SQL injection vulnerabilities

[FabosaurusRex]

Swap SQL queries to prepared statements wherever possible to harden against SQL injections.

[MPZinke]

SQL issues #29, #30 were implemented into one branch #30-SQL-Protection.
Currently waiting testing ("may the odds be ever in your favor")

[FabosaurusRex]

Needs to be fixed and ready for testing by Oct. 12.

[FabosaurusRex]

Loading code branch onto Dev server causes crash. Error log contents:

15:46:07.786510 2020] [proxy_fcgi:error] [pid 29121] [client 129.107.71.214:41182] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n'
[Tue Oct 13 15:46:12.862093 2020] [proxy_fcgi:error] [pid 29121] [client 129.107.71.214:41416] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n'
[Tue Oct 13 15:46:12.903812 2020] [proxy_fcgi:error] [pid 17086] [client 129.107.71.214:41422] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n'
[Tue Oct 13 15:47:07.391615 2020] [proxy_fcgi:error] [pid 17042] [client 129.107.153.185:64969] AH01071: Got error 'PHP message: PHP Notice: Undefined variable: results in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\nPHP message: PHP Fatal error: Uncaught Error: Call to a member function fetch_assoc() on null in /opt/www/fabapp-dev.uta.edu/class/Status.php:24\nStack trace:\n#0 /opt/www/fabapp-dev.uta.edu/class/all_classes.php(12): include_once()\n#1 /opt/www/fabapp-dev.uta.edu/pages/header.php(35): include_once('/opt/www/fabapp...')\n#2 /opt/www/fabapp-dev.uta.edu/index.php(6): include_once('/opt/www/fabapp...')\n#3 {main}\n thrown in /opt/www/fabapp-dev.uta.edu/class/Status.php on line 24\n', referer: https://fabapp-dev.uta.edu/index.php

[MPZinke]

Another Local-Dev vs Dev server incompatibility.
On Dev-server, assert functions cannot receive declarations as a check (EG assert($foo = bar()); is invalid.
All asserts have been changed so that they receive a single variable and declarations occur prior to assert call.

[MPZinke]

What is the status of this? Is any additional help needed?