--- a/displayContract.php
+++ b/displayContract.php
@@ -2,12 +2,17 @@
include_once("./lib/common.inc.php");
include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE "CNID" = :CNID LIMIT 1';
-$result = mysql_query($query);
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
setlocale(LC_MONETARY, 'en_US');
foreach (array_filter($row) as $key => $value) {
echo "$key ";
@@ -28,9 +33,21 @@
echo "
";
}
}
-echo ' View original record @ tenders.gov.au';
+echo '
View original record @ tenders.gov.au
';
-mysql_free_result($result);
+
+$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input.'%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll() as $r) {
+ echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
+}
+
include_footer();
?>