--- a/displayContract.php
+++ b/displayContract.php
@@ -2,41 +2,46 @@
include_once("./lib/common.inc.php");
include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE "CNID" = :CNID LIMIT 1';
-$result = mysql_query($query);
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
-setlocale(LC_MONETARY, 'en_US');
-foreach (array_filter($row) as $key => $value) {
- echo "$key ";
-switch ($key) {
-case "supplierName":
-case "supplierABN":
- echo ''.$value."";
- break;
-case "agencyName":
- echo ''.$value."";
- break;
-case "value":
- echo "$".number_format(doubleval($value),2);
- break;
-default:
- echo str_replace(" ","
",$value);
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+$query->execute();
+databaseError($conn->errorInfo());
+foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
+ setlocale(LC_MONETARY, 'en_US');
+ foreach (array_filter($row) as $key => $value) {
+ echo "$key ";
+ switch ($key) {
+ case "supplierName":
+ case "supplierABN":
+ echo '' . $value . "";
+ break;
+ case "agencyName":
+ echo '' . $value . "";
+ break;
+ case "value":
+ echo "$" . number_format(doubleval($value), 2);
+ break;
+ default:
+ echo str_replace(" ", "
", $value);
+ }
+ echo "
";
+ }
}
-echo "
";
-}
-}
-echo '
View original record @ tenders.gov.au
';
+echo '
View original record @ tenders.gov.au
';
-mysql_free_result($result);
-$query = "SELECT * FROM `heuristic_results` where CNID = ".$_REQUEST['CNID'];
-$result = mysql_query($query);
-if (!$result) echo mysql_error().$query;
-while ($r = mysql_fetch_array($result, MYSQL_ASSOC)) {
- echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
+$query = 'SELECT * FROM heuristic_results where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input . '%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+$query->execute();
+databaseError($conn->errorInfo());
+foreach ($query->fetchAll() as $r) {
+ echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
}
include_footer();