--- a/displaySupplier.php
+++ b/displaySupplier.php
@@ -1,33 +1,183 @@
 <?php
-include_once ("./lib/common.inc.php");
+
+include_once("./lib/common.inc.php");
 if ($_REQUEST['supplier']) {
-    
-include_header("Supplier");
-  $supplierS = htmlentities(strip_tags($_REQUEST['supplier']));
-  echo '<img src="graphs/displayMethodCountGraph.php?supplier=' . stripslashes($supplierS) . '">';
-   echo '<img src="graphs/displayCnCGraph.php?supplier=' . stripslashes($supplierS) . '">';
-   echo '<img src="graphs/displayMethodValueGraph.php?supplier=' . stripslashes($supplierS) . '">';
-  /*lobbyist ties
-  
-  links to ABR/ASIC/Google News/ASX/Court records
-  
-  total value to various agencies (bar graph)
-  
-  spread procurement methods + percent consultancies + percent confidential (bar graph)
-  
-  spread of contract values
-  
-  spread of industries (textual?)*/
-    $query = "SELECT CNID, description, value, agencyName, category, contractStart, supplierName
-    FROM `contractnotice` WHERE
-    $supplierQ $standardQ
-    ORDER BY value DESC";
-    echo $query;
-  $result = mysql_query($query);
-echo '<img src="graphs/displayMethodCountGraph.php?month=' . stripslashes($supplier) . '">';
-   echo '<img src="graphs/displayCnCGraph.php?month=' . stripslashes($supplier) . '">';
-
-  echo "<table>  <thead>
+    $supplierS = htmlentities(strip_tags($_REQUEST['supplier']));
+    $title = $supplierName;
+    if (isset($supplierABN)) {
+        $query = 'SELECT text_mode("supplierName") AS "supplierName" 
+FROM contractnotice 
+WHERE "supplierABN" = :supplierABN 
+GROUP BY "supplierABN"';
+        $query = $conn->prepare($query);
+        $query->bindParam(":supplierABN", $supplierABN);
+        $query->execute();
+        databaseError($conn->errorInfo());
+        $title = reset($query->fetchAll())['supplierName'];
+    }
+    include_header(str_replace("%", "", $title));
+    echo '<center><h1>' . str_replace("%", "", $title) . '</h1></center>';
+
+if (isset($supplierABN)) {
+    echo "<b>ABN:</b> <a href=\"https://abr.business.gov.au/SearchByAbn.aspx?abn=$supplierABN\">$supplierABN</a>";
+
+    $cleansedName = '%'.cleanseName($title).'%';
+    $query = 'SELECT DISTINCT ON ("supplierABN") "supplierName","supplierABN" FROM contractnotice WHERE "supplierName" ILIKE :cleansedName and "supplierABN" != :supplierABN';
+    $query = $conn->prepare($query);
+    $query->bindParam(":cleansedName", $cleansedName);
+    $query->bindParam(":supplierABN", $supplierABN);
+    $query->execute();
+    databaseError($conn->errorInfo());
+    echo "<br/><b>Similar to:</b> ";
+    foreach ($query->fetchAll() as $row) {
+        echo "<a href='displaySupplier.php?supplier={$row['supplierABN']}-".urlencode($row['supplierName'])."'> {$row['supplierName']} (ABN: {$row['supplierABN']})</a>, ";
+    }
+
+    $query = 'SELECT distinct on (lower("supplierName")) "supplierName" from contractnotice where "supplierABN" = :supplierABN';
+    $query = $conn->prepare($query);
+    $query->bindParam(":supplierABN", $supplierABN);
+    $query->execute();
+    databaseError($conn->errorInfo());
+    $names = Array();
+    foreach ($query->fetchAll() as $row) {
+        $names[cleanseName($row[0])] = $row[0];
+    }
+    if (count($names) < 20) {
+        echo "<br/><b>Also known as:</b> " . implode(', ', array_values($names))."<br/>";
+    } else {
+        echo "<details>
+  <summary>Also known as ...</summary>
+  <p>".implode(', ', array_values($names))."</p>
+</details>";
+    }
+
+}
+
+
+    $query = '
+    SELECT 
+sum((consultancy = \'Yes\')::int) AS consultancy,
+sum(("confidentialityContract" = \'Yes\')::int) AS "confidentialityContract",
+sum(("confidentialityOutputs" = \'Yes\')::int) AS "confidentialityOutputs",
+sum((("procurementMethod" = \'Open\' OR "procurementMethod" = \'Open tender\') AND "SONID" IS null)::int) AS open,
+sum((("procurementMethod" = \'Open\' OR "procurementMethod" = \'Open tender\') AND "SONID" IS NOT null)::int) AS "openSON",
+sum(("procurementMethod" = \'Prequalified tender\' OR "procurementMethod" = \'Select\')::INT) AS prequalified,
+sum(("procurementMethod" = \'Direct\' OR "procurementMethod" = \'Limited tender\')::int) AS limited,
+sum("value") as total_value,
+COUNT(*) AS total
+FROM contractnotice 
+WHERE' . $supplierQ . " " . $yearQ . " " .$standardQ  ;
+    $query = $conn->prepare($query);
+    if (isset($supplierABN)) {
+        $query->bindParam(":supplierABN", $supplierABN);
+    } else {
+        $query->bindParam(":supplierName", $supplierName);
+    }
+    $query->execute();
+    databaseError($conn->errorInfo());
+
+    $stats = reset($query->fetchAll());
+    show_stats($stats);
+
+    $query = 'SELECT category, min("categoryUNSPSC") AS "categoryUNSPSC", count(*) AS count, sum(value) AS value FROM contractnotice 
+  WHERE ' . $supplierQ . " $yearQ $standardQ ". ' GROUP BY category ORDER BY count(*) DESC LIMIT 10';
+    $query = $conn->prepare($query);
+    if (isset($supplierABN)) {
+        $query->bindParam(":supplierABN", $supplierABN);
+    } else {
+        $query->bindParam(":supplierName", $supplierName);
+    }
+    $query->execute();
+    databaseError($conn->errorInfo());
+
+
+    echo "<h3>Categories</h3><table>  <thead>
+    <tr>
+      <th>Category</th>
+      <th>Contracts Count</th>
+      <th>Total Contract Value</th>
+    </tr>
+  </thead>";
+    foreach ($query->fetchAll() as $row) {
+        setlocale(LC_MONETARY, 'en_US');
+        $value = number_format(doubleval($row['value']), 2);
+        $category = urlencode($row['category']);
+        echo("<tr>
+    <td><B><a href='displayCategory.php?category=$category'>{$row['category']}</a></b></td>
+    <td>{$row['count']}</td>
+    <td>\$$value</td>
+    </tr>");
+    }
+    echo "</table><br/>";
+
+
+    /*$query = 'SELECT SUM("value") AS "value", count(*), text_mode(contractnotice."agencyName") AS agencyname FROM contractnotice JOIN agency_nametoabn ON contractnotice."agencyName"=agency_nametoabn."agencyName"
+WHERE ' . $yearQ . ' ' . $supplierQ . ' "childCN" IS NULL 
+GROUP BY abn ORDER BY SUM("value") DESC';*/
+    $query = 'SELECT SUM("value") AS "value", count(*), "agencyName" AS agencyname FROM contractnotice 
+WHERE ' . $yearQ . ' ' . $supplierQ . ' "childCN" IS NULL GROUP BY "agencyName" ORDER BY SUM("value") DESC';
+
+    $query = $conn->prepare($query);
+        if (isset($supplierABN)) {
+            $query->bindParam(":supplierABN", $supplierABN);
+        } else {
+            $query->bindParam(":supplierName", $supplierName);
+        }
+    $query->execute();
+    databaseError($conn->errorInfo());
+
+    echo "<h3>Agencies</h3><table>  <thead>
+    <tr>
+      <th>Agency</th>
+      <th>Contracts Count</th>
+      <th>Total Contract Value</th>
+    </tr>
+  </thead>";
+    foreach ($query->fetchAll() as $row) {
+        setlocale(LC_MONETARY, 'en_US');
+        $value = number_format(doubleval($row['value']), 2);
+        $agency =urlencode($row['agencyname']);
+        echo("<tr>
+    <td><B><a href=\"displayAgency.php?agency=$agency\">{$row['agencyname']}</a></b></td>
+    <td>{$row['count']}</td>
+    <td>\$$value</td>
+    </tr>");
+    }
+    echo "</table><br/>";
+
+    $query = 'SELECT contractnotice."SONID", min(title) AS title, count(*), sum(value) AS value FROM contractnotice INNER JOIN standingoffers ON contractnotice."SONID" = standingoffers."SONID" WHERE ' . $yearQ . ' ' .
+        $supplierQ . ' ' . $standardQ
+        . ' AND contractnotice."SONID" != \'\' GROUP BY contractnotice."SONID"';
+    $query = $conn->prepare($query);
+
+
+    if (isset($supplierABN)) {
+        $query->bindParam(":supplierABN", $supplierABN);
+    } else {
+        $query->bindParam(":supplierName", $supplierName);
+    }
+    $query->execute();
+    databaseError($conn->errorInfo());
+$sonrows = "";
+    foreach ($query->fetchAll() as $row) {
+        setlocale(LC_MONETARY, 'en_US');
+        $value = number_format(doubleval($row['value']), 2);
+        $sonrows .= "<tr>
+    <td><B><a href=\"displaySON.php?SONID={$row['SONID']}\">{$row['title']}</a></b></td>
+    <td>{$row['count']}</td>
+    <td>\$$value</td>
+    </tr>";
+    }
+    if (strlen($sonrows) > 1) {
+        echo "<h3>Standing Offers/Panels</h3><table>  <thead>
+    <tr>
+      <th>Standing Offer</th>
+      <th>Contracts Count</th>
+      <th>Total Contract Value</th>
+    </tr>
+  </thead>$sonrows</table><br/>";
+    }
+    echo "<table><h3>Contracts</h3>  <thead>
     <tr>
       <th>Contract Notice Number</th>
       <th>Contract Description</th>
@@ -37,45 +187,71 @@
       <th>Supplier</th>
     </tr>
   </thead>";
-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
-    setlocale(LC_MONETARY, 'en_US');
-    $value = number_format(doubleval($row['value']) , 2);
-    echo ("<tr>
+    $query = 'SELECT "CNID", "description", "value", "agencyName", "category",
+    "contractStart", "supplierName"
+    FROM contractnotice WHERE ' . $yearQ . ' ' .
+        $supplierQ . ' ' . $standardQ
+        . ' ORDER BY VALUE DESC';
+
+    $query = $conn->prepare($query);
+
+
+    if (isset($supplierABN)) {
+        $query->bindParam(":supplierABN", $supplierABN);
+    } else {
+        $query->bindParam(":supplierName", $supplierName);
+    }
+    $query->execute();
+    databaseError($conn->errorInfo());
+    foreach ($query->fetchAll() as $row) {
+        setlocale(LC_MONETARY, 'en_US');
+        $value = number_format(doubleval($row['value']), 2);
+        echo("<tr>
     <td><a href=\"displayContract.php?CNID={$row['CNID']}\">{$row['CNID']}</a></td>
     <td><b>{$row['description']}</b></a></td>
     <td>\$$value</td><td>{$row['agencyName']}</td>
     <td>{$row['contractStart']}</td>
     <td>{$row['supplierName']}</td>
     </tr>");
-  }
-  echo "</table>";
-  mysql_free_result($result);
+    }
+    echo "</table>";
 } else {
     /*
-     histograph of supplier size/value
-    */
-include_header("Suppliers");
-  $query = "SELECT SUM(value) as val, supplierName, supplierABN
-FROM `contractnotice`
-WHERE childCN = 0
-GROUP BY supplierName
-ORDER BY val DESC
-LIMIT 100";
-  $result = mysql_query($query);
-   echo "<table>  <thead>
-    <tr>
+      histograph of supplier size/value
+     */
+    include_header("Suppliers");
+    suppliersGraph();
+    $query = 'SELECT SUM("value") AS val, text_mode("supplierName") AS supplierName, "supplierABN",(
+ CASE WHEN "supplierABN" != 0 THEN lower("supplierABN"::TEXT) ELSE lower("supplierName") END) AS supplierID 
+FROM contractnotice
+WHERE ' . $yearQ . ' "childCN" IS NULL
+GROUP BY supplierID,"supplierABN"
+ORDER BY val DESC';
+if ($yearQ == '') $query .=' LIMIT 1000';
+    $query = $conn->prepare($query);
+    $query->execute();
+    databaseError($conn->errorInfo());
+if ($query->rowCount() > 999 && $yearQ == '') {
+// if 1000 records warn too many results
+print "<b> More than 1000 results found so only first 1000 shown. Please filter by year to see all results </b>";
+}
+    echo "<table>  <thead>
+    <tr>
+       <th>Position</th>
        <th>Supplier</th>
       <th>Total Contract Value</th>
     </tr>
   </thead>";
-  while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
-    setlocale(LC_MONETARY, 'en_US');
-    $value = number_format(doubleval($row['val']) , 2);
-    $supplier = stripslashes($row['supplierABN'].'-'.$row['supplierName']);
-    echo ("<tr><td><b><a href=\"displaySupplier.php?supplier={$supplier}\">".ucsmart($row['supplierName'])."</a></b></td><td>\$$value</td></tr>\n");
-  }
-  echo "</table>";
-  mysql_free_result($result);
+    $i = 1;
+    foreach ($query->fetchAll() as $row) {
+        setlocale(LC_MONETARY, 'en_US');
+        $value = number_format(doubleval($row['val']), 2);
+        $supplier = stripslashes($row['supplierABN'] . '-' . $row['suppliername']);
+        echo("<tr><td>$i</td><td><b><a href=\"displaySupplier.php?supplier={$supplier}\">" . ucsmart($row['suppliername']) . "</a></b></td><td>\$$value</td></tr>\n");
+        $i++;
+    }
+    echo "</table>";
 }
 include_footer();
 ?>
+