Fix problem with -empty- user and unknown country in treasurer interface.

Author: thisismeonmounteverest

build/admin/treasurer/admintreasurer.ctrl.php

@@ -78,7 +78,7 @@ public function treasurerEditCreateDonationCallback(StdClass $args, ReadOnlyObje
         $id = $vars['id'];
         if ($id == 0) {
             $memberId = $vars['IdMember'] != 0 ? $vars['IdMember'] : null;
-            $success = $this->model->createDonation($vars['IdMember'], $vars['DonatedOn'],
+            $success = $this->model->createDonation($memberId, $vars['DonatedOn'],
                 $vars['donate-amount'], $vars['donate-comment'], $countryid);
         } else {
             $success = $this->model->updateDonation($id, $vars['IdMember'], $vars['DonatedOn'],

build/admin/treasurer/admintreasurer.model.php

@@ -73,25 +73,29 @@ public function getCountryCodeForGeonameId($geonameid) {
     }
 
     public function createDonation($memberid, $donatedon, $amount, $comment, $countryid) {
-        $query = "
+        $statement = $this->dao->prepare("
             INSERT INTO
                 donations
             SET
-                IdMember = " . $memberid . ",
+                IdMember = ?,
                 Email = '',
                 StatusPrivate = 'showamountonly',
-                created = '" .  $donatedon . "',
-                Amount = " . $amount . ",
+                created = ?,
+                Amount = ?,
                 Money = '',
-                IdCountry = " . $countryid . ",
+                IdCountry = ?,
                 namegiven = '',
                 referencepaypal = '',
                 membercomment = '',
-                SystemComment = '" . $this->dao->escape($comment) . "'";
-        $affected = $this->dao->exec($query);
-        if ($affected != 1) {
-            return false;
-        }
+                SystemComment = ?
+        ");
+        $statement->bindParam(1, $memberid);
+        $statement->bindParam(2, $donatedon);
+        $statement->bindParam(3, $amount);
+        $statement->bindParam(4, $countryid);
+        $statement->bindParam(5, $comment);
+        $statement->execute();
+
         return true;
     }