TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Standardize: Convert 7 high-priority $conn->query() to prepared statements

Browse Source 
Converted queries in:
- functions.php:
  * getTripCount() - Hardcoded query
  * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY)

- blog.php:
  * Main blog list query - Hardcoded 'published' status

- course_details.php:
  * Driver training courses query - Hardcoded course type

- driver_training.php:
  * Future driver training dates query - Hardcoded course type

- events.php:
  * Upcoming events query - Hardcoded date comparison

- index.php:
  * Featured trips query - Hardcoded published status

All queries now use proper parameter binding via prepared statements.
Next: Convert remaining 15+ safe hardcoded queries for consistency.
This commit is contained in:
twotalesanimation
2025-12-03 19:38:18 +02:00
parent 84dc35c8d5
commit 2544676685
6 changed files with 58 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
functions.php
View File

@@ -31,9 +31,12 @@ function getTripCount()
// Database connection
$conn = openDatabaseConnection();
// SQL query to count the number of rows
$sql = "SELECT COUNT(*) AS total FROM trips WHERE published = 1 AND start_date > CURDATE()";
$result = $conn->query($sql);
// SQL query to count the number of upcoming trips
$stmt = $conn->prepare("SELECT COUNT(*) AS total FROM trips WHERE published = ? AND start_date > CURDATE()");
$published = 1;
$stmt->bind_param("i", $published);
$stmt->execute();
$result = $stmt->get_result();
// Fetch the count from the result
if ($result->num_rows > 0) {
@@ -918,8 +921,10 @@ function getAvailableSpaces($trip_id)
$trip_id = intval($trip_id);
// Step 1: Get the vehicle capacity for the trip from the trips table
$query = "SELECT vehicle_capacity FROM trips WHERE trip_id = $trip_id";
$result = $conn->query($query);
$stmt = $conn->prepare("SELECT vehicle_capacity FROM trips WHERE trip_id = ?");
$stmt->bind_param("i", $trip_id);
$stmt->execute();
$result = $stmt->get_result();
// Check if the trip exists
if ($result->num_rows === 0) {
@@ -931,8 +936,10 @@ function getAvailableSpaces($trip_id)
$vehicle_capacity = $trip['vehicle_capacity'];
// Step 2: Get the total number of booked vehicles for this trip from the bookings table
$query = "SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = $trip_id";
$result = $conn->query($query);
$stmt = $conn->prepare("SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = ?");
$stmt->bind_param("i", $trip_id);
$stmt->execute();
$result = $stmt->get_result();
// Fetch the total number of vehicles booked
$bookings = $result->fetch_assoc();