--- a/lib/common.inc.php
+++ b/lib/common.inc.php
@@ -1,27 +1,31 @@
 <?php
 date_default_timezone_set("Australia/ACT");
 
-require_once ('jpgraph/jpgraph.php');
-require_once ('jpgraph/jpgraph_line.php');
-require_once ('jpgraph/jpgraph_log.php');
-require_once ('jpgraph/jpgraph_mgraph.php');
-require_once ('jpgraph/jpgraph_pie.php');
-require_once ('jpgraph/jpgraph_bar.php');
-require_once ('jpgraph/jpgraph_date.php');
-
 error_reporting(E_ALL ^ E_NOTICE);
 
 
-$link = mysql_connect('localhost', 'root', '');
-if (!$link) {
-  die('Could not connect: ' . mysql_error());
-}
-@mysql_select_db("contractDashboard") or die("Unable to select database");
+$conn = new PDO("pgsql:dbname=contractDashboard;user=postgres;password=snmc;host=localhost");
+
+if (!$conn) {
+	die("A database error occurred.\n");
+}
+
+//    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+function databaseError($errMsg)
+{
+	die($errMsg);
+}
 
 function ucsmart($str) {
-  return preg_replace("/(?<=(?<!:|’s)\W)
+  $shortWords = Array("The","Pty","Ltd","Inc","Red","Oil","A","An","And","At","For","In"
+		      ,"Of","On","Or","The","To","With");
+  $strArray =  explode(" ",preg_replace("/(?<=(?<!:|’s)\W)
             (A|An|And|At|For|In|Of|On|Or|The|To|With)
-            (?=\W)/e", 'strtolower("$1")', ucwords(strtolower($str)));
+            (?=\W)/e", 'strtolower("$1")', ucwords(strtolower($str))));
+  foreach($strArray as &$word) {
+    if (strlen($word) <= 4 && !in_array($word,$shortWords)) $word = strtoupper($word);
+  }
+  return implode(" ",$strArray);
 }
 
 function percent($num_amount, $num_total) {
@@ -37,18 +41,23 @@
   return $totale; 
  }
 // magic query modifiers
-$agency = mysql_real_escape_string(stripslashes($_REQUEST['agency']));
+$agency = filter_var($_REQUEST['agency'], FILTER_SANITIZE_STRING);
 if ($agency != "") $agencyQ = "agencyName = '" . $agency . "' AND ";
-$supplier = mysql_real_escape_string(stripslashes($_REQUEST['supplier']));
+
+$supplier = filter_var($_REQUEST['supplier'], FILTER_SANITIZE_STRING);
 if ($supplier != "") {
   $supplierParts = explode("-", $supplier);
-  if ($supplierParts[0] > 0) $supplierQ = "supplierABN = '" . $supplierParts[0] . "' AND ";
-  else $supplierQ = "supplierName LIKE '%" . $supplierParts[1] . "%' AND ";
-}
+  $supplierName = "%".$supplierParts[1]."%";
+  $supplierABN = $supplierParts[0];
+  if ($supplierParts[0] > 0) $supplierQ = ' "supplierABN" = :supplierABN AND ';
+  else $supplierQ = ' "supplierName" LIKE :supplierName AND ';
+}
+
 $startYear = 2007;
-$year = mysql_real_escape_string(stripslashes($_REQUEST['year']));
+$year = filter_var($_REQUEST['year'], FILTER_SANITIZE_NUMBER_INT);
 if ($year != "") $yearQ = "YEAR(publishDate) = " . $year . " AND ";
-$standardQ = "childCN = 0 AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010";
+
+$standardQ = ' "childCN" = 0 '; // AND YEAR(contractStart) >= 2007 AND YEAR(contractStart) <= 2010';
 $start =0.0;
 
 function include_header($title) {
@@ -58,7 +67,7 @@
 "http://www.w3.org/TR/html4/strict.dtd"> 
 <html>
     <head>
-        <title>Contract Dashboard - <?=$title?></title>
+        <title>Contract Dashboard - <?php echo $title; ?></title>
         <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/2.8.0r4/build/reset-fonts-grids/reset-fonts-grids.css"> 
 
             <script type="text/javascript" src="lib/bsn.AutoSuggest_2.1.3_comp.js" charset="utf-8"></script>

