--- a/displayContract.php
+++ b/displayContract.php
@@ -2,12 +2,17 @@
 
 include_once("./lib/common.inc.php");
 include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE  CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE  "CNID" = :CNID LIMIT 1';
 
-$result = mysql_query($query);
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+  $query->execute();
+  if (!$query) {
+    databaseError($conn->errorInfo());
+  }
+  foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
 setlocale(LC_MONETARY, 'en_US');
 foreach (array_filter($row) as $key => $value) {
 	echo "<b>$key</b>&nbsp;";
@@ -28,9 +33,21 @@
 echo "<br>";
 }
 }
-echo '<a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=CN'.$_REQUEST['CNID'].'"> View original record @ tenders.gov.au</a>';
+echo '<br><a href="https://www.tenders.gov.au/?event=public.advancedsearch.keyword&keyword=CN'.$_REQUEST['CNID'].'"> View original record @ tenders.gov.au</a><br>';
 
-mysql_free_result($result);
+
+$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input.'%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+  $query->execute();
+  if (!$query) {
+    databaseError($conn->errorInfo());
+  }
+  foreach ($query->fetchAll() as $r) {
+	echo "<b>{$r['heuristic_name']}</b>: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})<br>";
+}
+
 include_footer();
 ?>