--- a/displayContract.php +++ b/displayContract.php @@ -2,20 +2,52 @@ include_once("./lib/common.inc.php"); include_header("Contract"); -$query = sprintf("SELECT * -FROM `contractnotice` -WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID'])); +$query = 'SELECT * +FROM contractnotice +WHERE "CNID" = :CNID LIMIT 1'; -$result = mysql_query($query); -echo "
"; -while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { +$query = $conn->prepare($query); +$query->bindParam(":CNID", $_REQUEST['CNID']); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); + } + foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) { setlocale(LC_MONETARY, 'en_US'); -$value = number_format(doubleval($row['value']),2); -echo(print_r(array_filter($row),true)); +foreach (array_filter($row) as $key => $value) { + echo "$key "; +switch ($key) { +case "supplierName": +case "supplierABN": + echo ''.$value.""; + break; +case "agencyName": + echo ''.$value.""; + break; +case "value": + echo "$".number_format(doubleval($value),2); + break; +default: + echo str_replace(" ",""; -echo ' View original record @ tenders.gov.au'; +echo "
",$value); } -echo "