Standardize: Convert 7 high-priority $conn->query() to prepared statements
Converted queries in: - functions.php: * getTripCount() - Hardcoded query * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY) - blog.php: * Main blog list query - Hardcoded 'published' status - course_details.php: * Driver training courses query - Hardcoded course type - driver_training.php: * Future driver training dates query - Hardcoded course type - events.php: * Upcoming events query - Hardcoded date comparison - index.php: * Featured trips query - Hardcoded published status All queries now use proper parameter binding via prepared statements. Next: Convert remaining 15+ safe hardcoded queries for consistency.
This commit is contained in:
twotalesanimation
16
blog.php
16
blog.php
@@ -28,10 +28,10 @@ include_once('header.php') ?>
|
||||
|
||||
|
||||
}
|
||||
</style><?php
|
||||
$pageTitle = 'Blogs';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
</style><?php
|
||||
$pageTitle = 'Blogs';
|
||||
$breadcrumbs = [['Home' => 'index.php']];
|
||||
require_once('components/banner.php');
|
||||
?>
|
||||
|
||||
|
||||
@@ -41,9 +41,11 @@ include_once('header.php') ?>
|
||||
<div class="row">
|
||||
<div class="col-lg-8">
|
||||
<?php
|
||||
// Query to retrieve data from the trips table
|
||||
$sql = "SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = 'published' ORDER BY date DESC";
|
||||
$result = $conn->query($sql);
|
||||
// Query to retrieve data from blogs table
|
||||
$stmt = $conn->prepare("SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = ? ORDER BY date DESC");
|
||||
$stmt->bind_param("s", $status = 'published');
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
if ($result->num_rows > 0) {
|
||||
// Loop through each row
|
||||
|
||||
Reference in New Issue
Block a user