--- a/displayAgency.php +++ b/displayAgency.php @@ -4,9 +4,9 @@ include_header("Agency"); $agency = htmlentities(strip_tags($_REQUEST['agency'])); - echo '<img src="graphs/displayMethodCountGraph.php?agency=' . stripslashes($agency) . '">'; - echo '<img src="graphs/displayCnCGraph.php?agency=' . stripslashes($agency) . '">'; - echo '<img src="graphs/displayMethodValueGraph.php?agency=' . stripslashes($agency) . '">'; + MethodCountGraph($agency); + CnCGraph($agency); + MethodValueGraph($agency); /*biggest contracts spending by year spending by industry/category @@ -24,12 +24,17 @@ Histograph, overlaying number value reported per week over X years Compliance statistics: amendments, delay in reporting average and number completely late*/ - $query = "SELECT CNID, description, value, agencyName, category, contractStart, supplierName - FROM `contractnotice` - WHERE agencyName = '".mysql_real_escape_string($agency)."' - ORDER BY value DESC"; - echo $query; - $result = mysql_query($query); + $query = 'SELECT "CNID", "description", "value", "agencyName", "category", + "contractStart", "supplierName" + FROM contractnotice + WHERE "agencyName" = :agency + ORDER BY "value" DESC'; +$query = $conn->prepare($query); +$query->bindParam(":agency", $agency); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); + } echo "<table> <thead> <tr> @@ -41,7 +46,7 @@ <th>Supplier</th> </tr> </thead>"; - while ($row = mysql_fetch_array($result, MYSQL_BOTH)) { + foreach ($query->fetchAll() as $row) { setlocale(LC_MONETARY, 'en_US'); $value = number_format(doubleval($row['value']) , 2); echo ("<tr> @@ -53,31 +58,34 @@ </tr>"); } echo "</table>"; - mysql_free_result($result); } else { /* split by portfolio */ include_header("Agencies"); - $query = "SELECT SUM(value), agencyName -FROM `contractnotice` -WHERE childCN = 0 -GROUP BY agencyName "; - $result = mysql_query($query); +agenciesGraph(); + $query = 'SELECT SUM("value"), "agencyName" +FROM contractnotice +WHERE "childCN" = 0 +GROUP BY "agencyName" '; +$query = $conn->prepare($query); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); + } echo "<table> <thead> <tr> <th>Agency</th> <th>Total Contracts Value</th> </tr> </thead>"; - while ($row = mysql_fetch_array($result, MYSQL_BOTH)) { + foreach ($query->fetchAll() as $row) { setlocale(LC_MONETARY, 'en_US'); $value = number_format(doubleval($row[0]) , 2); $agency = stripslashes($row[1]); echo ("<tr><td><b><a href=\"displayAgency.php?agency={$agency}\">{$agency}</a></b></td><td>\$$value</td></tr>\n"); } echo "</table>"; - mysql_free_result($result); } include_footer(); ?>