<h2>".i18n($r->division)."</h2>\n"; echo "<h2>".i18n($r->division)."</h2>\n";
echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>"; echo "<a href=\"".$_SERVER['PHP_SELF']."\">".i18n("Restart division selector")."</a>";
echo "<br />"; echo "<br />";
@ -87,8 +89,9 @@ echo mysql_error();
$id=1; $id=1;
else else
$id=$_GET['id']; $id=$_GET['id'];
$q=mysql_query("SELECT * FROM projectdivisionsselector WHERE id='$id'"); $q=$pdo->prepare("SELECT * FROM projectdivisionsselector WHERE id='$id'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
echo i18n($r->question); echo i18n($r->question);
echo "<br />"; echo "<br />";
echo "<br />"; echo "<br />";

View File

@ -1,5 +1,5 @@
<? <?
/* /* mysql_query
This file is part of the 'Science Fair In A Box' project This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca SFIAB Website: http://www.sfiab.ca
@ -35,20 +35,21 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) { if($q->rowCount()==0) {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
send_header("Participant Registration - Safety Information"); send_header("Participant Registration - Safety Information");
@ -65,16 +66,18 @@ echo mysql_error();
} }
else { else {
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them //first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
mysql_query("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if(is_array($_POST['safety'])) { if(is_array($_POST['safety'])) {
$safetyids=array_keys($_POST['safety']); $safetyids=array_keys($_POST['safety']);
foreach($safetyids AS $key=>$val) { foreach($safetyids AS $key=>$val) {
mysql_query("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (". $stmt = $pdo->prepare("INSERT INTO safety (registrations_id,safetyquestions_id,year,answer) VALUES (".
"'".$_SESSION['registration_id']."', ". "'".$_SESSION['registration_id']."', ".
"'$val', ". "'$val', ".
"'".$config['FAIRYEAR']."', ". "'".$config['FAIRYEAR']."', ".
"'".mysql_escape_string(stripslashes($_POST['safety'][$val]))."')"); "'".stripslashes($_POST['safety'][$val]))."')";
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
} }
@ -89,13 +92,15 @@ else if($newstatus=="complete") {
echo happy(i18n("Safety Information Complete")); echo happy(i18n("Safety Information Complete"));
} }
$q=mysql_query("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'"); $q=$pdo->prepare("SELECT * FROM safety WHERE registrations_id='".$_SESSION['registration_id']."'");
while($r=mysql_fetch_object($q)) { $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$safetyanswers[$r->safetyquestions_id]=$r->answer; $safetyanswers[$r->safetyquestions_id]=$r->answer;
} }
$q=mysql_query("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord"); $q=$pdo->prepare("SELECT * FROM safetyquestions WHERE year='".$config['FAIRYEAR']."' ORDER BY ord");
if(mysql_num_rows($q)) { $q->execute();
if($q->rowCount()) {
echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer"); echo i18n("Please agree to / answer the following safety questions by checking the box next to the question, or choosing the appropriate answer");
echo "<br />"; echo "<br />";
echo "<br />"; echo "<br />";
@ -103,7 +108,7 @@ else if($newstatus=="complete") {
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<table class=\"tableedit\">\n"; echo "<table class=\"tableedit\">\n";
$num=1; $num=1;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
$trclass=($num%2==0?"odd":"even"); $trclass=($num%2==0?"odd":"even");
echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>"; echo "<tr class=\"$trclass\"><td><b>$num</b>. </td><td>";
if($r->required=="yes") echo REQUIREDFIELD; if($r->required=="yes") echo REQUIREDFIELD;

View File

@ -45,7 +45,7 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
@ -55,16 +55,17 @@
$registration_number=$_SESSION['registration_number']; $registration_number=$_SESSION['registration_number'];
$registration_id=$_SESSION['registration_id']; $registration_id=$_SESSION['registration_id'];
$q->execute();
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
} }
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun! //END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@ -106,7 +107,7 @@ $pdf->newPage();
else else
{ {
//grab the project info //grab the project info
$q=mysql_query("SELECT projects.*, $q=$pdo->prepare("SELECT projects.*,
projectcategories.category, projectcategories.category,
projectdivisions.division projectdivisions.division
FROM projects FROM projects
@ -117,10 +118,12 @@ $pdf->newPage();
AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectdivisions.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."' AND projectcategories.year='".$config['FAIRYEAR']."'
"); ");
$projectinfo=mysql_fetch_object($q); $q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($si=mysql_fetch_object($q)) $q->execute();
while($si=$q->fetch(PDO::FETCH_OBJ))
$studentinfoarray[]=$si; $studentinfoarray[]=$si;
} }
@ -141,8 +144,9 @@ $pdf->newPage();
foreach($studentinfoarray AS $studentinfo) foreach($studentinfoarray AS $studentinfo)
{ {
if(!$_GET['sample']) { if(!$_GET['sample']) {
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}"); $qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$rr = mysql_fetch_object($qq); $qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
} }
$pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5); $pdf->addTextX("$studentinfo->firstname $studentinfo->lastname, Grade {$studentinfo->grade}, {$rr->school}", 1.5);
@ -154,8 +158,9 @@ $pdf->newPage();
$pdf->hr(); $pdf->hr();
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use) if($r->use)
{ {
$pdf->heading(i18n("Exhibitor Declaration")); $pdf->heading(i18n("Exhibitor Declaration"));
@ -201,8 +206,9 @@ $pdf->newPage();
$pdf->hr(); $pdf->hr();
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use) if($r->use)
{ {
//now for the parent/guardian signatures //now for the parent/guardian signatures
@ -240,8 +246,9 @@ $pdf->newPage();
$pdf->hr(); $pdf->hr();
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use) if($r->use)
{ {
//now for the teacher signature //now for the teacher signature
@ -280,8 +287,9 @@ $pdf->newPage();
$pdf->hr(); $pdf->hr();
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use) if($r->use)
{ {
//now for the teacher signature //now for the teacher signature
@ -318,8 +326,9 @@ $pdf->newPage();
$pdf->hr(); $pdf->hr();
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->use) if($r->use)
{ {
//now for the teacher signature //now for the teacher signature

View File

@ -41,7 +41,7 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname
FROM registrations,students FROM registrations,students
WHERE students.email='{$_SESSION['email']}' WHERE students.email='{$_SESSION['email']}'
AND registrations.num='{$_SESSION['registration_number']}' AND registrations.num='{$_SESSION['registration_number']}'
@ -51,15 +51,16 @@
AND students.year={$config['FAIRYEAR']}"); AND students.year={$config['FAIRYEAR']}");
$registration_number=$_SESSION['registration_number']; $registration_number=$_SESSION['registration_number'];
$registration_id=$_SESSION['registration_id']; $registration_id=$_SESSION['registration_id'];
$q->execute();
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) { if($q->rowCount()==0) {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
} }
//END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun! //END OF AUTH, now lets try to generate a PDF using only PHP :) this should be fun!
@ -86,7 +87,7 @@ $pdf->AddPage();
$rr->school="SampleSchool"; $rr->school="SampleSchool";
} else { } else {
//grab the project info //grab the project info
$q=mysql_query("SELECT projects.*, $q=$pdo->prepare("SELECT projects.*,
projectcategories.category, projectcategories.category,
projectdivisions.division projectdivisions.division
FROM projects FROM projects
@ -97,10 +98,12 @@ $pdf->AddPage();
AND projectdivisions.year='".$config['FAIRYEAR']."' AND projectdivisions.year='".$config['FAIRYEAR']."'
AND projectcategories.year='".$config['FAIRYEAR']."' AND projectcategories.year='".$config['FAIRYEAR']."'
"); ");
$projectinfo=mysql_fetch_object($q); $q->execute();
$projectinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($si=mysql_fetch_object($q)) $q->execute();
while($si=$q->fetch(PDO::FETCH_OBJ))
$studentinfoarray[]=$si; $studentinfoarray[]=$si;
} }
@ -115,8 +118,9 @@ $pdf->AddPage();
$students = ""; $students = "";
foreach($studentinfoarray AS $studentinfo) { foreach($studentinfoarray AS $studentinfo) {
if(!$_GET['sample']) { if(!$_GET['sample']) {
$qq = mysql_query("SELECT school FROM schools WHERE id={$studentinfo->schools_id}"); $qq = $pdo->prepare("SELECT school FROM schools WHERE id={$studentinfo->schools_id}");
$rr = mysql_fetch_object($qq); $qq->execute();
$rr = $qq->fetch(PDO::FETCH_OBJ);
} }
if($students != '') $students .= '<br/>'; if($students != '') $students .= '<br/>';
$students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}"; $students .= "{$studentinfo->firstname} {$studentinfo->lastname}, Grade {$studentinfo->grade}, {$rr->school}";
@ -144,8 +148,9 @@ function sig($pdf, $text)
$pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C'); $pdf->Cell(60, $height_font, i18n('Date'), 'T', 1, 'C');
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='exhibitordeclaration'");
$r=mysql_fetch_assoc($q); $q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) { if($r['use']) {
$t = nl2br($r['text']); $t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t"); $pdf->WriteHTML("<h3>".i18n('Exhibitor Declaration')."</h3>$t");
@ -156,8 +161,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>"); $pdf->WriteHTML("<br><hr>");
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='parentdeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='parentdeclaration'");
$r=mysql_fetch_assoc($q); $q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) { if($r['use']) {
$t = nl2br($r['text']); $t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t"); $pdf->WriteHTML("<h3>".i18n('Parent/Guardian Declaration')."</h3>$t");
@ -168,8 +174,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>"); $pdf->WriteHTML("<br><hr>");
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='teacherdeclaration'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='teacherdeclaration'");
$r=mysql_fetch_assoc($q); $q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) { if($r['use']) {
$t = nl2br($r['text']); $t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t"); $pdf->WriteHTML("<h3>".i18n('Teacher Declaration')."</h3>$t");
@ -177,8 +184,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>"); $pdf->WriteHTML("<br><hr>");
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='regfee'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='regfee'");
$r=mysql_fetch_assoc($q); $q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) { if($r['use']) {
$pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>"); $pdf->WriteHTML("<h3>".i18n('Registration Fee Summary')."</h3><br>");
@ -207,8 +215,9 @@ function sig($pdf, $text)
$pdf->WriteHTML("<br><hr>"); $pdf->WriteHTML("<br><hr>");
} }
$q=mysql_query("SELECT * FROM signaturepage WHERE name='postamble'"); $q=$pdo->prepare("SELECT * FROM signaturepage WHERE name='postamble'");
$r=mysql_fetch_assoc($q); $q->execute();
$r=$q->fetch(PDO::FETCH_ASSOC);
if($r['use']) { if($r['use']) {
$t = nl2br($r['text']); $t = nl2br($r['text']);
$pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t"); $pdf->WriteHTML("<h3>".i18n('Additional Information')."</h3>$t");

View File

@ -36,24 +36,26 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) { if($q->rowCount()==0) {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'"); $q=$pdo->prepare("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."'");
$project=mysql_fetch_object($q); $q->execute();
$project=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
send_header("Participant Registration - Self-Nomination for Special Awards"); send_header("Participant Registration - Self-Nomination for Special Awards");
@ -87,8 +89,9 @@ function checkboxclicked(b)
if($config['specialawardnomination']=="date") { if($config['specialawardnomination']=="date") {
echo notice(i18n("Special award self-nomination is only available from %1 to %2. Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose']))); echo notice(i18n("Special award self-nomination is only available from %1 to %2. Please make sure you complete your nominations between these dates.", array($config['dates']['specawardregopen'],$config['dates']['specawardregclose'])));
$q=mysql_query("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['specawardregopen']."' AND NOW()<'".$config['dates']['specawardregclose']."') AS datecheck");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
//this will return 1 if its between the dates, 0 otherwise. //this will return 1 if its between the dates, 0 otherwise.
if($r->datecheck==1) if($r->datecheck==1)
$readonly=false; $readonly=false;
@ -123,16 +126,18 @@ function checkboxclicked(b)
} }
else else
{ {
mysql_query("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'"); $stmt =$pdo->prepare("DELETE FROM project_specialawards_link WHERE projects_id='$project->id' AND year='".$config['FAIRYEAR']."'");
$stmt-execute();
foreach($splist AS $spaward) foreach($splist AS $spaward)
{ {
$s = ($spaward == -1) ? "NULL" : "'$spaward'"; $s = ($spaward == -1) ? "NULL" : "'$spaward'";
mysql_query("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (". $stmt = $pdo->prepare("INSERT INTO project_specialawards_link (award_awards_id,projects_id,year) VALUES (".
"$s, ". "$s, ".
"'$project->id', ". "'$project->id', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
if($num) { if($num) {
if($noawards == true) if($noawards == true)

View File

@ -37,32 +37,33 @@
exit; exit;
} }
$fairyear = intval($config['FAIRYEAR']); $fairyear = intval($config['FAIRYEAR']);
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=yahoo_image.png.pnguery("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='" . mysql_real_escape_string($_SESSION['email']) . "' ". "WHERE students.email='" . $_SESSION['email'] . "' ".
"AND registrations.num='" . mysql_real_escape_string($_SESSION['registration_number']) . "' ". "AND registrations.num='" . $_SESSION['registration_number'] . "' ".
"AND registrations.id='" . mysql_real_escape_string($_SESSION['registration_id']) . "' ". "AND registrations.id='" . $_SESSION['registration_id'] . "' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=" . $fairyear . " ". "AND registrations.year=" . $fairyear . " ".
"AND students.year=" . $fairyear); "AND students.year=" . $fairyear);
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
send_header("Participant Registration - Student Information"); send_header("Participant Registration - Student Information");
echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />"; echo "<a href=\"register_participants_main.php\">&lt;&lt; ".i18n("Back to Participant Registration Summary")."</a><br />";
echo "<br />"; echo "<br />";
$regfee_items = array(); $regfee_items = array();
$items_q = mysql_query("SELECT * FROM regfee_items $items_q = $pdo->prepare("SELECT * FROM regfee_items
WHERE year='{$config['FAIRYEAR']}'"); WHERE year='{$config['FAIRYEAR']}'");
while($items_i = mysql_fetch_assoc($items_q)) { $items_q->execute();
while($items_i = $items_q->fetch(PDO::FETCH_ASSOC)) {
$regfee_items[] = $items_i; $regfee_items[] = $items_i;
} }
@ -90,41 +91,42 @@ if($_POST['action']=="save")
//if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own. //if they use schoolpassword or singlepassword, then we need to set the school based on the school stored in the registration record. for anything else they can school the school on their own.
if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite") if($config['participant_registration_type']=="schoolpassword" || $config['participant_registration_type']=="invite")
{ {
$q=mysql_query("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT schools_id FROM registrations WHERE id='".$_SESSION['registration_id']."' AND YEAR='".$config['FAIRYEAR']."'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$schools_id=$r->schools_id; $schools_id=$r->schools_id;
$schoolvalue="'$schools_id', "; $schoolvalue="'$schools_id', ";
} }
else else
{ {
$schoolvalue="'".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', "; $schoolvalue="'".stripslashes($_POST['schools_id'][$x])."', ";
} }
//INSERT new record //INSERT new record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x]; $dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (". $stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,pronunciation,sex,email,address,city,county,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
"'".$_SESSION['registration_id']."', ". "'".$_SESSION['registration_id']."', ".
"'".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "'".stripslashes($_POST['firstname'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "'".stripslashes($_POST['lastname'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ". "'".stripslashes($_POST['pronunciation'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ". "'".stripslashes($_POST['sex'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ". "'".stripslashes($_POST['email'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ". "'".stripslashes($_POST['address'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ". "'".stripslashes($_POST['city'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ". "'".stripslashes($_POST['county'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ". "'".stripslashes($_POST['province'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ". "'".stripslashes($_POST['postalcode'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ". "'".stripslashes($_POST['phone'][$x])."', ".
"'$dob', ". "'$dob', ".
"'".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ". "'".stripslashes($_POST['grade'][$x])."', ".
$schoolvalue. $schoolvalue.
"'".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."', ". "'".stripslashes($_POST['tshirt'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ". "'".stripslashes($_POST['medicalalert'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ". "'".stripslashes($_POST['foodreq'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ". "'".stripslashes($_POST['teachername'][$x])."', ".
"'".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ". "'".stripslashes($_POST['teacheremail'][$x])."', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
$students_id = mysql_insert_id(); $students_id = $pdo->lastInsertId();
echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]))); echo notice(i18n("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
@ -139,44 +141,46 @@ if($_POST['action']=="save")
} }
else else
{ {
$schoolquery="schools_id='".mysql_real_escape_string(stripslashes($_POST['schools_id'][$x]))."', "; $schoolquery="schools_id='".stripslashes($_POST['schools_id'][$x])."', ";
} }
//UPDATE existing record //UPDATE existing record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x]; $dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("UPDATE students SET ". $stmt = $pdo->prepare("UPDATE students SET ".
"firstname='".mysql_real_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "firstname='".stripslashes($_POST['firstname'][$x])."', ".
"lastname='".mysql_real_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "lastname='".stripslashes($_POST['lastname'][$x])."', ".
"pronunciation='".mysql_real_escape_string(stripslashes($_POST['pronunciation'][$x]))."', ". "pronunciation='".stripslashes($_POST['pronunciation'][$x])."', ".
"sex='".mysql_real_escape_string(stripslashes($_POST['sex'][$x]))."', ". "sex='".stripslashes($_POST['sex'][$x])."', ".
"email='".mysql_real_escape_string(stripslashes($_POST['email'][$x]))."', ". "email='".stripslashes($_POST['email'][$x])."', ".
"address='".mysql_real_escape_string(stripslashes($_POST['address'][$x]))."', ". "address='".stripslashes($_POST['address'][$x])."', ".
"city='".mysql_real_escape_string(stripslashes($_POST['city'][$x]))."', ". "city='".stripslashes($_POST['city'][$x])."', ".
"county='".mysql_real_escape_string(stripslashes($_POST['county'][$x]))."', ". "county='".stripslashes($_POST['county'][$x])."', ".
"province='".mysql_real_escape_string(stripslashes($_POST['province'][$x]))."', ". "province='".stripslashes($_POST['province'][$x])."', ".
"postalcode='".mysql_real_escape_string(stripslashes($_POST['postalcode'][$x]))."', ". "postalcode='".stripslashes($_POST['postalcode'][$x])."', ".
"phone='".mysql_real_escape_string(stripslashes($_POST['phone'][$x]))."', ". "phone='".stripslashes($_POST['phone'][$x])."', ".
"dateofbirth='$dob', ". "dateofbirth='$dob', ".
"grade='".mysql_real_escape_string(stripslashes($_POST['grade'][$x]))."', ". "grade='".stripslashes($_POST['grade'][$x])."', ".
$schoolquery. $schoolquery.
"medicalalert='".mysql_real_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ". "medicalalert='".stripslashes($_POST['medicalalert'][$x])."', ".
"foodreq='".mysql_real_escape_string(stripslashes($_POST['foodreq'][$x]))."', ". "foodreq='".stripslashes($_POST['foodreq'][$x])."', ".
"teachername='".mysql_real_escape_string(stripslashes($_POST['teachername'][$x]))."', ". "teachername='".stripslashes($_POST['teachername'][$x])."', ".
"teacheremail='".mysql_real_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ". "teacheremail='".stripslashes($_POST['teacheremail'][$x])."', ".
"tshirt='".mysql_real_escape_string(stripslashes($_POST['tshirt'][$x]))."' ". "tshirt='".stripslashes($_POST['tshirt'][$x])."' ".
"WHERE id='$students_id'"); "WHERE id='$students_id'");
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x]))); echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])));
} }
/* Update the regfee items link */ /* Update the regfee items link */
if($config['participant_regfee_items_enable'] == 'yes') { if($config['participant_regfee_items_enable'] == 'yes') {
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'"); $stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
$stmt->execute();
if(is_array($_POST['regfee_item'][$x])) { if(is_array($_POST['regfee_item'][$x])) {
foreach($_POST['regfee_item'][$x] as $id=>$enabled) { foreach($_POST['regfee_item'][$x] as $id=>$enabled) {
mysql_query("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`) $stmt = $pdo->prepare("INSERT INTO regfee_items_link(`students_id`,`regfee_items_id`)
VALUES ('$students_id','$id') "); VALUES ('$students_id','$id') ");
$stmt->execute();
} }
} }
} }
@ -195,20 +199,22 @@ if($_GET['action']=="removestudent")
{ {
$students_id = intval($_GET['removestudent']); $students_id = intval($_GET['removestudent']);
//first make sure this is one belonging to this registration id //first make sure this is one belonging to this registration id
$q=mysql_query("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'"); $q=$pdo->prepare("SELECT id FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
if(mysql_num_rows($q)==1) $q->execute();
if($q->rowCount()==1)
{ {
mysql_query("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'"); $stmt = $pdo->prepare("DELETE FROM students WHERE id='$students_id' AND registrations_id='".$_SESSION['registration_id']."'");
$stmt->execute();
//now see if they have an emergency contact that also needs to be removed //now see if they have an emergency contact that also needs to be removed
$q=mysql_query("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT id FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
//no need to error message if this doesnt exist //no need to error message if this doesnt exist
if(mysql_num_rows($q)==1) if($q->rowCount()==1)
mysql_query("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE students_id='$students_id' AND registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
mysql_query("DELETE FROM regfee_items_link WHERE students_id='$students_id'"); $stmt = $pdo->prepare("DELETE FROM regfee_items_link WHERE students_id='$students_id'");
$stmt->execute();
echo notice(i18n("Student successfully removed")); echo notice(i18n("Student successfully removed"));
} }
else else
@ -234,20 +240,21 @@ else if($newstatus=="complete")
//now query and display //now query and display
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$q->execute();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
//uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address //uhh oh, we didnt find any, this isnt possible! lets insert one using the logged in persons email address
//although... this can never really happen, since the above queries only allow the page to view if the student //although... this can never really happen, since the above queries only allow the page to view if the student
//is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase //is found in the students table... soo... well, lets leave it here as a fallback anyways, just incase
mysql_query("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".mysql_real_escape_string($_SESSION['email'])."','".$config['FAIRYEAR']."')"); $stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,year) VALUES ('".$_SESSION['registration_id']."','".$_SESSION['email']."','".$config['FAIRYEAR']."')");
$stmt->execute();
//if we just inserted it, then we will obviously find 1 //if we just inserted it, then we will obviously find 1
$numfound=1; $numfound=1;
} }
else else
{ {
$numfound=mysql_num_rows($q); $numfound=$q->rowCount();
} }
if($_GET['numstudents']) if($_GET['numstudents'])
@ -277,7 +284,7 @@ else if($newstatus=="complete")
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />"; echo "<input type=\"hidden\" name=\"action\" value=\"save\" />";
for($x=1;$x<=$numtoshow;$x++) for($x=1;$x<=$numtoshow;$x++)
{ {
$studentinfo=mysql_fetch_object($q); $studentinfo=$q->fetch(PDO::FETCH_OBJ);
echo "<h3>".i18n("Student %1 Details",array($x))."</h3>"; echo "<h3>".i18n("Student %1 Details",array($x))."</h3>";
//if we have a valid student, set their ID, so we can UPDATE when we submit //if we have a valid student, set their ID, so we can UPDATE when we submit
//if there is no record for this student, then set the ID to 0, so we will INSERT when we submit //if there is no record for this student, then set the ID to 0, so we will INSERT when we submit
@ -447,10 +454,11 @@ if($config['participant_student_personal']=="yes")
echo " <td>".i18n("School")."</td><td colspan=\"3\">"; echo " <td>".i18n("School")."</td><td colspan=\"3\">";
if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) ) if( $config['participant_registration_type']=="open" || $config['participant_registration_type']=="singlepassword" || $config['participant_registration_type']=="openorinvite" || ($studentinfo && !$studentinfo->schools_id) )
{ {
$schoolq=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school"); $schoolq=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER by city,school");
$schoolq->execute();
echo "<select name=\"schools_id[$x]\">\n"; echo "<select name=\"schools_id[$x]\">\n";
echo "<option value=\"\">".i18n("Choose School")."</option>\n"; echo "<option value=\"\">".i18n("Choose School")."</option>\n";
while($r=mysql_fetch_object($schoolq)) while($r=$schoolq->fetch(PDO::FETCH_OBJ))
{ {
if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel=""; if($studentinfo->schools_id==$r->id) $sel="selected=\"selected\""; else $sel="";
echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n"; echo "<option $sel value=\"$r->id\">".htmlspecialchars($r->city).' - '.htmlspecialchars($r->school)."</option>\n";
@ -460,8 +468,9 @@ if($config['participant_student_personal']=="yes")
} }
else else
{ {
$schoolq=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'"); $schoolq=$pdo->prepare("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' AND id='$studentinfo->schools_id'");
$r=mysql_fetch_object($schoolq); $schoolq->execute();
$r=$schoolq->fetch(PDO::FETCH_OBJ);
echo $r->school; echo $r->school;
} }
@ -474,10 +483,11 @@ if($config['participant_student_personal']=="yes")
echo "</tr>\n"; echo "</tr>\n";
if($config['participant_regfee_items_enable'] == 'yes' ) { if($config['participant_regfee_items_enable'] == 'yes' ) {
$sel_q = mysql_query("SELECT * FROM regfee_items_link $sel_q = $pdo->prepare("SELECT * FROM regfee_items_link
WHERE students_id=$id"); WHERE students_id=$id");
$sel_q->execute();
$sel = array(); $sel = array();
while($info_q = mysql_fetch_assoc($sel_q)) { while($info_q = $sel_q->fetch(PDO::FETCH_ASSOC)) {
$sel[$info_q['regfee_items_id']] = $info_q['id']; $sel[$info_q['regfee_items_id']] = $info_q['id'];
} }
foreach($regfee_items as $rfi) { foreach($regfee_items as $rfi) {

View File

@ -37,22 +37,23 @@
exit; exit;
} }
$q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ". $q=$pdo->prepare("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
"WHERE students.email='".$_SESSION['email']."' ". "WHERE students.email='".$_SESSION['email']."' ".
"AND registrations.num='".$_SESSION['registration_number']."' ". "AND registrations.num='".$_SESSION['registration_number']."' ".
"AND registrations.id='".$_SESSION['registration_id']."' ". "AND registrations.id='".$_SESSION['registration_id']."' ".
"AND students.registrations_id=registrations.id ". "AND students.registrations_id=registrations.id ".
"AND registrations.year=".$config['FAIRYEAR']." ". "AND registrations.year=".$config['FAIRYEAR']." ".
"AND students.year=".$config['FAIRYEAR']); "AND students.year=".$config['FAIRYEAR']);
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
if(mysql_num_rows($q)==0) if($q->rowCount()==0)
{ {
header("Location: register_participants.php"); header("Location: register_participants.php");
exit; exit;
} }
$authinfo=mysql_fetch_object($q); $authinfo=$q->fetch(PDO::FETCH_OBJ);
//send the header //send the header
@ -75,10 +76,11 @@ echo mysql_error();
else else
{ {
//first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them //first we will delete all their old answer, its easier to delete and re-insert in this case then it would be to find the corresponding answers and update them
mysql_query("DELETE FROM tours_choice $stmt = $pdo->prepare("DELETE FROM tours_choice
WHERE registrations_id='{$_SESSION['registration_id']}' WHERE registrations_id='{$_SESSION['registration_id']}'
AND year='{$config['FAIRYEAR']}' AND year='{$config['FAIRYEAR']}'
AND rank!='0'"); AND rank!='0'");
$stmt->execute();
if(is_array($_POST['toursel'])) if(is_array($_POST['toursel']))
{ {
foreach($_POST['toursel'] AS $students_id=>$ts) foreach($_POST['toursel'] AS $students_id=>$ts)
@ -98,13 +100,14 @@ echo mysql_error();
/* Remember this choice in a format that is easily searchable */ /* Remember this choice in a format that is easily searchable */
$selarray[] = $x; $selarray[] = $x;
mysql_query("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (". $stmt = $pdo->prepare("INSERT INTO tours_choice (registrations_id,students_id,tour_id,year,rank) VALUES (".
"'".$_SESSION['registration_id']."', ". "'".$_SESSION['registration_id']."', ".
"'".intval($students_id)."', ". "'".intval($students_id)."', ".
"'".intval($tid)."', ". "'".intval($tid)."', ".
"'".$config['FAIRYEAR']."', ". "'".$config['FAIRYEAR']."', ".
"'$rank')"); "'$rank')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
@ -140,23 +143,25 @@ else if($newstatus=="complete")
$assigned_tour = array(); $assigned_tour = array();
$q=mysql_query("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM tours_choice WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id; if($r->rank == 0) $assigned_tour[$r->students_id] = $r->tour_id;
$tour_choice[$r->students_id][$r->rank] = $r->tour_id; $tour_choice[$r->students_id][$r->rank] = $r->tour_id;
} }
$tours = array(); $tours = array();
$q=mysql_query("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM tours WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
if(mysql_num_rows($q) == 0) $q->execute();
if($q->rowCount() == 0)
{ {
echo notice(i18n("There is not tour information")); echo notice(i18n("There is not tour information"));
send_footer(); send_footer();
exit; exit;
} }
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$tours[$r->id]['name'] = $r->name; $tours[$r->id]['name'] = $r->name;
$tours[$r->id]['num'] = $r->num; $tours[$r->id]['num'] = $r->num;
@ -173,11 +178,12 @@ else if($newstatus=="complete")
echo "<form method=\"post\" action=\"register_participants_tours.php\">\n"; echo "<form method=\"post\" action=\"register_participants_tours.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
$q=mysql_query("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE registrations_id='".$_SESSION['registration_id']."' AND year='".$config['FAIRYEAR']."'");
$num_found = mysql_num_rows($q); $q->execute();
$num_found = $q->rowCount();
$print_submit = false; $print_submit = false;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />"; echo i18n("Tour Selection for")." <b>{$r->firstname} {$r->lastname}</b>:<br /><br />";
if($r->grade <= 0) { if($r->grade <= 0) {

View File

@ -37,9 +37,10 @@ function handle_getstats(&$u, $fair,&$data, &$response)
$response['statconfig'] = explode(',', $fair['gather_stats']); $response['statconfig'] = explode(',', $fair['gather_stats']);
/* Send back the stats we currently have */ /* Send back the stats we currently have */
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' $q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'"); AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q); $q->execute();
$response['stats'] = $q->fetch(PDO::FETCH_ASSOC);
unset($response['stats']['id']); unset($response['stats']['id']);
$response['error'] = 0; $response['error'] = 0;
} }
@ -48,17 +49,19 @@ function handle_stats(&$u,$fair, &$data, &$response)
{ {
$stats = $data['stats']; $stats = $data['stats'];
foreach($stats as $k=>$v) { foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]); $stats[$k] = $stats[$k];
} }
// $str = join(',',$stats); // $str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`'; $keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'"; $vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' $stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='{$stats['year']}'"); AND year='{$stats['year']}'");
echo mysql_error(); $stmt->execute();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)"); echo $pdo->errorInfo();
echo mysql_error(); $stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
$stmt->execute();
echo $pdo->errorInfo();
$response['message'] = 'Stats saved'; $response['message'] = 'Stats saved';
$response['error'] = 0; $response['error'] = 0;
@ -71,8 +74,9 @@ function handle_getawards(&$u, $fair, &$data, &$response)
$ids = array(); $ids = array();
/* Load a list of awards linked to the fair id */ /* Load a list of awards linked to the fair id */
$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'"); $q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
while($r = mysql_fetch_assoc($q)) { $q->execute();
while($r = $q->fetch(PDO::FETCH_ASSOC)) {
$aaid = $r['award_awards_id']; $aaid = $r['award_awards_id'];
if($r['download_award'] == 'yes') $ids[] = $aaid; if($r['download_award'] == 'yes') $ids[] = $aaid;
$ul[$aaid] = $r['upload_winners']; $ul[$aaid] = $r['upload_winners'];
@ -80,9 +84,10 @@ function handle_getawards(&$u, $fair, &$data, &$response)
/* Load the awards this fair is allowed to download */ /* Load the awards this fair is allowed to download */
$where = "(id='".join("' OR id='", $ids)."')"; $where = "(id='".join("' OR id='", $ids)."')";
$q = mysql_query("SELECT * FROM award_awards WHERE $where AND year='$year'" ); $q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year='$year'" );
$q->execute();
while($a = mysql_fetch_assoc($q)) { while($a = $q->fetch(PDO::FETCH_ASSOC)) {
$award = array(); $award = array();
$award['identifier'] = $a['external_identifier']; $award['identifier'] = $a['external_identifier'];
$award['external_additional_materials'] = $a['external_additional_materials']; $award['external_additional_materials'] = $a['external_additional_materials'];
@ -95,16 +100,18 @@ function handle_getawards(&$u, $fair, &$data, &$response)
$award['schedule_judges'] = $a['schedule_judges']; $award['schedule_judges'] = $a['schedule_judges'];
if($a['sponsors_id']) { if($a['sponsors_id']) {
$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'"); $sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
if(mysql_num_rows($sq)) { $sq->execute();
$s = mysql_fetch_assoc($sq); if($sq->rowCount()) {
$s = $sq->fetch(PDO::FETCH_ASSOC);
$award['sponsor'] = $s['organization']; $award['sponsor'] = $s['organization'];
} }
} }
$award['prizes'] = array(); $award['prizes'] = array();
$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'"); $pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
while($p = mysql_fetch_assoc($pq)) { $pq->execute();
while($p = $pq->fetch(PDO::FETCH_ASSOC)) {
/* Map array keys -> local database field */ /* Map array keys -> local database field */
$map = array( 'cash' => 'cash', 'scholarship' => 'scholarship', $map = array( 'cash' => 'cash', 'scholarship' => 'scholarship',
'value' => 'value', 'prize_en' => 'prize', 'number'=>'number', 'value' => 'value', 'prize_en' => 'prize', 'number'=>'number',
@ -146,7 +153,7 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
'scienceheadphone'=>'scienceheadphone');*/ 'scienceheadphone'=>'scienceheadphone');*/
if($school_id == -1) { if($school_id == -1) {
$our_school = mysql_fetch_assoc($mysql_query); $our_school = $mysql_query->fetch(PDO::FETCH_ASSOC);
$sid = $our_school['id']; $sid = $our_school['id'];
} else { } else {
$sid = $school_id; $sid = $school_id;
@ -156,41 +163,47 @@ function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
foreach($school_fields as $t=>$m) { foreach($school_fields as $t=>$m) {
if($our_school[$m] == $school[$t]) continue; if($our_school[$m] == $school[$t]) continue;
if($set != '') $set.=','; if($set != '') $set.=',';
$set .= "`$m`='".mysql_real_escape_string($school[$t])."'"; $set .= "`$m`='".$school[$t]."'";
} }
mysql_query("UPDATE schools SET $set WHERE id='$sid'"); $stmt = $pdo->prepare("UPDATE schools SET $set WHERE id='$sid'");
$stmt->execute();
return $sid; return $sid;
} }
function award_upload_school(&$student, &$school, $year, &$response) function award_upload_school(&$student, &$school, $year, &$response)
{ {
$school_name = mysql_real_escape_string($school['schoolname']); $school_name = $school['schoolname'];
$school_city = mysql_real_escape_string($school['city']); $school_city = $school['city'];
$school_phone = mysql_real_escape_string($school['phone']); $school_phone = $school['phone'];
$school_addr = mysql_real_escape_string($school['address']); $school_addr = $school['address'];
$student_city = $student['city']; $student_city = $student['city'];
/* Find school by matching name, city, phone, year */ /* Find school by matching name, city, phone, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school); $q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, city, address, year */ /* Find school by matching name, city, address, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school); $q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, city, year */ /* Find school by matching name, city, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school); $q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
/* Find school by matching name, student city, year */ /* Find school by matching name, student city, year */
$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school); $q->execute();
if($q->rowCount() == 1) return award_upload_update_school($q, $school);
$response['notice'][] = " - Creating new school: $school_name"; $response['notice'][] = " - Creating new school: $school_name";
/* No? ok, make a new school */ /* No? ok, make a new school */
mysql_query("INSERT INTO schools(`school`,`year`) VALUES ('".mysql_real_escape_string($school['schoolname'])."','$year')"); $stmt = $pdo->prepare("INSERT INTO schools(`school`,`year`) VALUES ('".$school['schoolname']."','$year')");
$school_id = mysql_insert_id(); $stmt->execute();
$school_id = $pdo->lastInsertId();
return award_upload_update_school($q, $school, $school_id); return award_upload_update_school($q, $school, $school_id);
} }
@ -216,11 +229,12 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
'teacheremail'=>'teacheremail'); 'teacheremail'=>'teacheremail');
/* See if this project already exists */ /* See if this project already exists */
$pn = mysql_real_escape_string($project['projectnumber']); $pn = $project['projectnumber'];
$q = mysql_query("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
echo mysql_error(); $q->execute();
if(mysql_num_rows($q) == 1) { echo $pdo->errorInfo();
$our_project = mysql_fetch_assoc($q); if($q->rowCount() == 1) {
$our_project = $q->fetch(PDO::FETCH_ASSOC);
$registrations_id = $our_project['registrations_id']; $registrations_id = $our_project['registrations_id'];
$pid = $our_project['id']; $pid = $our_project['id'];
$response['notice'][] = " - Found existing project: {$project['title']}"; $response['notice'][] = " - Found existing project: {$project['title']}";
@ -233,41 +247,47 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
//random number between //random number between
//100000 and 999999 (six digit integer) //100000 and 999999 (six digit integer)
$regnum=rand(100000,999999); $regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=$year"); $q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
echo mysql_error(); $q->execute();
}while(mysql_num_rows($q)>0); echo $pdo->errorInfo();
}while($q->rowCount()>0);
//actually insert it //actually insert it
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (". $stmt= $pdo->prepare("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
"'$regnum','$regnum',NOW(),'open',NULL,'$year')"); "'$regnum','$regnum',NOW(),'open',NULL,'$year')");
$registrations_id = mysql_insert_id(); $stmt->execute();
$registrations_id = $pdo->lastInsertId();
/* We'll fill in the email address later */ /* We'll fill in the email address later */
/* Add the project */ /* Add the project */
mysql_query("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`) $stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
VALUES('$registrations_id', VALUES('$registrations_id',
'".mysql_real_escape_string($project['projectnumber'])."', '".$project['projectnumber']."',
'$year', '{$fair['id']}');"); '$year', '{$fair['id']}');");
$pid = mysql_insert_id(); $stmt->execute();
$pid = $pdo->lastInsertId();
$reg_email_needs_update = true; $reg_email_needs_update = true;
$new_reg = true; $new_reg = true;
} }
$q = mysql_query("SELECT * FROM registrations WHERE id='$registrations_id'"); $q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
$registration = mysql_fetch_assoc($q); $q->execute();
$registration = $q->fetch(PDO::FETCH_ASSOC);
/* Update the project in case anythign changed */ /* Update the project in case anythign changed */
mysql_query("UPDATE projects SET title='".mysql_real_escape_string($project['title'])."', $stmt = $pdo->prepare("UPDATE projects SET title='".$project['title']."',
summary='".mysql_real_escape_string($project['abstract'])."', summary='".$project['abstract']."',
projectcategories_id='".intval($project['projectcategories_id'])."', projectcategories_id='".intval($project['projectcategories_id'])."',
projectdivisions_id='".intval($project['projectdivisions_id'])."' projectdivisions_id='".intval($project['projectdivisions_id'])."'
WHERE id='$pid'"); WHERE id='$pid'");
$stmt->execute();
/* Record the winner */ /* Record the winner */
mysql_query("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`) $stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')"); VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
$stmt->execute();
/* Delete the students attached to this project */ /* Delete the students attached to this project */
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'"); $stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
$stmt->execute();
/* Add new */ /* Add new */
foreach($project['students'] as &$student) { foreach($project['students'] as &$student) {
@ -279,15 +299,17 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
$keys = ",`".join("`,`", array_values($student_fields))."`"; $keys = ",`".join("`,`", array_values($student_fields))."`";
$values = ""; $values = "";
foreach($student_fields as $k=>$v) foreach($student_fields as $k=>$v)
$values .= ",'".mysql_real_escape_string($student[$k])."'"; $values .= ",'".$student[$k]."'";
/* Note lack of comma before $keys, we added it above for both keys and values */ /* Note lack of comma before $keys, we added it above for both keys and values */
mysql_query("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys) $stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )"); VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
$stmt->execute();
/* Update the registration email */ /* Update the registration email */
if($reg_email_needs_update) { if($reg_email_needs_update) {
mysql_query("UPDATE registrations SET email='".mysql_real_escape_string($student['email'])."' $stmt = $pdo->prepare("UPDATE registrations SET email='".$student['email']."'
WHERE id='$registrations_id'"); WHERE id='$registrations_id'");
$stmt->execute();
$reg_email_needs_update = false; $reg_email_needs_update = false;
} }
@ -305,7 +327,8 @@ function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$respo
/* It's not an external, so we don't need the student to login /* It's not an external, so we don't need the student to login
* or antyhing, we probably want to include it in reports, so set * or antyhing, we probably want to include it in reports, so set
* it to complete */ * it to complete */
mysql_query("UPDATE registrations SET status='complete' WHERE id='$registrations_id'"); $stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
$stmt->execute();
} }
} }
@ -326,15 +349,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
$year = intval($award_data['year']); $year = intval($award_data['year']);
/* Find the award */ /* Find the award */
$eid = mysql_real_escape_string($external_identifier); $eid = $external_identifier;
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
if(mysql_num_rows($q) != 1) { $q->execute();
if($q->rowCount() != 1) {
$response['message'] = "Unknown award identifier '$eid' for year $year"; $response['message'] = "Unknown award identifier '$eid' for year $year";
$response['error'] = 1; $response['error'] = 1;
return; return;
} }
$award = mysql_fetch_assoc($q); $award = $q->fetch(PDO::FETCH_ASSOC);
$aaid = $award['id']; $aaid = $award['id'];
$response['notice'][] = "Found award: {$award['name']}"; $response['notice'][] = "Found award: {$award['name']}";
@ -342,14 +366,16 @@ function handle_awards_upload(&$u, &$fair, &$data, &$response)
/* Load prizes, we fetched the right award by year, so we don't need to /* Load prizes, we fetched the right award by year, so we don't need to
* check the year as long as we query by aaid */ * check the year as long as we query by aaid */
$prizes = array(); $prizes = array();
$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'"); $q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
while($prize = mysql_fetch_assoc($q)) { $q->execute();
while($prize = $q->fetch(PDO::FETCH_ASSOC)) {
$response['notice'][] = " - Prize: {$prize['prize']}"; $response['notice'][] = " - Prize: {$prize['prize']}";
/* Clean out existing winners for this prize */ /* Clean out existing winners for this prize */
mysql_query("DELETE FROM winners WHERE $stmt = $pdo->prepare("DELETE FROM winners WHERE
award_prize_id='{$prize['id']}' award_prize_id='{$prize['id']}'
AND fairs_id='{$fair['id']}'"); AND fairs_id='{$fair['id']}'");
$stmt->execute();
/* Assign projects to this prize */ /* Assign projects to this prize */
$ul_p =& $award_data['prizes'][$prize['prize']]; $ul_p =& $award_data['prizes'][$prize['prize']];
@ -368,8 +394,9 @@ function handle_get_categories(&$u, &$fair, &$data, &$response)
{ {
$year = intval($data['get_categories']['year']); $year = intval($data['get_categories']['year']);
$cat = array(); $cat = array();
$q=mysql_query("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q)) { $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$cat[$r->id]=array('id' => $r->id, $cat[$r->id]=array('id' => $r->id,
'category' => $r->category, 'category' => $r->category,
'mingrade' => $r->mingrade, 'mingrade' => $r->mingrade,
@ -383,8 +410,9 @@ function handle_get_divisions(&$u, &$fair, &$data, &$response)
{ {
$year = intval($data['get_divisions']['year']); $year = intval($data['get_divisions']['year']);
$div = array(); $div = array();
$q=mysql_query("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id"); $q=$pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
while($r=mysql_fetch_object($q)) { $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$div[$r->id] = array('id' => $r->id, $div[$r->id] = array('id' => $r->id,
'division' => $r->division); 'division' => $r->division);
} }
@ -397,14 +425,15 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
$year = intval($data['award_additional_materials']['year']); $year = intval($data['award_additional_materials']['year']);
$external_identifier = $data['award_additional_materials']['identifier']; $external_identifier = $data['award_additional_materials']['identifier'];
$eid = mysql_real_escape_string($external_identifier); $eid = $external_identifier;
$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'"); $q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
if(mysql_num_rows($q) != 1) { $q->execute();
if($q->rowCount() != 1) {
$response['message'] = "Unknown award identifier '$eid'"; $response['message'] = "Unknown award identifier '$eid'";
$response['error'] = 1; $response['error'] = 1;
return; return;
} }
$award = mysql_fetch_assoc($q); $award = $q->fetch(PDO::FETCH_ASSOC);
$pdf = fair_additional_materials($fair, $award, $year); $pdf = fair_additional_materials($fair, $award, $year);
$response['award_additional_materials']['pdf']['header'] = $pdf['header']; $response['award_additional_materials']['pdf']['header'] = $pdf['header'];
@ -456,8 +485,9 @@ function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
exit; exit;
} }
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'"); $q = $pdo->prepare("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
$fair = mysql_fetch_assoc($q); $q->execute();
$fair = $q->fetch(PDO::FETCH_ASSOC);
$response = array(); $response = array();
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response); if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);

View File

@ -4,12 +4,14 @@ require_once('user.inc.php');
if($_POST['schoolid'] && $_POST['accesscode']) if($_POST['schoolid'] && $_POST['accesscode'])
{ {
$q=mysql_query("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_POST['schoolid']."' AND accesscode='".$_POST['accesscode']."' AND year='".$config['FAIRYEAR']."'");
if(mysql_num_rows($q)==1) $q->execute();
if($q->rowCount()==1)
{ {
$_SESSION['schoolid']=$_POST['schoolid']; $_SESSION['schoolid']=$_POST['schoolid'];
$_SESSION['schoolaccesscode']=$_POST['accesscode']; $_SESSION['schoolaccesscode']=$_POST['accesscode'];
mysql_query("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'"); $stmt = $pdo->prepare("UPDATE schools SET lastlogin=NOW() WHERE id='".$_POST['schoolid']."'");
$stmt->execute();
} }
else else
@ -28,9 +30,10 @@ send_header("School Access");
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
{ {
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $q->execute();
$school=mysql_fetch_object($q); echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
if($school) { if($school) {
if($_POST['action']=="save") { if($_POST['action']=="save") {
@ -65,27 +68,29 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
} }
mysql_query("UPDATE schools SET $stmt = $pdo->prepare("UPDATE schools SET
school='".mysql_escape_string(stripslashes($_POST['school']))."', school='".stripslashes($_POST['school'])."',
address='".mysql_escape_string(stripslashes($_POST['address']))."', address='".stripslashes($_POST['address'])."',
city='".mysql_escape_string(stripslashes($_POST['city']))."', city='".stripslashes($_POST['city'])."',
province_code='".mysql_escape_string(stripslashes($_POST['province_code']))."', province_code='".stripslashes($_POST['province_code'])."',
postalcode='".mysql_escape_string(stripslashes($_POST['postalcode']))."', postalcode='".stripslashes($_POST['postalcode'])."',
phone='".mysql_escape_string(stripslashes($_POST['phone']))."', phone='".stripslashes($_POST['phone'])."',
$sciencehead_update $sciencehead_update
fax='".mysql_escape_string(stripslashes($_POST['fax']))."' fax='".stripslashes($_POST['fax'])."'
WHERE id='$school->id'"); WHERE id='$school->id'");
$stmt->execute();
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_error()) if($pdo->errorInfo())
echo error(i18n("An Error occured trying to save the school information")); echo error(i18n("An Error occured trying to save the school information"));
else else
echo happy(i18n("School information successfully updated")); echo happy(i18n("School information successfully updated"));
//and reselect it //and reselect it
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $q->execute();
$school=mysql_fetch_object($q); echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
} }
/* /*
@ -97,11 +102,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
senior='".$_POST['senior']."' senior='".$_POST['senior']."'
WHERE id='$school->id'"); WHERE id='$school->id'");
echo mysql_error(); echo $pdo->errorInfo();
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'"); $q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."'");
echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n"; echo "<font color=blue><b>Participation Information Successfully Updated</b></font><br>\n";
$school=mysql_fetch_object($q); $school=$q->fetch(PDO::FETCH_OBJ);
} }
*/ */
@ -221,9 +226,10 @@ else {
<select name="schoolid"> <select name="schoolid">
<option value=""><?=i18n("Choose your school")?></option> <option value=""><?=i18n("Choose your school")?></option>
<? <?
$q=mysql_query("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school"); $q=$pdo->prepare("SELECT id,school,city FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
$q->execute();
$prev="somethingthatdoesnotexist"; $prev="somethingthatdoesnotexist";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($r->school==$prev) if($r->school==$prev)
echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n"; echo "<option value=\"$r->id\">$r->school ($r->city)</option>\n";

View File

@ -7,9 +7,10 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<a href=\"schoolaccess.php\">&lt;&lt; ".i18n("Return to school access main page")."</a><br />"; echo "<a href=\"schoolaccess.php\">&lt;&lt; ".i18n("Return to school access main page")."</a><br />";
echo "<br />"; echo "<br />";
$q=mysql_query("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'"); $q=$pdo->prepare("SELECT * FROM schools WHERE id='".$_SESSION['schoolid']."' AND accesscode='".$_SESSION['schoolaccesscode']."' AND year='".$config['FAIRYEAR']."'");
echo mysql_error(); $q->execute();
$school=mysql_fetch_object($q); echo $pdo->errorInfo();
$school=$q->fetch(PDO::FETCH_OBJ);
if($school) if($school)
{ {
if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" ) if($config['participant_registration_type']=="invite" || $config['participant_registration_type']=="openorinvite" )
@ -19,8 +20,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade']) if($_POST['firstname'] && $_POST['lastname'] && $_POST['email'] && $_POST['grade'])
{ {
//make sure they arent already invited! //make sure they arent already invited!
$q=mysql_query("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'"); $q=$pdo->prepare("SELECT firstname, lastname FROM students WHERE year='".$config['FAIRYEAR']."' AND email='".$_POST['email']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
echo error(i18n("That students email address has already been invited")); echo error(i18n("That students email address has already been invited"));
} }
@ -34,11 +36,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
//random number between //random number between
//100000 and 999999 (six digit integer) //100000 and 999999 (six digit integer)
$regnum=rand(100000,999999); $regnum=rand(100000,999999);
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']); $q=$pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
}while(mysql_num_rows($q)>0); $q->execute();
}while($q->rowCount()>0);
//actually insert it //actually insert it
mysql_query("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (". $stmt = $pdo->prepare("INSERT INTO registrations (num,email,emailcontact,start,status,year) VALUES (".
"'$regnum',". "'$regnum',".
"'".$_POST['email']."',". "'".$_POST['email']."',".
"'".$_POST['emailcontact']."',". "'".$_POST['emailcontact']."',".
@ -46,16 +49,18 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
"'open',". "'open',".
$config['FAIRYEAR']. $config['FAIRYEAR'].
")"); ")");
$regid=mysql_insert_id(); $stmt->execute();
$regid=$pdo->lastInsertId();
mysql_query("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO students (registrations_id,email,firstname,lastname,schools_id,grade,year) VALUES (
'$regid', '$regid',
'".mysql_escape_string($_POST['email'])."', '".$_POST['email']."',
'".mysql_escape_string($_POST['firstname'])."', '".$_POST['firstname']."',
'".mysql_escape_string($_POST['lastname'])."', '".$_POST['lastname']."',
'".mysql_escape_string($_SESSION['schoolid'])."', '".$_SESSION['schoolid']."',
'".mysql_escape_string($_POST['grade'])."', '".$_POST['grade']."',
'".$config['FAIRYEAR']."')"); '".$config['FAIRYEAR']."')");
$stmt->execute();
email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email'])); email_send("new_participant",$_POST['email'],array(),array("REGNUM"=>$regnum, "EMAIL"=>$_POST['email']));
if($_POST['emailcontact']) if($_POST['emailcontact'])
@ -70,19 +75,26 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
if($_GET['action']=="uninvite") if($_GET['action']=="uninvite")
{ {
//first, make sure that this is really their student, and it sfor this year. //first, make sure that this is really their student, and it sfor this year.
$q=mysql_query("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'"); $q=$pdo->prepare("SELECT * FROM students WHERE id='".$_GET['uninvite']."' AND year='".$config['FAIRYEAR']."' AND schools_id='".$_SESSION['schoolid']."'");
if(mysql_num_rows($q)) $q->execute();
if($q->rowCount())
{ {
$r=mysql_fetch_object($q); $r=$q->fetch(PDO::FETCH_OBJ);
$registrations_id=$r->registrations_id; $registrations_id=$r->registrations_id;
if($registrations_id) //just to be safe! if($registrations_id) //just to be safe!
{ {
mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'"); $stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM projects WHERE registrations_id='$registrations_id'"); $stmt->execute();
mysql_query("DELETE FROM mentors WHERE registrations_id='$registrations_id'"); $stmt = $pdo->prepare("DELETE FROM projects WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM safety WHERE registrations_id='$registrations_id'"); $stmt->execute();
mysql_query("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'"); $stmt = $pdo->prepare("DELETE FROM mentors WHERE registrations_id='$registrations_id'");
mysql_query("DELETE FROM registrations WHERE id='$registrations_id'"); $stmt->execute();
$stmt = $pdo->prepare("DELETE FROM safety WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM emergencycontact WHERE registrations_id='$registrations_id'");
$stmt->execute();
$stmt = $pdo->prepare("DELETE FROM registrations WHERE id='$registrations_id'");
$stmt->execute();
echo happy(i18n("Student successfully uninvited")); echo happy(i18n("Student successfully uninvited"));
} }
@ -92,11 +104,12 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
} }
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck");
$datecheck=mysql_fetch_object($q); $q->execute();
$datecheck=$q->fetch(PDO::FETCH_OBJ);
$q=mysql_query("SELECT $q=$pdo->prepare("SELECT
students.*, students.*,
registrations.num, registrations.num,
registrations.emailcontact registrations.emailcontact
@ -111,7 +124,8 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
ORDER BY ORDER BY
lastname, lastname,
firstname"); firstname");
$currentinvited=mysql_num_rows($q); $q->execute();
$currentinvited=$q->rowCount();
if($datecheck!=0) { if($datecheck!=0) {
echo i18n("In order for your school's students to register for the fair, you will need to invite them to register. Simply enter their email address below to invite them to register. <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project"); echo i18n("In order for your school's students to register for the fair, you will need to invite them to register. Simply enter their email address below to invite them to register. <b>Important</b>: for group projects, only add one of the participants, that participant will then add the other group member(s) to the project");
@ -138,10 +152,11 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
} }
else if($school->projectlimitper=="agecategory") { else if($school->projectlimitper=="agecategory") {
echo "<br />"; echo "<br />";
$catq=mysql_query("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id"); $catq=$pdo->prepare("SELECT * FROM projectcategories WHERE year='".$config['FAIRYEAR']."' ORDER BY id");
while($catr=mysql_fetch_object($catq)) { $catq->execute();
while($catr=$catq->fetch(PDO::FETCH_OBJ)) {
$q2=mysql_query("SELECT COUNT(students.id) AS num $q2=$pdo->prepare("SELECT COUNT(students.id) AS num
FROM FROM
students, students,
registrations registrations
@ -153,8 +168,9 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
AND students.registrations_id=registrations.id AND students.registrations_id=registrations.id
GROUP BY registrations.num GROUP BY registrations.num
"); ");
echo mysql_error(); $q2->execute();
$r2=mysql_fetch_object($q2); echo $pdo->errorInfo();
$r2=$q2->fetch(PDO::FETCH_OBJ);
$currentinvited=$r2->num; $currentinvited=$r2->num;
if($currentinvited<$school->projectlimit || $school->projectlimit==0) { if($currentinvited<$school->projectlimit || $school->projectlimit==0) {
@ -221,7 +237,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<br />"; echo "<br />";
echo "<h4>".i18n("Invited participants from your school")."</h4>"; echo "<h4>".i18n("Invited participants from your school")."</h4>";
if(mysql_num_rows($q)) { if($q->rowCount()) {
echo "<table class=\"summarytable\">"; echo "<table class=\"summarytable\">";
echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>"; echo "<tr><th>".i18n("Last Name")."</th><th>".i18n("First Name")."</th>";
echo "<th>".i18n("Email Address")."</th>"; echo "<th>".i18n("Email Address")."</th>";
@ -229,7 +245,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'])
echo "<th>".i18n("Registration Number")."</th>"; echo "<th>".i18n("Registration Number")."</th>";
echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>"; echo "<th colspan=\"2\">".i18n("Actions")."</th></tr>";
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<tr><td>$r->lastname</td><td>$r->firstname</td>"; echo "<tr><td>$r->lastname</td><td>$r->firstname</td>";
echo "<td>$r->email"; echo "<td>$r->email";
if($r->emailcontact) if($r->emailcontact)

View File

@ -27,12 +27,14 @@ exit;
include "../common.inc.php"; include "../common.inc.php";
$projq=mysql_query("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'"); $projq=$pdo->prepare("SELECT id FROM registrations WHERE status='complete' OR status='paymentpending' AND year='2008'");
while($projr=mysql_fetch_object($projq)) $projq->execute();
while($projr=$projq->fetch(PDO::FETCH_OBJ))
{ {
$reg_id=$projr->id; $reg_id=$projr->id;
$q=mysql_query("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'"); $q=$pdo->prepare("SELECT projects.projectcategories_id, projects.projectdivisions_id FROM projects WHERE registrations_id='$reg_id'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
$projectnumber=$config['project_num_format']; $projectnumber=$config['project_num_format'];
//first replace the division and category //first replace the division and category
@ -41,15 +43,16 @@ include "../common.inc.php";
//now change the N to a % so we can use it as a wildcard //now change the N to a % so we can use it as a wildcard
$querynum=str_replace('N','%',$projectnumber); $querynum=str_replace('N','%',$projectnumber);
$searchq=mysql_query("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'"); $searchq=$pdo->prepare("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'");
$searchq->execute();
print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n"); print("SELECT projectnumber FROM projects WHERE year='".$config['FAIRYEAR']."' AND projectnumber LIKE '$querynum'\n");
$searchnum=mysql_num_rows($searchq); $searchnum=$searchq->rowCount();
echo "searchnum=$searchnum \n"; echo "searchnum=$searchnum \n";
if(mysql_num_rows($searchq)) if($searchq->rowCount())
{ {
//first, put them all in an array //first, put them all in an array
$proj_nums=array(); $proj_nums=array();
while($searchr=mysql_fetch_object($searchq)) while($searchr=$searchq->fetch(PDO::FETCH_OBJ))
{ {
$proj_nums[]=$searchr->projectnumber; $proj_nums[]=$searchr->projectnumber;
} }
@ -77,7 +80,8 @@ include "../common.inc.php";
} }
$projectnumber=str_replace('N',$Nnum,$projectnumber); $projectnumber=str_replace('N',$Nnum,$projectnumber);
mysql_query("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'"); $stmt = $pdo->prepare("UPDATE projects SET projectnumber='$projectnumber' WHERE registrations_id='$reg_id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
if($projectnumber) if($projectnumber)
{ {
echo "Assigned new project number $projectnumber\n"; echo "Assigned new project number $projectnumber\n";

View File

@ -25,9 +25,10 @@ echo "To run this script, edit it and comment out the 'exit' (and this message)
exit; exit;
include "../common.inc.php"; include "../common.inc.php";
mysql_query("DELETE FROM tours_choice WHERE year='2008'"); $stmt = $po->prepare("DELETE FROM tours_choice WHERE year='2008'");
$stmt->execute();
$q=mysql_query("SELECT students.id AS students_id, $q=$pdo->prepare("SELECT students.id AS students_id,
registrations.id AS registrations_id registrations.id AS registrations_id
FROM registrations, FROM registrations,
students students
@ -36,14 +37,17 @@ $q=mysql_query("SELECT students.id AS students_id,
AND registrations.year='2008' AND registrations.year='2008'
AND students.registrations_id=registrations.id AND students.registrations_id=registrations.id
AND students.year='2008'"); AND students.year='2008'");
while($r=mysql_fetch_object($q)) $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$tq=mysql_query("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r"); $tq=$pdo->prepare("SELECT tours.id, RAND() AS r FROM tours WHERE year='2008' ORDER BY r");
$tq->execute();
$rank=1; $rank=1;
while($tr=mysql_fetch_object($tq)) { while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
mysql_query("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES ( $stmt = $pdo->prepare("INSERT INTO tours_choice (students_id,registrations_id,tour_id,year,rank) VALUES (
'$r->students_id','$r->registrations_id','$tr->id','2008','$rank' '$r->students_id','$r->registrations_id','$tr->id','2008','$rank'
)"); )");
$stmt->execute();
$rank++; $rank++;
} }
echo "Assigned student $r->students_id\n"; echo "Assigned student $r->students_id\n";

View File

@ -32,9 +32,12 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1) if(count($argv)>1)
{ {
echo "TRUNCATING TABLE DATA....\n"; echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE registrations"); $stmt = $pdo->prepare("TRUNCATE TABLE registrations");
mysql_query("TRUNCATE TABLE students"); $stmt->execute();
mysql_query("TRUNCATE TABLE projects"); $stmt = $pdo->prepare("TRUNCATE TABLE students");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE projects");
$stmt->execute();
echo "DONE.\n\n"; echo "DONE.\n\n";
} }
?> ?>

View File

@ -32,11 +32,16 @@ echo "IF YOU ARE SURE YOU WANT TO RUN THIS, SET AN ARGUMENT TO THE SCRIPT, EG 'p
if(count($argv)>1) if(count($argv)>1)
{ {
echo "TRUNCATING TABLE DATA....\n"; echo "TRUNCATING TABLE DATA....\n";
mysql_query("TRUNCATE TABLE judges_teams"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams");
mysql_query("TRUNCATE TABLE judges_teams_awards_link"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_teams_link"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_awards_link");
mysql_query("TRUNCATE TABLE judges_teams_timeslots_link"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_teams_timeslots_projects_link"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_link");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_teams_timeslots_projects_link");
$stmt->execute();
echo "DONE.\n\n"; echo "DONE.\n\n";
} }
?> ?>

View File

@ -28,11 +28,16 @@ include "../common.inc.php";
$numjudges=200; $numjudges=200;
mysql_query("TRUNCATE TABLE judges"); $stmt = $pdo->prepare("TRUNCATE TABLE judges");
mysql_query("TRUNCATE TABLE judges_catpref"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_expertise"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_catpref");
mysql_query("TRUNCATE TABLE judges_years"); $stmt->execute();
mysql_query("TRUNCATE TABLE judges_languages"); $stmt = $pdo->prepare("TRUNCATE TABLE judges_expertise");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_years");
$stmt->execute();
$stmt = $pdo->prepare("TRUNCATE TABLE judges_languages");
$stmt->execute();
function getrand($ar) function getrand($ar)
@ -109,8 +114,9 @@ for($x=0;$x<$numjudges;$x++)
$compnum=rand(0,20); $compnum=rand(0,20);
if($compnum==1) $complete="no"; else $complete="yes"; if($compnum==1) $complete="no"; else $complete="yes";
$q=mysql_query("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')"); $q=$pdo->prepare("INSERT INTO judges (firstname,lastname,email,years_school,years_regional,years_national,willing_chair,complete) VALUES ('$firstname','$lastname','$email','$years_school','$years_regional','$years_national','$willing_chair','$complete')");
$id=mysql_insert_id(); $q->execute();
$id=$pdo->lastInsertId();
//for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3 //for both these, the annealer expects -2 to 2 , but since expertise was done waaaaaay before as 1-5 we'll add it as 1-5 and the annealer will subtract 3
//to compensate //to compensate
@ -119,30 +125,37 @@ for($x=0;$x<$numjudges;$x++)
for($a=1;$a<=3;$a++) for($a=1;$a<=3;$a++)
{ {
$catrank=rand(-2,2); $catrank=rand(-2,2);
mysql_query("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_catpref (judges_id,projectcategories_id,rank,year) VALUES ('$id','$a','$catrank','2007')");
$stmt->execute();
} }
//expertise is ranked 1-5 //expertise is ranked 1-5
for($a=1;$a<=6;$a++) for($a=1;$a<=6;$a++)
{ {
$divrank=rand(1,5); $divrank=rand(1,5);
mysql_query("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_expertise (judges_id,projectdivisions_id,val,year) VALUES ('$id','$a','$divrank','2007')");
$stmt->execute();
} }
//and add the record to the judges_years table so they will be 'active' for this year //and add the record to the judges_years table so they will be 'active' for this year
mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')"); $stmt = $pdo->prepare("INSERT INTO judges_years (judges_id,year) VALUES ('$id','2007')");
$stmt->execute();
//60% chance they only speak english //60% chance they only speak english
//20% chance they only speak french //20% chance they only speak french
//20% chance they are bilingual //20% chance they are bilingual
$num=rand(0,100); $num=rand(0,100);
if($num<60) if($num<60)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')"); {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
$stmt->execute();}
else if($num<80) else if($num<80)
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')"); {$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();}
else { else {
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')"); $stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','en')");
mysql_query("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')"); $stmt->execute();
$stmt = $pdo->prepare("INSERT INTO judges_languages (judges_id,languages_lang) VALUES ('$id','fr')");
$stmt->execute();
} }

View File

@ -49,8 +49,9 @@ $nouns=array("age","animal","arm","baby","ball","bat","bear","boat","camp","car"
$starters=array("effects of","study of","analysis of"); $starters=array("effects of","study of","analysis of");
$joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with"); $joiners=array("on","combined with","broken apart by","burned with","attacked by","left alone with");
$numschools=mysql_query("SELECT id FROM schools WHERE year='2011'"); $numschools=$pdo->prepare("SELECT id FROM schools WHERE year='2011'");
while($s=mysql_fetch_object($numschools)) $numschools->execute();
while($s=$numschools->fetch(PDO::FETCH_OBJ))
{ {
//1 in 4 chance of actually using this school //1 in 4 chance of actually using this school
$o=rand(1,4); $o=rand(1,4);
@ -67,8 +68,9 @@ for($x=0;$x<$numprojects;$x++)
$pd=rand(1,$prob_unpaid); $pd=rand(1,$prob_unpaid);
if($pd==1) $status='paymentpending'; else $status='complete'; if($pd==1) $status='paymentpending'; else $status='complete';
$q=mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)"); $q=$pdo->prepare("INSERT INTO registrations (num,email,start,status,year) VALUES ('$regnum','$email',NOW(),'$status',2011)");
if($id=mysql_insert_id()) $q->execute();
if($id=$pdo->lastInsertId())
{ {
$peeps=rand(1,$prob_dual); $peeps=rand(1,$prob_dual);
@ -88,8 +90,8 @@ for($x=0;$x<$numprojects;$x++)
$firstname=getrand($firstnames); $firstname=getrand($firstnames);
$email=strtolower($firstname)."@".getrand($domains); $email=strtolower($firstname)."@".getrand($domains);
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')"); $stmt = $pdo->prepare("INSERT INTO students (registrations_id,firstname,lastname,email,sex,grade,year,schools_id) VALUES ('$id','$firstname','".getrand($lastnames)."','$email','$sex','$grade','2011','$schools_id')");
$stmt->execute();
} }
$div=rand(1,6); $div=rand(1,6);
@ -105,8 +107,8 @@ for($x=0;$x<$numprojects;$x++)
if($langnum<4) $lang="fr"; else $lang="en"; if($langnum<4) $lang="fr"; else $lang="en";
mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')"); $stmt = $pdo->prepare("INSERT INTO projects (registrations_id,projectcategories_id,projectdivisions_id,title,year,req_electricity,req_table,language) VALUES ('$id','$cat','$div','$title $lang',2011,'$req_e','$req_t','$lang')");
$stmt->execute();
} }
} }

View File

@ -28,17 +28,19 @@
function roll($currentfairyear, $newfairyear, $table, $fields) function roll($currentfairyear, $newfairyear, $table, $fields)
{ {
$q=mysql_query("SELECT * FROM $table WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM $table WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
$names = '`'.join('`,`', $fields).'`'; $names = '`'.join('`,`', $fields).'`';
while($r=mysql_fetch_assoc($q)) { while($r=$q->fetch(PDO::FETCH_ASSOC)) {
$vals = ''; $vals = '';
foreach($fields as $f) { foreach($fields as $f) {
$vals .= ",'".mysql_real_escape_string($r[$f])."'"; $vals .= ",'".$r[$f]."'";
} }
mysql_query("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)"); $stmt = $pdo->prepare("INSERT INTO $table(`year`,$names) VALUES ('$newfairyear'$vals)");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
} }
} }
@ -47,35 +49,36 @@ $newfairyear=2010;
echo i18n("Rolling schools")."<br />"; echo i18n("Rolling schools")."<br />";
//award types //award types
$q=mysql_query("SELECT * FROM schools WHERE year='$currentfairyear'"); $q=$pdo->prepare("SELECT * FROM schools WHERE year='$currentfairyear'");
echo mysql_error(); $q->execute();
while($r=mysql_fetch_object($q)) { echo $pdo->errorInfo();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
mysql_query("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES ( $stmt = $pdo->prepare("INSERT INTO schools (school,schoollang,schoollevel,board,district,phone,fax,address,city,province_code,postalcode,principal_uid,schoolemail,sciencehead_uid,accesscode,lastlogin,junior,intermediate,senior,registration_password,projectlimit,projectlimitper,year) VALUES (
'".mysql_real_escape_string($r->school)."', '".$r->school."',
'".mysql_real_escape_string($r->schoollang)."', '".$r->schoollang."',
'".mysql_real_escape_string($r->schoollevel)."', '".$r->schoollevel."',
'".mysql_real_escape_string($r->board)."', '".$r->board."',
'".mysql_real_escape_string($r->district)."', '".$r->district."',
'".mysql_real_escape_string($r->phone)."', '".$r->phone."',
'".mysql_real_escape_string($r->fax)."', '".$r->fax."',
'".mysql_real_escape_string($r->address)."', '".$r->address."',
'".mysql_real_escape_string($r->city)."', '".$r->city."',
'".mysql_real_escape_string($r->province_code)."', '".$r->province_code."',
'".mysql_real_escape_string($r->postalcode)."',$puid, '".$r->postalcode."',$puid,
'".mysql_real_escape_string($r->schoolemail)."',$shuid, '".$r->schoolemail."',$shuid,
'".mysql_real_escape_string($r->accesscode)."', '".$r->accesscode."',
NULL, NULL,
'".mysql_real_escape_string($r->junior)."', '".$r->junior."',
'".mysql_real_escape_string($r->intermediate)."', '".$r->intermediate."',
'".mysql_real_escape_string($r->senior)."', '".$r->senior."',
'".mysql_real_escape_string($r->registration_password)."', '".$r->registration_password."',
'".mysql_real_escape_string($r->projectlimit)."', '".$r->projectlimit."',
'".mysql_real_escape_string($r->projectlimitper)."', '".$r->projectlimitper."',
'".mysql_real_escape_string($newfairyear)."')"); '".$newfairyear."')");
$stmt->execute();
} }
?> ?>

View File

@ -31,8 +31,9 @@
send_header("Sponsor Main", array()); send_header("Sponsor Main", array());
$u=user_load($_SESSION['users_id']); $u=user_load($_SESSION['users_id']);
//print_r($u); //print_r($u);
$q=mysql_query("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'"); $q=$pdo->prepare("SELECT * FROM sponsors WHERE id='".$u['sponsors_id']."'");
$sponsor=mysql_fetch_object($q); $q->execute();
$sponsor=$q->fetch(PDO::FETCH_OBJ);
//only display the named greeting if we have their name //only display the named greeting if we have their name
echo i18n("Hello <b>%1</b>",array($_SESSION['name'])); echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
@ -49,7 +50,7 @@
echo "</table>\n"; echo "</table>\n";
echo "<h2>Your Sponsorships</h2>\n"; echo "<h2>Your Sponsorships</h2>\n";
$sq=mysql_query("SELECT fundraising_donations.id, $sq=$pdo->prepare("SELECT fundraising_donations.id,
sponsors.organization, sponsors.organization,
fundraising_donations.value, fundraising_donations.value,
fundraising_donations.status, fundraising_donations.status,
@ -62,7 +63,8 @@
AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}' AND fundraising_goals.fiscalyear='{$config['FISCALYEAR']}'
AND sponsors.id='".$u['sponsors_id']."' AND sponsors.id='".$u['sponsors_id']."'
ORDER BY status DESC, probability DESC, organization"); ORDER BY status DESC, probability DESC, organization");
echo mysql_error(); $sq->execute();
echo $pdo->errorInfo();
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
echo "<tr>"; echo "<tr>";
@ -72,7 +74,7 @@
echo " <th>".i18n("Action")."</th>"; echo " <th>".i18n("Action")."</th>";
echo "</tr>\n"; echo "</tr>\n";
$total=0; $total=0;
while($sr=mysql_fetch_object($sq)) { while($sr=$sq->fetch(PDO::FETCH-OBJ)) {
echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">"; echo "<tr id=\"donations_$sr->id\" class=\"fundraising{$sr->status}\">";
echo "<td>$sr->name</td>\n"; echo "<td>$sr->name</td>\n";
echo "<td>$sr->status</td>"; echo "<td>$sr->status</td>";
@ -94,14 +96,15 @@
echo "<br />\n"; echo "<br />\n";
echo "<h2>Donor Levels</h2>\n"; echo "<h2>Donor Levels</h2>\n";
$q=mysql_query("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC"); $q=$pdo->prepare("SELECT * FROM fundraising_donor_levels WHERE year='".$config['FISCALYEAR']."' ORDER BY max DESC");
$q->execute();
echo "<table class=\"tableview\">"; echo "<table class=\"tableview\">";
echo "<th></th><th>".i18n("Level")."</th>"; echo "<th></th><th>".i18n("Level")."</th>";
echo "<th>".i18n("Description / Benefits")."</th>\n"; echo "<th>".i18n("Description / Benefits")."</th>\n";
echo "<th>".i18n("Range")."</th>\n"; echo "<th>".i18n("Range")."</th>\n";
echo "</tr>\n"; echo "</tr>\n";
$first=true; $first=true;
while($r=mysql_fetch_object($q)) { while($r=$q->fetch(PDO::FETCH_OBJ)) {
echo "<tr>"; echo "<tr>";
echo "<td>"; echo "<td>";
if($total>=$r->min && $total<=$r->max) { if($total>=$r->min && $total<=$r->max) {

View File

@ -365,8 +365,9 @@ class TableEditor
$inputsize = 0; $inputsize = 0;
//figure out what kind of input this should be //figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'"); $q=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs)) if(ereg("([a-z]*)\(([0-9,]*)\)",$r->Type,$regs))
{ {
@ -466,8 +467,9 @@ class TableEditor
$query.=" FROM `{$this->table}`"; $query.=" FROM `{$this->table}`";
$query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'"; $query.=" WHERE {$this->primaryKey}='{$_GET['edit']}'";
if($this->DEBUG) echo $query; if($this->DEBUG) echo $query;
$editquery=mysql_query($query); $editquery=$pdo->prepare($query);
$editdata=mysql_fetch_assoc($editquery); $editquery->execute();
$editdata=$editquery->fetch(PDO::FETCH_ASSOC);
return $editdata; return $editdata;
} }
@ -503,12 +505,14 @@ class TableEditor
} }
if($this->DEBUG) echo $query; if($this->DEBUG) echo $query;
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
function defaultDelete($keyval) function defaultDelete($keyval)
{ {
mysql_query("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'"); $stmt = $pdo->prepare("DELETE FROM {$this->table} WHERE {$this->primaryKey}='{$keyval}'");
$stmt->execute();
echo happy(i18n("Successfully deleted %1",array($this->recordType))); echo happy(i18n("Successfully deleted %1",array($this->recordType)));
} }
@ -586,8 +590,8 @@ class TableEditor
else if($inputtype == 'time') //r->Type=="time") else if($inputtype == 'time') //r->Type=="time")
{ {
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") { if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") {
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":". $editdata[$f] = "'".stripslashes($_POST[$f."_hour"]).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00'"; stripslashes($_POST[$f."_minute"]).":00'";
} else { } else {
$editdata[$f] = 'NULL'; $editdata[$f] = 'NULL';
} }
@ -608,13 +612,13 @@ class TableEditor
{ {
//chose the text field first, if its been filled in, otherwise, go with the select box //chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"]) if($_POST[$f."_text"])
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."'"; $editdata[$f] = "'".stripslashes($_POST[$f."_text"])."'";
else if($_POST[$f."_select"]) else if($_POST[$f."_select"])
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."'"; $editdata[$f] = "'".stripslashes($_POST[$f."_select"])."'";
else else
{ {
//maybe the options were over-wridden, if so, just check the field name //maybe the options were over-wridden, if so, just check the field name
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'"; $editdata[$f] = "'".stripslashes($_POST[$f])."'";
} }
} }
@ -624,9 +628,9 @@ class TableEditor
//but allow them to enter http:// or https:// themselves. //but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http:// //if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http") if(substr(strtolower($_POST[$f]),0,4)=="http")
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'"; $editdata[$f] = "'".stripslashes($_POST[$f])."'";
else else
$editdata[$f] = "'http://".mysql_escape_string(stripslashes($_POST[$f]))."'"; $editdata[$f] = "'http://".stripslashes($_POST[$f])."'";
} }
else if(substr($f,0,8)=="filename" && $this->uploadPath) else if(substr($f,0,8)=="filename" && $this->uploadPath)
@ -637,7 +641,7 @@ class TableEditor
if(file_exists($this->uploadPath."/".$_FILES[$f]['name'])) if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten")); echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']); move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$editdata[$f] = "'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."'"; $editdata[$f] = "'".stripslashes($_FILES[$f]['name'])."'";
} }
else else
{ {
@ -653,9 +657,9 @@ class TableEditor
else else
{ {
if($this->fieldValidation[$f]) if($this->fieldValidation[$f])
$editdata[$f] = "'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."'"; $editdata[$f] = "'".stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f]))."'";
else else
$editdata[$f] = "'".mysql_escape_string(stripslashes($_POST[$f]))."'"; $editdata[$f] = "'".stripslashes($_POST[$f])."'";
} }
} }
@ -691,9 +695,9 @@ class TableEditor
// if($this->DEBUG) echo $query; // if($this->DEBUG) echo $query;
// mysql_query($query); // mysql_query($query);
if(mysql_error()) if($pdo->errorInfo())
{ {
echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error()))); echo error(i18n("Error $text_error %1: %2",array($this->recordType,$pdo->errorInfo())));
} }
else else
{ {
@ -811,7 +815,8 @@ class TableEditor
case "enum": case "enum":
break; break;
case "select_or_text": case "select_or_text":
$optq=mysql_query("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f"); $optq=$pdo->prepare("SELECT DISTINCT($f) AS $f FROM `{$this->table}` ORDER BY $f");
$optq->execute();
if($this->fieldInputOptions[$f]) if($this->fieldInputOptions[$f])
echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">"; echo "<select ".$this->fieldInputOptions[$f]." id=\"".$f."_select\" name=\"".$f."_select\">";
else else
@ -829,7 +834,7 @@ class TableEditor
} }
// print_r($this->fieldOptions[$f]); // print_r($this->fieldOptions[$f]);
while($opt=mysql_fetch_object($optq)) while($opt=$optq->fetch(PDO::FETCH_OBJ))
{ {
if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f])) if(is_array($this->fieldOptions[$f]) && in_array($opt->$f,$this->fieldOptions[$f]))
continue; continue;
@ -1041,8 +1046,9 @@ class TableEditor
} }
//put in some paganation stuff here. //put in some paganation stuff here.
$foundrowsq=mysql_query("SELECT FOUND_ROWS() AS f"); $foundrowsq=$pdo->prepare("SELECT FOUND_ROWS() AS f");
$foundrowsr=mysql_fetch_object($foundrowsq); $foundrowsq->execute();
$foundrowsr=$foundrowsq->fetch(PDO::FETCH_OBJ);
$foundrows=$foundrowsr->f; $foundrows=$foundrowsr->f;
if($foundrows>$this->rowsPerPage) if($foundrows>$this->rowsPerPage)
@ -1138,7 +1144,7 @@ class TableEditor
echo " (Total: $foundrows)\n"; echo " (Total: $foundrows)\n";
if(mysql_num_rows($q)) if($q->rowCount())
{ {
echo "<table cellspacing=\"0\" class=\"tableview\">"; echo "<table cellspacing=\"0\" class=\"tableview\">";
echo "<tr>"; echo "<tr>";
@ -1151,14 +1157,15 @@ class TableEditor
} }
echo "<th>".i18n("Actions")."</th>"; echo "<th>".i18n("Actions")."</th>";
echo "</tr>"; echo "</tr>";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
echo "<tr>"; echo "<tr>";
foreach($this->listfields AS $f=>$n) foreach($this->listfields AS $f=>$n)
{ {
//figure out what kind of input this should be //figure out what kind of input this should be
$typeq=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'"); $typeq=$pdo->prepare("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$typer=mysql_fetch_object($typeq); $typeq->execute();
$typer=$typeq->fetCh(PDO::fETCH_OBJ);
if($typer->Type=="time") if($typer->Type=="time")
echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>"; echo "<td valign=\"top\">".$this->format_time($r->$f)."</td>";
else if($typer->Type=="date") else if($typer->Type=="date")

View File

@ -78,16 +78,17 @@ function tableEditorLoad()
// print("Loading Judge ID $id\n"); // print("Loading Judge ID $id\n");
$q=mysql_query("SELECT tours.* $q=$pdo->prepare("SELECT tours.*
FROM tours FROM tours
WHERE tours.id='$id'"); WHERE tours.id='$id'");
echo mysql_error(); $q->execute();
echo $pdo->errorInfo();
/* We assume that the field names in the array we want to return /* We assume that the field names in the array we want to return
* are the same as those in the database, so we'll turn the entire * are the same as those in the database, so we'll turn the entire
* query into a single associative array */ * query into a single associative array */
$j = mysql_fetch_assoc($q); $j = $q->fetch(PDO::FETCH_ASSOC);
return $j; return $j;
} }
@ -104,8 +105,9 @@ function tableEditorSave($data)
/* Construct an insert query if we have to */ /* Construct an insert query if we have to */
if($this->id == false) { if($this->id == false) {
$query = "INSERT INTO tours (id) VALUES ('')"; $query = "INSERT INTO tours (id) VALUES ('')";
mysql_query($query); $stmt = $pdo->prepare($query);
$this->id = mysql_insert_id(); $stmt->execute();
$this->id = $pdo->lastInsertId();
} }
/* Give it a proper year when saving */ /* Give it a proper year when saving */
@ -123,7 +125,8 @@ function tableEditorSave($data)
$query .= " WHERE id='{$this->id}'"; $query .= " WHERE id='{$this->id}'";
// echo $query; // echo $query;
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
} }
@ -133,8 +136,10 @@ function tableEditorDelete()
$id = $this->id; $id = $this->id;
mysql_query("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'"); $stmt=$pdo->prepare("DELETE FROM tours_choice WHERE tour_id='$id' AND year=".$config['FAIRYEAR']."'");
mysql_query("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'"); $stmt->execute();
$stmt=$pdo->prepare("DELETE FROM tours WHERE id='$id' AND year='".$config['FAIRYEAR']."'");
$stmt->execute();
echo happy(i18n("Successfully removed tour from this year's fair")); echo happy(i18n("Successfully removed tour from this year's fair"));
} }

View File

@ -107,8 +107,9 @@ function user_load_judge(&$u)
} }
$specialawards=array(); $specialawards=array();
if($u['special_award_only']=='yes') { if($u['special_award_only']=='yes') {
$q=mysql_query("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'"); $q=$pdo->prepare("SELECT * FROM judges_specialaward_sel WHERE users_id='{$u['id']}'");
while($r=mysql_fetch_object($q)) { $q->execute();
while($r=$q->fetch(PDO::FETCH_OBJ)) {
$specialawards[]=$r->award_awards_id; $specialawards[]=$r->award_awards_id;
} }
} }
@ -143,8 +144,9 @@ function user_load_sponsor(&$u)
$u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no'; $u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no';
$u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no'; $u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no';
if($u['sponsors_id']) { if($u['sponsors_id']) {
$q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'"); $q=$pdo->prepare("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'");
$u['sponsor']=mysql_fetch_assoc($q); $q->execute();
$u['sponsor']=$q->fetch(PDO::FETCH_ASSOC);
} }
return true; return true;
} }
@ -200,7 +202,7 @@ function user_load($user, $uid = false)
$q=$pdo->query($query); $q=$pdo->query($query);
if($q->rowCount()!=1) { if($q->rowCount()!=1) {
// echo "Query [$query] returned ".mysql_num_rows($q)." rows\n"; // echo "Query [$query] returned ".$q->rowCount()." rows\n";
// echo "<pre>"; // echo "<pre>";
// print_r(debug_backtrace()); // print_r(debug_backtrace());
return false; return false;
@ -297,11 +299,11 @@ function user_load_by_uid($uid)
function user_load_by_email($email) function user_load_by_email($email)
{ {
/* Find the most recent uid for the email, regardless of deleted status */ /* Find the most recent uid for the email, regardless of deleted status */
$e = mysql_real_escape_string($email); $e = $email;
$q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1"); $q = $pdo->prepare("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1");
$q->execute();
if(mysql_num_rows($q) == 1) { if($q->rowCount() == 1) {
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC);
return user_load_by_uid($i['uid']); return user_load_by_uid($i['uid']);
} }
return false; return false;
@ -309,9 +311,10 @@ function user_load_by_email($email)
function user_load_by_uid_year($uid, $year) function user_load_by_uid_year($uid, $year)
{ {
$q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'"); $q = $pdo->prepare("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'");
if(!mysql_num_rows($q)) return false; $q->execute();
$i = mysql_fetch_assoc($q); if(!$q->rowCount()) return false;
$i = $q->fetch(PDO::FETCH_ASSOC);
return user_load($i['id']); return user_load($i['id']);
} }
@ -320,8 +323,9 @@ function user_set_password($id, $password = NULL)
/* pass $u by reference so we can update it */ /* pass $u by reference so we can update it */
$save_old = false; $save_old = false;
if($password == NULL) { if($password == NULL) {
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'"); $q = $pdo->prepare("SELECT passwordset FROM users WHERE id='$id'");
$u = mysql_fetch_assoc($q); $q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
/* Generate a new password */ /* Generate a new password */
$password = user_generate_password(12); $password = user_generate_password(12);
/* save the old password only if it's not an auto-generated one */ /* save the old password only if it's not an auto-generated one */
@ -334,13 +338,13 @@ function user_set_password($id, $password = NULL)
$save_set = 'NOW()'; $save_set = 'NOW()';
} }
$p = mysql_escape_string($password); $p = $password;
$set = ($save_old == true) ? 'oldpassword=password, ' : ''; $set = ($save_old == true) ? 'oldpassword=password, ' : '';
$set .= "password='$p', passwordset=$save_set "; $set .= "password='$p', passwordset=$save_set ";
$query = "UPDATE users SET $set WHERE id='$id'"; $query = "UPDATE users SET $set WHERE id='$id'";
mysql_query($query); $stmt = $pdo->prepare($query);
echo mysql_error(); echo $pdo->errorInfo();
return $password; return $password;
} }
@ -364,17 +368,18 @@ function user_save_type_list($u, $db, $fields)
} }
if(is_array($u[$f])) if(is_array($u[$f]))
$data = mysql_escape_string(serialize($u[$f])); $data = serialize($u[$f]);
else else
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "`$f`='$data'"; $set .= "`$f`='$data'";
} }
if($set != "") { if($set != "") {
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'"; $query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
if(mysql_error()) { $stmt->execute();
echo mysql_error(); if($pdo->errorInfo()) {
echo $pdo->errorInfo();
echo error("Full query: $query"); echo error("Full query: $query");
} }
} }
@ -452,7 +457,8 @@ function user_save(&$u)
exit; exit;
} }
//give em a record, the primary key on the table takes care of uniqueness //give em a record, the primary key on the table takes care of uniqueness
$q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')"); $q=$pdo->prepare("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
$q->execute();
} }
@ -472,7 +478,7 @@ function user_save(&$u)
if($f == 'types') if($f == 'types')
$set .= "$f='".implode(',', $u[$f])."'"; $set .= "$f='".implode(',', $u[$f])."'";
else { else {
$data = mysql_escape_string(stripslashes($u[$f])); $data = stripslashes($u[$f]);
$set .= "$f='$data'"; $set .= "$f='$data'";
} }
} }
@ -481,9 +487,10 @@ function user_save(&$u)
// echo "</pre>"; // echo "</pre>";
if($set != "") { if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'"; $query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query); $stmt = $pdo->prepare($query);
$stmt->execute();
// echo "query=[$query]"; // echo "query=[$query]";
echo mysql_error(); echo $pdo->errorInfo();
} }
/* Save the password if it changed */ /* Save the password if it changed */
@ -511,7 +518,8 @@ function user_save(&$u)
function user_delete_committee($u) function user_delete_committee($u)
{ {
mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'"); $stmt = $pdo->prepare("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'");
$stmt->execute();
} }
function user_delete_volunteer($u) function user_delete_volunteer($u)
@ -522,13 +530,18 @@ function user_delete_judge($u)
{ {
global $config; global $config;
$ids = array(); $ids = array();
$q = mysql_query("SELECT id FROM users WHERE uid = '{$u['uid']}'"); $q = $pdo->prepare("SELECT id FROM users WHERE uid = '{$u['uid']}'");
while($row = mysql_fetch_assoc($q)) $ids[] = $row['id']; $q->execute();
while($row = $q->fetch(PDO::FETCH_ASSOC)) $ids[] = $row['id'];
if(count($ids) > 0){ if(count($ids) > 0){
$idlist = implode(',', $ids); $idlist = implode(',', $ids);
mysql_query("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)"); $stmt = $pdo->prepare("DELETE FROM judges_teams_link WHERE users_id IN ($idlist)");
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)"); $stmt->execute();
$stmt = $pdo->prepare("DELETE FROM judges_specialawards_sel WHERE users_id IN($idlist)");
$stmt->execute();
} }
} }
function user_delete_fair($u) function user_delete_fair($u)
@ -585,7 +598,9 @@ function user_delete($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
$stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE uid='{$u['uid']}'");
$stmt->execute();
} else { } else {
$finish_delete = true; $finish_delete = true;
} }
@ -598,7 +613,9 @@ function user_delete($u, $type=false)
$finish_delete = true; $finish_delete = true;
} }
if($finish_delete == true) { if($finish_delete == true) {
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
$stmt = $pdo->prepare("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE uid='{$u['uid']}'");
$stmt->execute();
} }
} }
@ -628,7 +645,8 @@ function user_purge($u, $type=false)
if($types != '') $types .= ','; if($types != '') $types .= ',';
$types .= $t; $types .= $t;
} }
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
$stmt->execute();
} else { } else {
$finish_purge = true; $finish_purge = true;
} }
@ -636,18 +654,21 @@ function user_purge($u, $type=false)
* out the entry */ * out the entry */
call_user_func("user_delete_$type", $u); call_user_func("user_delete_$type", $u);
// call_user_func("user_purge_$type", $u); // call_user_func("user_purge_$type", $u);
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
$stmt->execute();
} else { } else {
/* Delete the whole user */ /* Delete the whole user */
foreach($u['types'] as $t) { foreach($u['types'] as $t) {
call_user_func("user_delete_$t", $u); call_user_func("user_delete_$t", $u);
// call_user_func("user_purge_$t", $u); // call_user_func("user_purge_$t", $u);
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
$stmt->execute();
} }
$finish_purge = true; $finish_purge = true;
} }
if($finish_purge == true) { if($finish_purge == true) {
mysql_query("DELETE FROM users WHERE id='{$u['id']}'"); $stmt = $pdo->prepare("DELETE FROM users WHERE id='{$u['id']}'");
$stmt->execute();
} }
} }
@ -657,12 +678,13 @@ function user_dupe_row($db, $key, $val, $newval)
{ {
global $config; global $config;
$nullfields = array('deleteddatetime'); /* Fields that can be null */ $nullfields = array('deleteddatetime'); /* Fields that can be null */
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'"); $q = $pdo->prepare("SELECT * FROM $db WHERE $key='$val'");
if(mysql_num_rows($q) != 1) { $q->execute();
if($q->rowCount() != 1) {
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n"; echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
exit; exit;
} }
$i = mysql_fetch_assoc($q); $i = $q->fetch(PDO::FETCH_ASSOC);
$i[$key] = $newval; $i[$key] = $newval;
foreach($i as $k=>$v) { foreach($i as $k=>$v) {
@ -671,7 +693,7 @@ function user_dupe_row($db, $key, $val, $newval)
else if($k == 'year') else if($k == 'year')
$i[$k] = $config['FAIRYEAR']; $i[$k] = $config['FAIRYEAR'];
else else
$i[$k] = '\''.mysql_escape_string($v).'\''; $i[$k] = '\''.$v.'\'';
} }
$keys = '`'.join('`,`', array_keys($i)).'`'; $keys = '`'.join('`,`', array_keys($i)).'`';
@ -679,10 +701,11 @@ function user_dupe_row($db, $key, $val, $newval)
$q = "INSERT INTO $db ($keys) VALUES ($vals)"; $q = "INSERT INTO $db ($keys) VALUES ($vals)";
// echo "Dupe Query: [$q]"; // echo "Dupe Query: [$q]";
$r = mysql_query($q); $r = $pdo->prepare($q);
echo mysql_error(); $r->execute();
echo $pdo->errorInfo();
$id = mysql_insert_id(); $id = $pdo->errorInfo();
return $id; return $id;
} }
/* Used by the login scripts to copy one user from one year to another */ /* Used by the login scripts to copy one user from one year to another */
@ -711,7 +734,8 @@ function user_dupe($u, $new_year)
} }
$id = user_dupe_row('users', 'id', $u['id'], NULL); $id = user_dupe_row('users', 'id', $u['id'], NULL);
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'"); $q = $pdo->prepare("UPDATE users SET year='$new_year' WHERE id='$id'");
$q->execute();
/* Load the new user */ /* Load the new user */
$u2 = user_load($id); $u2 = user_load($id);
@ -755,20 +779,24 @@ function user_create($type, $username, $u = NULL)
{ {
global $config; global $config;
if(!is_array($u)) { if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`) $stmt = $pdo->prepare("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`,`deleted`)
VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')"); VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}','no')");
echo mysql_error(); $stmt->execute();
$uid = mysql_insert_id(); echo $pdo->errorInfo();
$uid = $pdo->lastInsertId();
if(user_valid_email($username)) { if(user_valid_email($username)) {
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET email='$username' WHERE id='$uid'");
$stmt->execute();
} }
mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'"); $stmt = $pdo->prepare("UPDATE users SET uid='$uid' WHERE id='$uid'");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
user_set_password($uid, NULL); user_set_password($uid, NULL);
/* Since the user already has a type, user_save won't create this /* Since the user already has a type, user_save won't create this
* entry for us, so do it here */ * entry for us, so do it here */
mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')"); $stmt = $pdo->prepare("INSERT INTO users_$type (users_id) VALUES('$uid')");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
/* Load the complete user */ /* Load the complete user */
$u = user_load($uid); $u = user_load($uid);
// echo "user_create / user_load($uid) returned <pre>"; // echo "user_create / user_load($uid) returned <pre>";

View File

@ -31,7 +31,7 @@
/* AJAX query */ /* AJAX query */
if(intval($_GET['ajax']) == 1) { if(intval($_GET['ajax']) == 1) {
/* Do ajax processing for this file */ /* Do ajax processing for this file */
$email = mysql_escape_string(stripslashes($_GET['email'])); $email = stripslashes($_GET['email']);
$type = $_GET['type']; $type = $_GET['type'];
/* Sanity check type */ /* Sanity check type */
@ -40,13 +40,14 @@
exit; exit;
} }
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC"); $q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
if(mysql_num_rows($q) == 0) { $q->execute();
if($q->rowCount() == 0) {
/* User doesn't exist */ /* User doesn't exist */
echo "notexist\n"; echo "notexist\n";
exit; exit;
} }
$u = mysql_fetch_assoc($q); $u = $q->fetch(PDO::FETCH_ASSOC);
$u = user_load($u['id']); $u = user_load($u['id']);
if($u['deleted'] == 'yes') { if($u['deleted'] == 'yes') {
@ -174,9 +175,10 @@
if(!in_array($action, $allowed_actions)) if(!in_array($action, $allowed_actions))
exit; exit;
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY year DESC"); $q = $pdo->prepare("SELECT id FROM users WHERE email='$email' ORDER BY year DESC");
if(mysql_num_rows($q) > 0) { $q->execute();
$u = mysql_fetch_assoc($q); if($q->rowCount() > 0) {
$u = $q->fetch(PDO::FETCH_ASSOC);
$u = user_load($u['id']); $u = user_load($u['id']);
} else { } else {
$u = NULL; $u = NULL;

View File

@ -56,7 +56,7 @@
$q->execute(); $q->execute();
if($q->rowCount() < 1) return false; if($q->rowCount() < 1) return false;
#$r = mysql_fetch_object($q); #$r = $q->fetch(PDO::FETCH_OBJ);
$r = $q->fetch(PDO::FETCH_OBJ); $r = $q->fetch(PDO::FETCH_OBJ);
/* See if the user account has been deleted */ /* See if the user account has been deleted */
@ -321,9 +321,10 @@
$email = $_POST['email']; $email = $_POST['email'];
if(user_valid_email($email)) { if(user_valid_email($email)) {
/* valid email address */ /* valid email address */
$e = mysql_escape_string($email); $e = $email;
$q=mysql_query("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1"); $q=$pdo->prepare("SELECT * FROM users WHERE (username='$e' OR email='$e') ORDER BY year DESC LIMIT 1");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r) { if($r) {
$fn = trim($_POST['fn']); $fn = trim($_POST['fn']);
$ln = trim($_POST['ln']); $ln = trim($_POST['ln']);

View File

@ -100,10 +100,10 @@
* this is the one time I wish php had a goto statement. */ * this is the one time I wish php had a goto statement. */
switch($action) { switch($action) {
case 'new': case 'new':
$data_fn = mysql_escape_string(stripslashes($_POST['fn'])); $data_fn = stripslashes($_POST['fn']);
$data_ln = mysql_escape_string(stripslashes($_POST['ln'])); $data_ln = stripslashes($_POST['ln']);
$data_email = stripslashes($_POST['email']); $data_email = stripslashes($_POST['email']);
$sql_email = mysql_escape_string($data_email); $sql_email = $data_email;
$registrationpassword = $_POST['registrationpassword']; $registrationpassword = $_POST['registrationpassword'];
/* Check the registration singlepassword */ /* Check the registration singlepassword */
@ -115,19 +115,21 @@
} }
/* See if this email already exists */ /* See if this email already exists */
$q = mysql_query("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )"); $q = $pdo->prepare("SELECT id,types,MAX(year) AS year,deleted FROM users WHERE (email='$sql_email' OR username='$sql_email' )");
$q->execute();
//select *, max(year) from users where username=sql_email //select *, max(year) from users where username=sql_email
//if deleted and year = current yera - just undelete //if deleted and year = current yera - just undelete
//if deleted and year != current yera - proceed normally and recreate the user //if deleted and year != current yera - proceed normally and recreate the user
if(mysql_num_rows($q) > 0) { if($q->rowCount() > 0) {
/* It already exists, make sure they're not already in this role */ /* It already exists, make sure they're not already in this role */
$r = mysql_fetch_object($q); $r = $q->fetch(PDO::FETCH_OBJ);
$types = explode(',', $r->types); $types = explode(',', $r->types);
if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') { if($r->year==$config['FAIRYEAR'] && $r->deleted=='yes') {
mysql_query("UPDATE users SET deleted='no' WHERE id='$r->id'"); $stmt = $pdo->prepare("UPDATE users SET deleted='no' WHERE id='$r->id'");
$stmt->execute();
message_push(happy(i18n("Your account has been undeleted"))); message_push(happy(i18n("Your account has been undeleted")));
message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password", message_push(notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password",
array("<a href=\"user_login.php?type=$type\">", "</a>")))); array("<a href=\"user_login.php?type=$type\">", "</a>"))));

View File

@ -61,13 +61,13 @@
if($_POST['action']=="save") if($_POST['action']=="save")
{ {
$pass = mysql_escape_string($_POST['pass1']); $pass = $_POST['pass1'];
//first, lets see if they choosed the same password again (bad bad bad) //first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE $q=$pdo->prepare("SELECT password FROM users WHERE
id='{$_SESSION['users_id']}' id='{$_SESSION['users_id']}'
AND password='$pass'"); AND password='$pass'");
$q->execute();
if(mysql_num_rows($q)) if($q->rowCount())
message_push(error(i18n("You cannot choose the same password again. Please choose a different password"))); message_push(error(i18n("You cannot choose the same password again. Please choose a different password")));
else if(!$_POST['pass1']) else if(!$_POST['pass1'])
message_push(error(i18n("New Password is required"))); message_push(error(i18n("New Password is required")));

View File

@ -137,7 +137,7 @@ case 'save':
/* Trying to save a committee member eh? Well, we established above /* Trying to save a committee member eh? Well, we established above
* that we're allowed to be here, so go ahead and save it */ * that we're allowed to be here, so go ahead and save it */
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no'; $u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate'])); $u['emailprivate'] = stripslashes($_POST['emailprivate']);
if(committee_auth_has_access('super')) { if(committee_auth_has_access('super')) {
/* But only superusers can save these ones */ /* But only superusers can save these ones */
@ -149,9 +149,10 @@ case 'save':
/* Check for an email collision */ /* Check for an email collision */
$em = mysql_escape_string(stripslashes($_POST['email'])); $em = stripslashes($_POST['email']);
$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' "); $q=$pdo->prepare("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
if(mysql_num_rows($q) > 0) { $q->execute();
if($q->rowCount()> 0) {
error_("That email address is in use by another user"); error_("That email address is in use by another user");
echo "email error"; echo "email error";
$save = false; $save = false;

View File

@ -31,8 +31,9 @@ function volunteer_status_position($u)
/* See if they have selected something */ /* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}' $q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}'"; AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
if(mysql_num_rows($r) >= 1) { $r->execute();
if($r->rowCount() >= 1) {
return "complete"; return "complete";
} }
return "incomplete"; return "incomplete";

View File

@ -44,8 +44,9 @@
/* Load available IDs */ /* Load available IDs */
$posns = array(); $posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'"; $q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
while($p = mysql_fetch_object($r)) { $r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
$posns[] = $p->id; $posns[] = $p->id;
} }
@ -59,18 +60,20 @@
} }
/* Delete existing selections */ /* Delete existing selections */
mysql_query("DELETE FROM volunteer_positions_signup $stmt = $pdo->prepare("DELETE FROM volunteer_positions_signup
WHERE WHERE
users_id='{$u['id']}' users_id='{$u['id']}'
AND year='{$config['FAIRYEAR']}' "); AND year='{$config['FAIRYEAR']}' ");
echo mysql_error(); $stmt->execute();
echo $pdo->errorInfo();
/* Add new selections if there are any */ /* Add new selections if there are any */
if($vals != '') { if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year) $q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals"; VALUES $vals";
$r=mysql_query($q); $r=$po->prepare($q);
echo mysql_error(); $r->execute();
echo $pdo->errorInfo();
} }
@ -110,17 +113,19 @@ if($_SESSION['embed'] == true) {
$q = "SELECT * FROM volunteer_positions_signup WHERE $q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$u['id']}' users_id = '{$u['id']}'
AND year='{$config['FAIRYEAR']}'"; AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
$r->execute();
$checked_positions = array(); $checked_positions = array();
while($p = mysql_fetch_object($r)) { while($p = $r->fetch(PDO::FETCH_OBJ)) {
$checked_positions[] = $p->volunteer_positions_id; $checked_positions[] = $p->volunteer_positions_id;
} }
/* Load available volunteer positions */ /* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend $q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'"; FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q); $r = $pdo->prepare($q);
while($p = mysql_fetch_object($r)) { $r->execute();
while($p = $r->fetch(PDO::FETCH_OBJ)) {
echo '<tr><td>'; echo '<tr><td>';

View File

@ -37,7 +37,7 @@ if($_GET['year'] && $_GET['type']) {
$show_unawarded_awards="no"; $show_unawarded_awards="no";
$show_unawarded_prizes="no"; $show_unawarded_prizes="no";
$year=intval($_GET['year']); $year=intval($_GET['year']);
$type=mysql_real_escape_string($_GET['type']); $type=$_GET['type'];
echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>"; echo "<h2>".i18n("%1 ".$type." Award Winners",array($_GET['year']))."</h2>";
@ -45,8 +45,9 @@ if($_GET['year'] && $_GET['type']) {
//first, lets make sure someone isnt tryint to see something that they arent allowed to! //first, lets make sure someone isnt tryint to see something that they arent allowed to!
//but only if the year they want is the FAIRYEAR. If they want a past year, thats cool //but only if the year they want is the FAIRYEAR. If they want a past year, thats cool
if($_GET['year']>=$config['FAIRYEAR']) { if($_GET['year']>=$config['FAIRYEAR']) {
$q=mysql_query("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test"); $q=$pdo->prepare("SELECT (NOW()>'".$config['dates']['postwinners']."') AS test");
$r=mysql_fetch_object($q); $q->execute();
$r=$q->fetch(PDO::FETCH_OBJ);
if($r->test!=1) if($r->test!=1)
{ {
echo error(i18n("Crystal ball says future is very hard to see!")); echo error(i18n("Crystal ball says future is very hard to see!"));
@ -57,7 +58,7 @@ if($_GET['year'] && $_GET['type']) {
if($ok) if($ok)
{ {
$q=mysql_query("SELECT $q=$pdo->prepare("SELECT
award_awards.id, award_awards.id,
award_awards.name, award_awards.name,
award_awards.order AS awards_order, award_awards.order AS awards_order,
@ -73,15 +74,15 @@ if($_GET['year'] && $_GET['type']) {
ORDER BY ORDER BY
awards_order"); awards_order");
echo mysql_error(); echo $pdo->errorInfo();
if(mysql_num_rows($q)) if($q->rowCount())
{ {
echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>"; echo "<a href=\"winners.php\">".i18n("Back to Winners main page")."</a>";
echo "<br />"; echo "<br />";
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
$pq=mysql_query("SELECT $pq=$pdo->prepare("SELECT
award_prizes.prize, award_prizes.prize,
award_prizes.number, award_prizes.number,
award_prizes.id, award_prizes.id,
@ -100,17 +101,19 @@ if($_GET['year'] && $_GET['type']) {
AND award_prizes.year='$year' AND award_prizes.year='$year'
ORDER BY ORDER BY
`order`"); `order`");
echo mysql_error(); $pq->execute();
echo $pdo->errorInfo();
$awarded_count = 0; $awarded_count = 0;
if($show_unawarded_awards=="no") if($show_unawarded_awards=="no")
{ {
while($pr=mysql_fetch_object($pq)) while($pr=$pq->fetch(PDO::FETCH_OBJ))
{ {
if($pr->projectnumber) if($pr->projectnumber)
{ {
$awarded_count++; $awarded_count++;
} }
} }
// Still have to find the PDO equivalent
mysql_data_seek($pq, 0); mysql_data_seek($pq, 0);
} }
if($show_unawarded_awards=="yes" || $awarded_count > 0) if($show_unawarded_awards=="yes" || $awarded_count > 0)
@ -119,7 +122,7 @@ if($_GET['year'] && $_GET['type']) {
} }
$prevprizeid=-1; $prevprizeid=-1;
while($pr=mysql_fetch_object($pq)) while($pr=$pq->fetch(PDO::FETCH_OBJ))
{ {
if(!($pr->projectnumber) && $show_unawarded_prizes=="no") if(!($pr->projectnumber) && $show_unawarded_prizes=="no")
{ {
@ -153,7 +156,7 @@ if($_GET['year'] && $_GET['type']) {
echo "&nbsp&nbsp;&nbsp;&nbsp;"; echo "&nbsp&nbsp;&nbsp;&nbsp;";
echo "($pr->projectnumber) ".htmlspecialchars($pr->title); echo "($pr->projectnumber) ".htmlspecialchars($pr->title);
$sq=mysql_query("SELECT students.firstname, $sq=$pdo->prepare("SELECT students.firstname,
students.lastname, students.lastname,
students.schools_id, students.schools_id,
students.webfirst, students.webfirst,
@ -167,11 +170,12 @@ if($_GET['year'] && $_GET['type']) {
students.registrations_id='$pr->reg_id' students.registrations_id='$pr->reg_id'
AND students.schools_id=schools.id AND students.schools_id=schools.id
"); ");
$sq->execute();
$studnum=0; $studnum=0;
$students=""; $students="";
$schools=array(); $schools=array();
while($studentinfo=mysql_fetch_object($sq)) while($studentinfo=$sq->fetch([PDO::FETCH_OBJ]))
{ {
if($studnum>0 && $prev) $students.=", "; if($studnum>0 && $prev) $students.=", ";
@ -242,7 +246,7 @@ else
$first=true; $first=true;
if($q->rowCount()) if($q->rowCount())
{ {
while($r=mysql_fetch_object($q)) while($r=$q->fetch(PDO::FETCH_OBJ))
{ {
if($first && $r->year != $config['FAIRYEAR']) if($first && $r->year != $config['FAIRYEAR'])
{ {
@ -258,7 +262,7 @@ else
//do this each time, because each year the names of the award types could change, along with what is actually given out. //do this each time, because each year the names of the award types could change, along with what is actually given out.
// //
$tq=mysql_query("SELECT $tq=$pdo->prepare("SELECT
DISTINCT(award_types.type) AS type DISTINCT(award_types.type) AS type
FROM FROM
winners, winners,
@ -273,8 +277,9 @@ else
ORDER BY ORDER BY
award_types.order award_types.order
"); ");
echo mysql_error(); $tq->execute();
while($tr=mysql_fetch_object($tq)) { echo $pdo->errorInfo();
while($tr=$tq->fetch(PDO::FETCH_OBJ)) {
echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />"; echo "&nbsp;&nbsp;<a href=\"winners.php?year=$r->year&type=$tr->type\">".i18n("%1 $tr->type award winners",array($r->year))."</a><br />";
} }
echo "<br />"; echo "<br />";