--- a/displayContract.php +++ b/displayContract.php @@ -2,20 +2,48 @@ include_once("./lib/common.inc.php"); include_header("Contract"); -$query = sprintf("SELECT * -FROM `contractnotice` -WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID'])); +$query = 'SELECT * +FROM contractnotice +WHERE "CNID" = :CNID LIMIT 1'; -$result = mysql_query($query); -echo "
"; -while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { -setlocale(LC_MONETARY, 'en_US'); -$value = number_format(doubleval($row['value']),2); -echo(print_r(array_filter($row),true)); +$query = $conn->prepare($query); +$query->bindParam(":CNID", $_REQUEST['CNID']); +$query->execute(); +databaseError($conn->errorInfo()); +foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { + setlocale(LC_MONETARY, 'en_US'); + foreach (array_filter($row) as $key => $value) { + echo "$key "; + switch ($key) { + case "supplierName": + case "supplierABN": + echo '' . $value . ""; + break; + case "agencyName": + echo '' . $value . ""; + break; + case "value": + echo "$" . number_format(doubleval($value), 2); + break; + default: + echo str_replace(" ", ""; -echo ' View original record @ tenders.gov.au'; +echo '
", $value); + } + echo "
"; + } } -echo "