--- a/displaySupplier.php
+++ b/displaySupplier.php
@@ -18,12 +18,20 @@
   spread of contract values
   
   spread of industries (textual?)*/
-    $query = "SELECT CNID, description, value, agencyName, category, contractStart, supplierName
-    FROM `contractnotice` WHERE
-    $supplierQ $standardQ
-    ORDER BY value DESC";
+    $query = 'SELECT "CNID", "description", "value", "agencyName", "category",
+    "contractStart", "supplierName"
+    FROM contractnotice WHERE '.
+    $supplierQ.' '.$standardQ
+    .' ORDER BY value DESC';
     echo $query;
-  $result = mysql_query($query);
+$query = $conn->prepare($query);
+
+//$query->bindParam(":supplierName", $supplierName);
+$query->bindParam(":supplierABN", $supplierABN);
+	$query->execute();
+	if (!$query) {
+		databaseError($conn->errorInfo());
+	}
 echo '<img src="graphs/displayMethodCountGraph.php?month=' . stripslashes($supplier) . '">';
    echo '<img src="graphs/displayCnCGraph.php?month=' . stripslashes($supplier) . '">';
 
@@ -37,7 +45,7 @@
       <th>Supplier</th>
     </tr>
   </thead>";
-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
+  foreach ($query->fetchAll() as $row) {
     setlocale(LC_MONETARY, 'en_US');
     $value = number_format(doubleval($row['value']) , 2);
     echo ("<tr>
@@ -49,19 +57,23 @@
     </tr>");
   }
   echo "</table>";
-  mysql_free_result($result);
 } else {
     /*
      histograph of supplier size/value
     */
 include_header("Suppliers");
-  $query = "SELECT SUM(value) as val, supplierName, supplierABN,  IF(supplierABN != '',supplierABN,supplierName) as supplierID 
-FROM `contractnotice`
-WHERE childCN = 0
-GROUP BY supplierID
+  $query = 'SELECT SUM("value") as val, MAX("supplierName") as supplierName, "supplierABN",(
+ case when "supplierABN" != 0 THEN "supplierABN"::text ELSE "supplierName" END) as supplierID 
+FROM contractnotice
+WHERE "childCN" = 0
+GROUP BY supplierID,"supplierABN"
 ORDER BY val DESC
-LIMIT 100";
-  $result = mysql_query($query);
+LIMIT 100';
+$query = $conn->prepare($query);
+	$query->execute();
+	if (!$query) {
+		databaseError($conn->errorInfo());
+	}
    echo "<table>  <thead>
     <tr>
        <th>Position</th>
@@ -70,15 +82,14 @@
     </tr>
   </thead>";
 $i = 1;
-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
+  foreach ($query->fetchAll() as $row) {
     setlocale(LC_MONETARY, 'en_US');
     $value = number_format(doubleval($row['val']) , 2);
-    $supplier = stripslashes($row['supplierABN'].'-'.$row['supplierName']);
-    echo ("<tr><td>$i</td><td><b><a href=\"displaySupplier.php?supplier={$supplier}\">".ucsmart($row['supplierName'])."</a></b></td><td>\$$value</td></tr>\n");
+    $supplier = stripslashes($row['supplierABN'].'-'.$row['suppliername']);
+    echo ("<tr><td>$i</td><td><b><a href=\"displaySupplier.php?supplier={$supplier}\">".ucsmart($row['suppliername'])."</a></b></td><td>\$$value</td></tr>\n");
     $i++;
   }
   echo "</table>";
-  mysql_free_result($result);
 }
 include_footer();
 ?>