[contractdashboard.git] / lib / common.inc.php
--- a/lib/common.inc.php
+++ b/lib/common.inc.php
@@ -1,27 +1,31 @@
 <?php

 date_default_timezone_set("Australia/ACT");

 

-require_once ('jpgraph/jpgraph.php');

-require_once ('jpgraph/jpgraph_line.php');

-require_once ('jpgraph/jpgraph_log.php');

-require_once ('jpgraph/jpgraph_mgraph.php');

-require_once ('jpgraph/jpgraph_pie.php');

-require_once ('jpgraph/jpgraph_bar.php');

-require_once ('jpgraph/jpgraph_date.php');

-

 error_reporting(E_ALL ^ E_NOTICE);

 

 

-$link = mysql_connect('localhost', 'root', '');

-if (!$link) {

-  die('Could not connect: ' . mysql_error());

-}

-@mysql_select_db("contractDashboard") or die("Unable to select database");

+$conn = new PDO("pgsql:dbname=contractDashboard;user=postgres;password=snmc;host=localhost");

+

+if (!$conn) {

+	die("A database error occurred.\n");

+}

+

+//    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

+function databaseError($errMsg)

+{

+	die($errMsg);

+}

 

 function ucsmart($str) {

-  return preg_replace("/(?<=(?<!:|’s)\W)

+  $shortWords = Array("The","Pty","Ltd","Inc","Red","Oil","A","An","And","At","For","In"

+		      ,"Of","On","Or","The","To","With");

+  $strArray =  explode(" ",preg_replace("/(?<=(?<!:|’s)\W)

             (A|An|And|At|For|In|Of|On|Or|The|To|With)

-            (?=\W)/e", 'strtolower("$1")', ucwords(strtolower($str)));

+            (?=\W)/e", 'strtolower("$1")', ucwords(strtolower($str))));

+  foreach($strArray as &$word) {

+    if (strlen($word) <= 4 && !in_array($word,$shortWords)) $word = strtoupper($word);

+  }

+  return implode(" ",$strArray);

 }

 

 function percent($num_amount, $num_total) {

@@ -37,18 +41,23 @@
   return $totale; 

  }

 // magic query modifiers

-$agency = mysql_real_escape_string(stripslashes($_REQUEST['agency']));

+$agency = filter_var($_REQUEST['agency'], FILTER_SANITIZE_STRING);

 if ($agency != "") $agencyQ = "agencyName = '" . $agency . "' AND ";

-$supplier = mysql_real_escape_string(stripslashes($_REQUEST['supplier']));

+

+$supplier = filter_var($_REQUEST['supplier'], FILTER_SANITIZE_STRING);

 if ($supplier != "") {

   $supplierParts = explode("-", $supplier);

-  if ($supplierParts[0] > 0) $supplierQ = "supplierABN = '" . $supplierParts[0] . "' AND ";

-  else $supplierQ = "supplierName LIKE '%" . $supplierParts[1] . "%' AND ";

-}

+  $supplierName = "%".$supplierParts[1]."%";

+  $supplierABN = $supplierParts[0];

+  if ($supplierParts[0] > 0) $supplierQ = ' "supplierABN" = :supplierABN AND ';

+  else $supplierQ = ' "supplierName" LIKE :supplierName AND ';

+}

+

 $startYear = 2007;

-$year = mysql_real_escape_string(stripslashes($_REQUEST['year']));

+$year = filter_var($_REQUEST['year'], FILTER_SANITIZE_NUMBER_INT);

 if ($year != "") $yearQ = "YEAR(publishDate) = " . $year . " AND ";

-$standardQ = "childCN = 0 AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010";

+

+$standardQ = ' "childCN" = 0 '; // AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010';

 $start =0.0;

 

 function include_header($title) {

@@ -58,7 +67,7 @@
 "http://www.w3.org/TR/html4/strict.dtd"> 

 <html>

     <head>

-        <title>Contract Dashboard - <?=$title?></title>

+        <title>Contract Dashboard - <?php echo $title; ?></title>

         <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.8.0r4/build/reset-fonts-grids/reset-fonts-grids.css"> 

 

             <script type="text/javascript" src="lib/bsn.AutoSuggest_2.1.3_comp.js" charset="utf-8"></script>