--- a/displayContract.php
+++ b/displayContract.php
@@ -2,20 +2,52 @@
include_once("./lib/common.inc.php");
include_header("Contract");
-$query = sprintf("SELECT *
-FROM `contractnotice`
-WHERE CNID = '%d'", mysql_real_escape_string($_REQUEST['CNID']));
+$query = 'SELECT *
+FROM contractnotice
+WHERE "CNID" = :CNID LIMIT 1';
-$result = mysql_query($query);
-echo "";
-while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
+$query = $conn->prepare($query);
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll(PDO::FETCH_ASSOC) as $row) {
setlocale(LC_MONETARY, 'en_US');
-$value = number_format(doubleval($row['value']),2);
-echo(print_r(array_filter($row),true));
+foreach (array_filter($row) as $key => $value) {
+ echo "$key ";
+switch ($key) {
+case "supplierName":
+case "supplierABN":
+ echo ''.$value."";
+ break;
+case "agencyName":
+ echo ''.$value."";
+ break;
+case "value":
+ echo "$".number_format(doubleval($value),2);
+ break;
+default:
+ echo str_replace(" ","
",$value);
}
-echo "";
-echo ' View original record @ tenders.gov.au';
+echo "
";
+}
+}
+echo '
View original record @ tenders.gov.au
';
-mysql_free_result($result);
+
+$query = 'SELECT * FROM `heuristic_results` where "CNID" = :CNID';
+$query = $conn->prepare($query);
+$agencyName = $input.'%';
+$query->bindParam(":CNID", $_REQUEST['CNID']);
+ $query->execute();
+ if (!$query) {
+ databaseError($conn->errorInfo());
+ }
+ foreach ($query->fetchAll() as $r) {
+ echo "{$r['heuristic_name']}: {$r['heuristic_value']} (raw value: {$r['raw_value']}, mean: {$r['mean']}, stddev: {$r['stddev']})
";
+}
+
include_footer();
-?>
+?>
+