Standardize: Convert 7 high-priority $conn->query() to prepared statements
Converted queries in: - functions.php: * getTripCount() - Hardcoded query * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY) - blog.php: * Main blog list query - Hardcoded 'published' status - course_details.php: * Driver training courses query - Hardcoded course type - driver_training.php: * Future driver training dates query - Hardcoded course type - events.php: * Upcoming events query - Hardcoded date comparison - index.php: * Featured trips query - Hardcoded published status All queries now use proper parameter binding via prepared statements. Next: Convert remaining 15+ safe hardcoded queries for consistency.
This commit is contained in:
twotalesanimation
16
blog.php
16
blog.php
@@ -28,10 +28,10 @@ include_once('header.php') ?>
|
||||
|
||||
|
||||
}
|
||||
</style><?php
|
||||
$pageTitle = 'Blogs';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
</style><?php
|
||||
$pageTitle = 'Blogs';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
?>
|
||||
|
||||
|
||||
@@ -41,9 +41,11 @@ include_once('header.php') ?>
|
||||
<div class="row">
|
||||
<div class="col-lg-8">
|
||||
<?php
|
||||
// Query to retrieve data from the trips table
|
||||
$sql = "SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = 'published' ORDER BY date DESC";
|
||||
$result = $conn->query($sql);
|
||||
// Query to retrieve data from blogs table
|
||||
$stmt = $conn->prepare("SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = ? ORDER BY date DESC");
|
||||
$stmt->bind_param("s", $status = 'published');
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows > 0) {
|
||||
// Loop through each row
|
||||
|
||||
@@ -1,18 +1,21 @@
|
||||
<?php
|
||||
$headerStyle = 'light';
|
||||
<?php
|
||||
$headerStyle = 'light';
|
||||
include_once('header.php');
|
||||
|
||||
// SQL query to fetch dates for driver training
|
||||
$sql = "SELECT course_id, date FROM courses WHERE course_type = 'driver_training'";
|
||||
$result = $conn->query($sql);
|
||||
$stmt = $conn->prepare("SELECT course_id, date FROM courses WHERE course_type = ?");
|
||||
$course_type = 'driver_training';
|
||||
$stmt->bind_param("s", $course_type);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
?>
|
||||
|
||||
|
||||
|
||||
<?php
|
||||
$pageTitle = 'Course Details';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
<?php
|
||||
$pageTitle = 'Course Details';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
?>
|
||||
<!-- Page Banner End -->
|
||||
|
||||
|
||||
@@ -1,15 +1,17 @@
|
||||
<?php
|
||||
$headerStyle = 'light';
|
||||
<?php
|
||||
$headerStyle = 'light';
|
||||
include_once('header.php');
|
||||
checkUserSession();
|
||||
|
||||
// SQL query to fetch dates for driver training
|
||||
$sql = "SELECT course_id, date
|
||||
$stmt = $conn->prepare("SELECT course_id, date
|
||||
FROM courses
|
||||
WHERE course_type = 'driver_training'
|
||||
AND date >= CURDATE()";
|
||||
|
||||
$result = $conn->query($sql);
|
||||
WHERE course_type = ?
|
||||
AND date >= CURDATE()");
|
||||
$course_type = 'driver_training';
|
||||
$stmt->bind_param("s", $course_type);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$page_id = 'driver_training';
|
||||
|
||||
?>
|
||||
@@ -24,10 +26,10 @@ $page_id = 'driver_training';
|
||||
padding: 8px;
|
||||
font-size: 16px;
|
||||
}
|
||||
</style><?php
|
||||
$pageTitle = 'Driver Training';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
</style><?php
|
||||
$pageTitle = 'Driver Training';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
?>
|
||||
|
||||
<!-- Product Details Start -->
|
||||
|
||||
@@ -88,10 +88,10 @@ include_once('header.php') ?>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
// Query to retrieve data from the trips table
|
||||
$sql = "SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC";
|
||||
|
||||
$result = $conn->query($sql);
|
||||
// Query to retrieve upcoming events
|
||||
$stmt = $conn->prepare("SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC");
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows > 0) {
|
||||
// Loop through each row
|
||||
|
||||
@@ -31,9 +31,12 @@ function getTripCount()
|
||||
// Database connection
|
||||
$conn = openDatabaseConnection();
|
||||
|
||||
// SQL query to count the number of rows
|
||||
$sql = "SELECT COUNT(*) AS total FROM trips WHERE published = 1 AND start_date > CURDATE()";
|
||||
$result = $conn->query($sql);
|
||||
// SQL query to count the number of upcoming trips
|
||||
$stmt = $conn->prepare("SELECT COUNT(*) AS total FROM trips WHERE published = ? AND start_date > CURDATE()");
|
||||
$published = 1;
|
||||
$stmt->bind_param("i", $published);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
// Fetch the count from the result
|
||||
if ($result->num_rows > 0) {
|
||||
@@ -918,8 +921,10 @@ function getAvailableSpaces($trip_id)
|
||||
$trip_id = intval($trip_id);
|
||||
|
||||
// Step 1: Get the vehicle capacity for the trip from the trips table
|
||||
$query = "SELECT vehicle_capacity FROM trips WHERE trip_id = $trip_id";
|
||||
$result = $conn->query($query);
|
||||
$stmt = $conn->prepare("SELECT vehicle_capacity FROM trips WHERE trip_id = ?");
|
||||
$stmt->bind_param("i", $trip_id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
// Check if the trip exists
|
||||
if ($result->num_rows === 0) {
|
||||
@@ -931,8 +936,10 @@ function getAvailableSpaces($trip_id)
|
||||
$vehicle_capacity = $trip['vehicle_capacity'];
|
||||
|
||||
// Step 2: Get the total number of booked vehicles for this trip from the bookings table
|
||||
$query = "SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = $trip_id";
|
||||
$result = $conn->query($query);
|
||||
$stmt = $conn->prepare("SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = ?");
|
||||
$stmt->bind_param("i", $trip_id);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
// Fetch the total number of vehicles booked
|
||||
$bookings = $result->fetch_assoc();
|
||||
|
||||
11
index.php
11
index.php
@@ -83,12 +83,15 @@ if (countUpcomingTrips() > 0) { ?>
|
||||
<div class="row justify-content-center">
|
||||
<?php
|
||||
// Query to retrieve data from the trips table
|
||||
$sql = "SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked
|
||||
$stmt = $conn->prepare("SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked
|
||||
FROM trips
|
||||
WHERE published = 1
|
||||
WHERE published = ?
|
||||
ORDER BY trip_id DESC
|
||||
LIMIT 4";
|
||||
$result = $conn->query($sql);
|
||||
LIMIT 4");
|
||||
$published = 1;
|
||||
$stmt->bind_param("i", $published);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows > 0) {
|
||||
// Loop through each row
|
||||
|
||||
Reference in New Issue
Block a user