--- a/displayContract.php +++ b/displayContract.php @@ -2,12 +2,17 @@ include_once("./lib/common.inc.php"); include_header("Contract"); -$query = sprintf("SELECT * -FROM `contractnotice` -WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID'])); +$query = 'SELECT * +FROM contractnotice +WHERE "CNID" = :CNID LIMIT 1'; -$result = mysql_query($query); -while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { +$query = $conn->prepare($query); +$query->bindParam(":CNID", $_REQUEST['CNID']); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); + } + foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { setlocale(LC_MONETARY, 'en_US'); foreach (array_filter($row) as $key => $value) { echo "<b>$key</b> "; @@ -30,12 +35,16 @@ } echo '<br><a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=CN'.$_REQUEST['CNID'].'"> View original record @ tenders.gov.au</a><br>'; -mysql_free_result($result); -$query = "SELECT * FROM `heuristic_results` where CNID = ".$_REQUEST['CNID']; -$result = mysql_query($query); -if (!$result) echo mysql_error().$query; -while ($r = mysql_fetch_array($result, MYSQL_ASSOC)) { +$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID'; +$query = $conn->prepare($query); +$agencyName = $input.'%'; +$query->bindParam(":CNID", $_REQUEST['CNID']); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); + } + foreach ($query->fetchAll() as $r) { echo "<b>{$r['heuristic_name']}</b>: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})<br>"; }