--- a/displayAgency.php
+++ b/displayAgency.php
@@ -24,12 +24,17 @@
   Histograph, overlaying number value reported per week over X years

   Compliance statistics: amendments, delay in reporting average and number completely late*/

   

-    $query = "SELECT CNID, description, value, agencyName, category, contractStart, supplierName

-    FROM `contractnotice`

-    WHERE agencyName = '".mysql_real_escape_string($agency)."'

-    ORDER BY value DESC";

-    echo $query;

-  $result = mysql_query($query);

+    $query = 'SELECT "CNID", "description", "value", "agencyName", "category",

+    "contractStart", "supplierName"

+    FROM contractnotice

+    WHERE "agencyName" = :agency

+    ORDER BY "value" DESC';

+$query = $conn->prepare($query);

+$query->bindParam(":agency", $agency);

+	$query->execute();

+	if (!$query) {

+		databaseError($conn->errorInfo());

+	}

 

   echo "<table>  <thead>

     <tr>

@@ -41,7 +46,7 @@
       <th>Supplier</th>

     </tr>

   </thead>";

-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {

+  foreach ($query->fetchAll() as $row) {

     setlocale(LC_MONETARY, 'en_US');

     $value = number_format(doubleval($row['value']) , 2);

     echo ("<tr>

@@ -53,31 +58,33 @@
     </tr>");

   }

   echo "</table>";

-  mysql_free_result($result);

 } else {

     /*

      split by portfolio

     */

 include_header("Agencies");

-  $query = "SELECT SUM(value), agencyName

-FROM `contractnotice`

-WHERE childCN = 0

-GROUP BY agencyName ";

-  $result = mysql_query($query);

+  $query = 'SELECT SUM("value"), "agencyName"

+FROM contractnotice

+WHERE "childCN" = 0

+GROUP BY "agencyName" ';

+$query = $conn->prepare($query);

+	$query->execute();

+	if (!$query) {

+		databaseError($conn->errorInfo());

+	}

   echo "<table>  <thead>

     <tr>

       <th>Agency</th>

       <th>Total Contracts Value</th>

     </tr>

   </thead>";

-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {

+  foreach ($query->fetchAll() as $row) {

     setlocale(LC_MONETARY, 'en_US');

     $value = number_format(doubleval($row[0]) , 2);

     $agency = stripslashes($row[1]);

     echo ("<tr><td><b><a href=\"displayAgency.php?agency={$agency}\">{$agency}</a></b></td><td>\$$value</td></tr>\n");

   }

   echo "</table>";

-  mysql_free_result($result);

 }

 include_footer();

 ?>