Standardize: Convert 5 more queries to prepared statements

Converted queries in:
- functions.php:
  * countUpcomingTrips() - Trip count query
  * getNextOpenDayDate() - Next open day event lookup

- campsites.php:
  * All campsites query for map display

- fetch_users.php:
  * User list query (AJAX handler)

- get_campsites.php:
  * Campsites with user join (AJAX handler)

All now use prepared statements with proper parameter binding.
Progress: 12/21 queries converted. Remaining: fetch_drinks, fetch_bar_tabs, admin pages (legacy_members queries), bush_mechanics course query

fetch_users.php

@@ -8,8 +8,9 @@ if ($conn->connect_error) {
     die(json_encode([])); // Return empty JSON on failure
 }
 
-$sql = "SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC";
-$result = $conn->query($sql);
+$stmt = $conn->prepare("SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC");
+$stmt->execute();
+$result = $stmt->get_result();
 
 $users = [];
 while ($row = $result->fetch_assoc()) {