--- a/displayContract.php +++ b/displayContract.php @@ -2,41 +2,46 @@ include_once("./lib/common.inc.php"); include_header("Contract"); -$query = sprintf("SELECT * -FROM `contractnotice` -WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID'])); +$query = 'SELECT * +FROM contractnotice +WHERE "CNID" = :CNID LIMIT 1'; -$result = mysql_query($query); -while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { -setlocale(LC_MONETARY, 'en_US'); -foreach (array_filter($row) as $key => $value) { - echo "<b>$key</b> "; -switch ($key) { -case "supplierName": -case "supplierABN": - echo '<a href="displaySupplier.php?supplier='.$row['supplierABN'].'-'.urlencode($row['supplierName']).'">'.$value."</a>"; - break; -case "agencyName": - echo '<a href="displayAgency.php?agency='.urlencode($value).'">'.$value."</a>"; - break; -case "value": - echo "$".number_format(doubleval($value),2); - break; -default: - echo str_replace(" ","<br>",$value); +$query = $conn->prepare($query); +$query->bindParam(":CNID", $_REQUEST['CNID']); +$query->execute(); +databaseError($conn->errorInfo()); +foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { + setlocale(LC_MONETARY, 'en_US'); + foreach (array_filter($row) as $key => $value) { + echo "<b>$key</b> "; + switch ($key) { + case "supplierName": + case "supplierABN": + echo '<a href="displaySupplier.php?supplier=' . $row['supplierABN'] . '-' . urlencode($row['supplierName']) . '">' . $value . "</a>"; + break; + case "agencyName": + echo '<a href="displayAgency.php?agency=' . urlencode($value) . '">' . $value . "</a>"; + break; + case "value": + echo "$" . number_format(doubleval($value), 2); + break; + default: + echo str_replace(" ", "<br>", $value); + } + echo "<br>"; + } } -echo "<br>"; -} -} -echo '<br><a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=CN'.$_REQUEST['CNID'].'"> View original record @ tenders.gov.au</a><br>'; +echo '<br><a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=CN' . $_REQUEST['CNID'] . '"> View original record @ tenders.gov.au</a><br>'; -mysql_free_result($result); -$query = "SELECT * FROM `heuristic_results` where CNID = ".$_REQUEST['CNID']; -$result = mysql_query($query); -if (!$result) echo mysql_error().$query; -while ($r = mysql_fetch_array($result, MYSQL_ASSOC)) { - echo "<b>{$r['heuristic_name']}</b>: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})<br>"; +$query = 'SELECT * FROM heuristic_results where "CNID" = :CNID'; +$query = $conn->prepare($query); +$agencyName = $input . '%'; +$query->bindParam(":CNID", $_REQUEST['CNID']); +$query->execute(); +databaseError($conn->errorInfo()); +foreach ($query->fetchAll() as $r) { + echo "<b>{$r['heuristic_name']}</b>: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})<br>"; } include_footer();