TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Standardize: Convert 7 high-priority $conn->query() to prepared statements

Browse Source 
Converted queries in:
- functions.php:
  * getTripCount() - Hardcoded query
  * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY)

- blog.php:
  * Main blog list query - Hardcoded 'published' status

- course_details.php:
  * Driver training courses query - Hardcoded course type

- driver_training.php:
  * Future driver training dates query - Hardcoded course type

- events.php:
  * Upcoming events query - Hardcoded date comparison

- index.php:
  * Featured trips query - Hardcoded published status

All queries now use proper parameter binding via prepared statements.
Next: Convert remaining 15+ safe hardcoded queries for consistency.
This commit is contained in:
twotalesanimation
2025-12-03 19:38:18 +02:00
parent 84dc35c8d5
commit 2544676685
6 changed files with 58 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
blog.php
View File

@@ -28,10 +28,10 @@ include_once('header.php') ?>
} }
</style><?php </style><?php
$pageTitle = 'Blogs'; $pageTitle = 'Blogs';
$breadcrumbs = [['Home' => 'index.php']]; $breadcrumbs = [['Home' => 'index.php']];
require_once('components/banner.php'); require_once('components/banner.php');
?> ?>
@@ -41,9 +41,11 @@ include_once('header.php') ?>
<div class="row"> <div class="row">
<div class="col-lg-8"> <div class="col-lg-8">
<?php <?php
// Query to retrieve data from the trips table // Query to retrieve data from blogs table
$sql = "SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = 'published' ORDER BY date DESC"; $stmt = $conn->prepare("SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = ? ORDER BY date DESC");
$result = $conn->query($sql); $stmt->bind_param("s", $status = 'published');
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
// Loop through each row // Loop through each row

19
course_details.php
View File

@@ -1,18 +1,21 @@
<?php <?php
$headerStyle = 'light'; $headerStyle = 'light';
include_once('header.php'); include_once('header.php');
// SQL query to fetch dates for driver training // SQL query to fetch dates for driver training
$sql = "SELECT course_id, date FROM courses WHERE course_type = 'driver_training'"; $stmt = $conn->prepare("SELECT course_id, date FROM courses WHERE course_type = ?");
$result = $conn->query($sql); $course_type = 'driver_training';
$stmt->bind_param("s", $course_type);
$stmt->execute();
$result = $stmt->get_result();
?> ?>
<?php <?php
$pageTitle = 'Course Details'; $pageTitle = 'Course Details';
$breadcrumbs = [['Home' => 'index.php']]; $breadcrumbs = [['Home' => 'index.php']];
require_once('components/banner.php'); require_once('components/banner.php');
?> ?>
<!-- Page Banner End --> <!-- Page Banner End -->

24
driver_training.php
View File

@@ -1,15 +1,17 @@
<?php <?php
$headerStyle = 'light'; $headerStyle = 'light';
include_once('header.php'); include_once('header.php');
checkUserSession(); checkUserSession();
// SQL query to fetch dates for driver training // SQL query to fetch dates for driver training
$sql = "SELECT course_id, date $stmt = $conn->prepare("SELECT course_id, date
FROM courses FROM courses
WHERE course_type = 'driver_training' WHERE course_type = ?
AND date >= CURDATE()"; AND date >= CURDATE()");
$course_type = 'driver_training';
$result = $conn->query($sql); $stmt->bind_param("s", $course_type);
$stmt->execute();
$result = $stmt->get_result();
$page_id = 'driver_training'; $page_id = 'driver_training';
?> ?>
@@ -24,10 +26,10 @@ $page_id = 'driver_training';
padding: 8px; padding: 8px;
font-size: 16px; font-size: 16px;
} }
</style><?php </style><?php
$pageTitle = 'Driver Training'; $pageTitle = 'Driver Training';
$breadcrumbs = [['Home' => 'index.php']]; $breadcrumbs = [['Home' => 'index.php']];
require_once('components/banner.php'); require_once('components/banner.php');
?> ?>
<!-- Product Details Start --> <!-- Product Details Start -->

8
events.php
View File

@@ -88,10 +88,10 @@ include_once('header.php') ?>
</div> </div>
<?php <?php
// Query to retrieve data from the trips table // Query to retrieve upcoming events
$sql = "SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC"; $stmt = $conn->prepare("SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC");
$stmt->execute();
$result = $conn->query($sql); $result = $stmt->get_result();
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
// Loop through each row // Loop through each row

21
functions.php
View File

@@ -31,9 +31,12 @@ function getTripCount()
// Database connection // Database connection
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();
// SQL query to count the number of rows // SQL query to count the number of upcoming trips
$sql = "SELECT COUNT(*) AS total FROM trips WHERE published = 1 AND start_date > CURDATE()"; $stmt = $conn->prepare("SELECT COUNT(*) AS total FROM trips WHERE published = ? AND start_date > CURDATE()");
$result = $conn->query($sql); $published = 1;
$stmt->bind_param("i", $published);
$stmt->execute();
$result = $stmt->get_result();
// Fetch the count from the result // Fetch the count from the result
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
@@ -918,8 +921,10 @@ function getAvailableSpaces($trip_id)
$trip_id = intval($trip_id); $trip_id = intval($trip_id);
// Step 1: Get the vehicle capacity for the trip from the trips table // Step 1: Get the vehicle capacity for the trip from the trips table
$query = "SELECT vehicle_capacity FROM trips WHERE trip_id = $trip_id"; $stmt = $conn->prepare("SELECT vehicle_capacity FROM trips WHERE trip_id = ?");
$result = $conn->query($query); $stmt->bind_param("i", $trip_id);
$stmt->execute();
$result = $stmt->get_result();
// Check if the trip exists // Check if the trip exists
if ($result->num_rows === 0) { if ($result->num_rows === 0) {
@@ -931,8 +936,10 @@ function getAvailableSpaces($trip_id)
$vehicle_capacity = $trip['vehicle_capacity']; $vehicle_capacity = $trip['vehicle_capacity'];
// Step 2: Get the total number of booked vehicles for this trip from the bookings table // Step 2: Get the total number of booked vehicles for this trip from the bookings table
$query = "SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = $trip_id"; $stmt = $conn->prepare("SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = ?");
$result = $conn->query($query); $stmt->bind_param("i", $trip_id);
$stmt->execute();
$result = $stmt->get_result();
// Fetch the total number of vehicles booked // Fetch the total number of vehicles booked
$bookings = $result->fetch_assoc(); $bookings = $result->fetch_assoc();

11
index.php
View File

@@ -83,12 +83,15 @@ if (countUpcomingTrips() > 0) { ?>
<div class="row justify-content-center"> <div class="row justify-content-center">
<?php <?php
// Query to retrieve data from the trips table // Query to retrieve data from the trips table
$sql = "SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked $stmt = $conn->prepare("SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked
FROM trips FROM trips
WHERE published = 1 WHERE published = ?
ORDER BY trip_id DESC ORDER BY trip_id DESC
LIMIT 4"; LIMIT 4");
$result = $conn->query($sql); $published = 1;
$stmt->bind_param("i", $published);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
// Loop through each row // Loop through each row