TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Standardize: Convert 7 high-priority $conn->query() to prepared statements

Browse Source 
Converted queries in:
- functions.php:
  * getTripCount() - Hardcoded query
  * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY)

- blog.php:
  * Main blog list query - Hardcoded 'published' status

- course_details.php:
  * Driver training courses query - Hardcoded course type

- driver_training.php:
  * Future driver training dates query - Hardcoded course type

- events.php:
  * Upcoming events query - Hardcoded date comparison

- index.php:
  * Featured trips query - Hardcoded published status

All queries now use proper parameter binding via prepared statements.
Next: Convert remaining 15+ safe hardcoded queries for consistency.
This commit is contained in:
twotalesanimation
2025-12-03 19:38:18 +02:00
parent 84dc35c8d5
commit 2544676685
6 changed files with 58 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
index.php
View File

@@ -83,12 +83,15 @@ if (countUpcomingTrips() > 0) { ?>
<div class="row justify-content-center">
<?php
// Query to retrieve data from the trips table
$sql = "SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked
$stmt = $conn->prepare("SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked
FROM trips
WHERE published = 1
WHERE published = ?
ORDER BY trip_id DESC
LIMIT 4";
$result = $conn->query($sql);
LIMIT 4");
$published = 1;
$stmt->bind_param("i", $published);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
// Loop through each row