--- a/displayContract.php
+++ b/displayContract.php
@@ -2,12 +2,17 @@
include_once("./lib/common.inc.php");
include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE "CNID" = :CNID LIMIT 1';
-$result = mysql_query($query);
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
setlocale(LC_MONETARY, 'en_US');
foreach (array_filter($row) as $key => $value) {
echo "$key ";
@@ -30,12 +35,16 @@
}
echo '
View original record @ tenders.gov.au
';
-mysql_free_result($result);
-$query = "SELECT * FROM `heuristic_results` where CNID = ".$_REQUEST['CNID'];
-$result = mysql_query($query);
-if (!$result) echo mysql_error().$query;
-while ($r = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input.'%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll() as $r) {
echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
}