Changeset 257 for trunk/admin/modules/Elezioni/ele_candidato.php

Timestamp:

Feb 9, 2019, 8:45:24 PM (6 years ago)

Author:

roby

Message:

 

File:

• trunk/admin/modules/Elezioni/ele_candidato.php (modified) (12 diffs)

trunk/admin/modules/Elezioni/ele_candidato.php

@@ -13 +13 @@
     die ("You can't access this file directly...");
 }
-
+global $dbi;
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $currentlang=$_SESSION['lang'];
@@ -23 +22 @@
 $perms=ChiSei($id_cons_gen);
 if ($perms<32 or !$id_cons_gen) die("$id_cons_gen -Non hai i permessi per inserire dati, o non hai scelto la consultazione!");
-$res = mysql_query("SELECT t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune' " , $dbi);
-list($tipo_cons,$id_cons) = mysql_fetch_row($res);
-$res = mysql_query("SELECT genere FROM ".$prefix."_ele_tipo where tipo_cons='$tipo_cons' " , $dbi);
-        list($genere) = mysql_fetch_row($res);
+$sql = "SELECT t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune' ";
+$sth = $dbi->prepare("$sql");
+$sth->execute();        
+
+list($tipo_cons,$id_cons) = $sth->fetch(PDO::FETCH_NUM);
+$sql = "SELECT genere FROM ".$prefix."_ele_tipo where tipo_cons='$tipo_cons' ";
+$sth = $dbi->prepare("$sql");
+$sth->execute();
+list($genere) = $sth->fetch(PDO::FETCH_NUM);
 include("modules/Elezioni/funzionidata.php");
 include("modules/Elezioni/ele.php");
@@ -78 +82 @@
         $circo='';$circo2='';
         $currentlang=$_SESSION['lang']; 
-        $res = mysql_query("SELECT circo FROM ".$prefix."_ele_tipo where tipo_cons='$tipo_cons' and lingua='$currentlang'", $dbi);
-        list($cons_circ)= mysql_fetch_row($res);
+        $sql = "SELECT circo FROM ".$prefix."_ele_tipo where tipo_cons='$tipo_cons' and lingua='$currentlang'";
+        $sth = $dbi->prepare("$sql");
+        $sth->execute();
+        list($cons_circ)= $sth->fetch(PDO::FETCH_NUM);
         if($cons_circ) //elezioni circoscrizionali
         {
                 echo "<form name=\"circo\" action=\"admin.php\" method=\"post\">";
                 echo "<br><br><table border=\"1\" width=\"50%\" ><tr bgcolor=\"$bgcolor1\"><td>"._SCEGLI_CIRCO.": </td>";
-                $res = mysql_query("SELECT * FROM ".$prefix."_ele_circoscrizione where id_cons='$id_cons'", $dbi);
                 echo "<input type=\"hidden\" name=\"pag\" value=\"admin.php?op=candidato&amp;id_cons_gen=$id_cons_gen&amp;id_circ=\">";
                 echo "<td><select name=\"id_circ\" onChange=\"top.location.href=this.form.pag.value+this.form.id_circ.options[this.form.id_circ.selectedIndex].value;return false\">";
                 echo "<option value=\"\">";
-                while($arr=mysql_fetch_array($res,3)){
+                $sql = "SELECT * FROM ".$prefix."_ele_circoscrizione where id_cons='$id_cons'";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                while($arr=$sth->fetch(PDO::FETCH_BOTH)){
                         if (!$id_circ) $id_circ=$arr['id_circ'];
                         $sel= ($arr['id_circ'] == $id_circ) ? "selected":"";
@@ -99 +107 @@
         if($id_cand)
         {
-                $res = mysql_query("SELECT * FROM ".$prefix."_ele_candidati where id_cand='$id_cand'", $dbi);
-                $pro= mysql_fetch_array($res, 3);
+                $sql = "SELECT * FROM ".$prefix."_ele_candidati where id_cand='$id_cand'";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                $pro= $sth->fetch(PDO::FETCH_BOTH);
         }else{
         $pro['cognome']='';$pro['num_cand']='';$pro['nome']='';
         }
         if (!isset($id_lista)) {
-                $res_lista=mysql_query("SELECT id_lista from ".$prefix."_ele_lista where id_cons=$id_cons $circo and num_lista=1", $dbi);
-                list($id_lista)=mysql_fetch_row($res_lista);
+                $sql="SELECT id_lista from ".$prefix."_ele_lista where id_cons=$id_cons $circo and num_lista=1";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                list($id_lista)=$sth->fetch(PDO::FETCH_NUM);
         }
         $cond=($id_lista>0) ? "and t1.id_lista=".$id_lista :'';
@@ -143 +155 @@
         }
         echo "<td bgcolor=\"$bgcolor1\" align=\"center\"><b>"._FUNZIONI."</b></td></tr>";
-        $result = mysql_query($query, $dbi);
+                $result = $dbi->prepare("$query");
+                $result->execute();
+#               list($id_lista)=$result->fetch(PDO::FETCH_NUM);
         if($cons_circ)
-                $res = mysql_query("SELECT count(0) FROM ".$prefix."_ele_candidati as t1,".$prefix."_ele_lista as t2 where t1.id_cons='$id_cons' and t1.id_cons=t2.id_cons and t2.id_circ=$id_circ and t1.id_lista=t2.id_lista $cond ", $dbi);
+                $sql = "SELECT count(0) FROM ".$prefix."_ele_candidati as t1,".$prefix."_ele_lista as t2 where t1.id_cons='$id_cons' and t1.id_cons=t2.id_cons and t2.id_circ=$id_circ and t1.id_lista=t2.id_lista $cond ";
         else
-                $res = mysql_query("SELECT count(0) FROM ".$prefix."_ele_candidati as t1 where t1.id_cons='$id_cons' $cond ", $dbi);
-        list($max) = mysql_fetch_row($res);
+                $sql = "SELECT count(0) FROM ".$prefix."_ele_candidati as t1 where t1.id_cons='$id_cons' $cond ";
+        $sth = $dbi->prepare("$sql");
+        $sth->execute();
+        list($max) = $sth->rowCount();
         if($id_lista){
                 $numero=$max+1;} else $numero='';
@@ -166 +182 @@
         echo "<input type=\"hidden\" name=\"pag\" value=\"admin.php?op=candidato&amp;id_cons=$id_cons&amp;id_cons_gen=$id_cons_gen&amp;id_comune=$id_comune&amp;id_circ=$id_circ&amp;id_lista=\">";
         echo "<td width=\"10%\"><select width=\"10\" name=\"id_lista\" onChange=\"aggiorna()\">";
-        $res= mysql_query("SELECT id_lista,num_lista,descrizione FROM ".$prefix."_ele_lista where id_cons='$id_cons' $circo order by num_lista", $dbi);
+        $sql= "SELECT id_lista,num_lista,descrizione FROM ".$prefix."_ele_lista where id_cons='$id_cons' $circo order by num_lista";
+        $lis = $dbi->prepare("$sql");
+        $lis->execute();
         echo "<option value=\"\">";
-        while(list($id,$numlist,$descr) = mysql_fetch_row($res)) {
+        
+        while(list($id,$numlist,$descr) = $lis->fetch(PDO::FETCH_NUM)) {
                 if (!isset($id_lista)){$id_lista=$id;}
                 $sel= ($id == $id_lista) ? "selected":"";
@@ -198 +217 @@
         if ($result)
         while(list($id_cand,$id_lista2,$num_cand,$cognome, $nome,$simbolo,$simb_lista,
-        $descr_lista,$simb_gruppo,$descr_gruppo) = mysql_fetch_row($result)) {
+        $descr_lista,$simb_gruppo,$descr_gruppo) = $result->fetch(PDO::FETCH_NUM)) {
                 $bgcolor1=($bgcolor1==$_SESSION['bgcolor1'])?$_SESSION['bgcolor2']:$_SESSION['bgcolor1'];
                 echo "<tr bgcolor=\"$bgcolor1\"><td align=\"center\"><b>$num_cand</b>"
@@ -245 +264 @@
 if ($perms >16) {
                 if($id_cand) {
-                        $res = mysql_query("SELECT * FROM ".$prefix."_ele_candidati where id_cand='$id_cand'", $dbi);
+                        $sql = "SELECT * FROM ".$prefix."_ele_candidati where id_cand='$id_cand'";
                 }else{
-                        $res = mysql_query("SELECT * FROM ".$prefix."_ele_candidati where id_lista='$id_lista'
-                        and id_cons=$id_cons and cognome=$cognome and nome=$nome", $dbi);
+                        $sql="SELECT * FROM ".$prefix."_ele_candidati where id_lista='$id_lista'
+                        and id_cons='$id_cons' and cognome='$cognome' and nome='$nome'";
                 }
+                $sthcan = $dbi->prepare("$sql");
+                $sthcan->execute();
+
                 $username=$aid;
                 $data=date("Y/m/d");
@@ -260 +282 @@
                                 echo "[ <a href=\"admin.php?op=candidato&amp;id_cons_gen=$id_cons_gen\">"._NO."</a> ] - [<a href=\"admin.php?op=candidato&amp;do=delete&amp;id_cand=$id_cand&amp;id_gruppo=$id_gruppo&amp;id_cons=$id_cons&amp;id_circ=$id_circ&amp;ok=1&amp;id_cons_gen=$id_cons_gen&amp;id_lista=$id_lista&amp;id_comune=$id_comune&amp;min=$min\">"._YES."</a> ]";
                         }else{
-                                $pro= mysql_fetch_array($res, MYSQL_ASSOC);
-                                $result = mysql_query("delete from ".$prefix."_ele_candidati where id_cand='$id_cand'", $dbi);
-                                mysql_query("insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','DELETE:id_lista:$pro[id_lista],cognome:$pro[cognome],nome:$pro[nome]','','".$prefix."_ele_candidati')", $dbi);
-                                if (!$result)return;
+                                $pro= $sthcan->fetch(PDO::FETCH_BOTH);
+                                $sql="delete from ".$prefix."_ele_candidati where id_cand='$id_cand'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();
+                                $result=$sth->rowCount();
+                                $sql="insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','DELETE:id_lista:$pro[id_lista],cognome:$pro[cognome],nome:$pro[nome]','','".$prefix."_ele_candidati')";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();
+                                if (!$result->rowCount())return;
                                 Header("Location: admin.php?op=candidato&id_cons=$id_cons&id_cons_gen=$id_cons_gen&id_comune=$id_comune&id_circ=$id_circ&id_lista=$id_lista&min=$min");
                         }
@@ -270 +297 @@
                 // dati gruppo
                                 if (!$num_cand){
-                                        $result = mysql_query("select max(num_cand) from ".$prefix."_ele_candidati where id_lista='$id_lista'", $dbi);
-                                        if ($result) list($num_cand)=mysql_fetch_row($result);
+                                        $sql="select max(num_cand) from ".$prefix."_ele_candidati where id_lista='$id_lista'";
+                                $result = $dbi->prepare("$sql");
+                                $result->execute();
+                                        if ($result->rowCount()) list($num_cand)=$result->fetch(PDO::FETCH_NUM);
                                         else $num_cand=0;
                                         $num_cand++;
                                 }
-                                $result = mysql_query("select id_gruppo from ".$prefix."_ele_lista where id_lista='$id_lista'", $dbi);
-                                list($id_gruppo)=mysql_fetch_row($result);
-                                $result = mysql_query("insert into ".$prefix."_ele_candidati(id_cons,id_lista,cognome,nome,note,simbolo,num_cand) values ('$id_cons','$id_lista','$cognome','$nome','$note','$simbolo','$num_cand')", $dbi);
-                                mysql_query("insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','','ADD:id_lista:$id_lista,cognome:$cognome,nome:$nome','".$prefix."_ele_candidati')", $dbi);
+                                $sql="select id_gruppo from ".$prefix."_ele_lista where id_lista='$id_lista'";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();
+                                list($id_gruppo)=$sth->fetch(PDO::FETCH_NUM);
+                                $sql="insert into ".$prefix."_ele_candidati(id_cons,id_lista,cognome,nome,note,simbolo,num_cand) values ('$id_cons','$id_lista','$cognome','$nome','$note','$simbolo','$num_cand')";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();
+                                $result=$sth->rowCount();
+                                $sql="insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','','ADD:id_lista:$id_lista,cognome:$cognome,nome:$nome','".$prefix."_ele_candidati')";
+                                $sth = $dbi->prepare("$sql");
+                                $sth->execute();
                                         if (!$result) return;
                                         Header("Location: admin.php?op=candidato&id_cons=$id_cons&id_lista=$id_lista&id_cons_gen=$id_cons_gen&id_comune=$id_comune&id_circ=$id_circ&min=$min");
@@ -289 +325 @@
                         }
                 }elseif ($do == "update") {
+                $pro= $sthcan->fetch(PDO::FETCH_BOTH);
                 
-                $pro= mysql_fetch_array($res, MYSQL_ASSOC);
-                $result = mysql_query("select id_gruppo from ".$prefix."_ele_lista where id_lista='$id_lista'", $dbi);
-                list($id_gruppo)=mysql_fetch_row($result);
+                $sql="select id_gruppo from ".$prefix."_ele_lista where id_lista='$id_lista'";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                list($id_gruppo)=$sth->fetch(PDO::FETCH_NUM);
                 $cond='';
                 if (isset($note)) {$cond=", note='$note'";}
                 if (isset($simbolo)) {$cond.=", simbolo='$simbolo'";}
-                $result = mysql_query("update  ".$prefix."_ele_candidati set id_lista='$id_lista', cognome='$cognome', nome='$nome', num_cand='$num_cand' $cond where id_cand='$id_cand' ", $dbi);
-                mysql_query("insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','UPDATE:id_lista:$pro[id_lista],cognome:$pro[cognome],nome:$pro[nome],num_cand:$pro[num_cand]','id_lista:$id_lista,cognome:$cognome,nome:$nome,num_cand:$num_cand','".$prefix."_ele_candidati')", $dbi);
-                if (!$result) return;
-                Header("Location: admin.php?op=candidato&id_cons=$id_cons&id_lista=$id_lista&id_cons_gen=$id_cons_gen&id_comune=$id_comune&id_circ=$id_circ&min=$min");
+                $sql="update  ".$prefix."_ele_candidati set id_lista='$id_lista', cognome='$cognome', nome='$nome', num_cand='$num_cand' $cond where id_cand='$id_cand' ";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                $result=$sth->rowCount();
+                $sql="insert into ".$prefix."_ele_log values ('$id_cons','$id_sez','$username','$data','$tempo','UPDATE:id_lista:$pro[id_lista],cognome:$pro[cognome],nome:$pro[nome],num_cand:$pro[num_cand]','id_lista:$id_lista,cognome:$cognome,nome:$nome,num_cand:$num_cand','".$prefix."_ele_candidati')";
+                $sth = $dbi->prepare("$sql");
+                $sth->execute();
+                if (!$result) {return;}
+#               Header("Location: admin.php?op=candidato&id_cons=$id_cons&id_lista=$id_lista&id_cons_gen=$id_cons_gen&id_comune=$id_comune&id_circ=$id_circ&min=$min");
         }
 
@@ -306 +349 @@
 
 
-
-if ($do and $do!='modify')
+echo "qui si if ($do and $do!='modify')";
+if ($do and $do!='modify'){ele();
     candidato($ok, $do,$id_cand, $id_lista,$id_circ, $id_gruppo,$cognome, $nome, $note, $simbolo,$id_cand2,$num_cand);
-    else ele();
+        } else { ele(); }
 //if (!$do)ele();
 all();