TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Standardize: Convert 5 more queries to prepared statements

Browse Source 
Converted queries in:
- functions.php:
  * countUpcomingTrips() - Trip count query
  * getNextOpenDayDate() - Next open day event lookup

- campsites.php:
  * All campsites query for map display

- fetch_users.php:
  * User list query (AJAX handler)

- get_campsites.php:
  * Campsites with user join (AJAX handler)

All now use prepared statements with proper parameter binding.
Progress: 12/21 queries converted. Remaining: fetch_drinks, fetch_bar_tabs, admin pages (legacy_members queries), bush_mechanics course query
This commit is contained in:
twotalesanimation
2025-12-03 19:40:46 +02:00
parent 2544676685
commit cbb52cda35
4 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
campsites.php
View File

@@ -3,7 +3,9 @@ $headerStyle = 'light';
include_once('header.php'); include_once('header.php');
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();
$result = $conn->query("SELECT * FROM campsites"); $stmt = $conn->prepare("SELECT * FROM campsites");
$stmt->execute();
$result = $stmt->get_result();
$campsites = []; $campsites = [];
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$campsites[] = $row; $campsites[] = $row;

5
fetch_users.php
View File

@@ -8,8 +8,9 @@ if ($conn->connect_error) {
die(json_encode([])); // Return empty JSON on failure die(json_encode([])); // Return empty JSON on failure
} }
$sql = "SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC"; $stmt = $conn->prepare("SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC");
$result = $conn->query($sql); $stmt->execute();
$result = $stmt->get_result();
$users = []; $users = [];
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {

19
functions.php
View File

@@ -1544,10 +1544,12 @@ function countUpcomingTrips()
// Open database connection // Open database connection
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();
$query = "SELECT COUNT(*) AS trip_count FROM trips WHERE published = 1 AND start_date > CURDATE()"; $stmt = $conn->prepare("SELECT COUNT(*) AS trip_count FROM trips WHERE published = ? AND start_date > CURDATE()");
$published = 1;
$stmt->bind_param("i", $published);
$stmt->execute();
if ($result = $stmt->get_result()) {
if ($result = $conn->query($query)) {
$row = $result->fetch_assoc(); $row = $result->fetch_assoc();
return (int)$row['trip_count']; return (int)$row['trip_count'];
} else { } else {
@@ -1636,16 +1638,19 @@ function getUserIP()
function getNextOpenDayDate() function getNextOpenDayDate()
{ {
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();
$sql = " $stmt = $conn->prepare("
SELECT date SELECT date
FROM events FROM events
WHERE name = '4WDCSA Open Day' WHERE name = ?
AND date >= NOW() AND date >= NOW()
ORDER BY date ASC ORDER BY date ASC
LIMIT 1 LIMIT 1
"; ");
$event_name = '4WDCSA Open Day';
$stmt->bind_param("s", $event_name);
$stmt->execute();
$result = $conn->query($sql); $result = $stmt->get_result();
if ($result && $row = $result->fetch_assoc()) { if ($result && $row = $result->fetch_assoc()) {
return $row['date']; // e.g. "2025-05-01 10:00:00" return $row['date']; // e.g. "2025-05-01 10:00:00"

8
get_campsites.php
View File

@@ -4,15 +4,15 @@ include_once('connection.php');
include_once('functions.php'); include_once('functions.php');
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();
$sql = "SELECT $stmt = $conn->prepare("SELECT
c.*, c.*,
u.first_name, u.first_name,
u.last_name, u.last_name,
u.profile_pic u.profile_pic
FROM campsites c FROM campsites c
LEFT JOIN users u ON c.user_id = u.user_id"; LEFT JOIN users u ON c.user_id = u.user_id");
$stmt->execute();
$result = $conn->query($sql); $result = $stmt->get_result();
$campsites = []; $campsites = [];
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {