--- a/displayContract.php
+++ b/displayContract.php
@@ -2,20 +2,48 @@
include_once("./lib/common.inc.php");
include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE "CNID" = :CNID LIMIT 1';
-$result = mysql_query($query);
-echo "";
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
-setlocale(LC_MONETARY, 'en_US');
-$value = number_format(doubleval($row['value']),2);
-echo(print_r(array_filter($row),true));
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+$query->execute();
+databaseError($conn->errorInfo());
+foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
+ setlocale(LC_MONETARY, 'en_US');
+ foreach (array_filter($row) as $key => $value) {
+ echo "$key ";
+ switch ($key) {
+ case "supplierName":
+ case "supplierABN":
+ echo '' . $value . "";
+ break;
+ case "agencyName":
+ echo '' . $value . "";
+ break;
+ case "value":
+ echo "$" . number_format(doubleval($value), 2);
+ break;
+ default:
+ echo str_replace(" ", "
", $value);
+ }
+ echo "
";
+ }
}
-echo "";
-echo ' View original record @ tenders.gov.au';
+echo '
View original record @ tenders.gov.au
';
-mysql_free_result($result);
+
+$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input . '%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+$query->execute();
+databaseError($conn->errorInfo());
+foreach ($query->fetchAll() as $r) {
+ echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
+}
+
include_footer();
-?>
+?>
+