} elseif ($action == "unsell") { $category = "0"; $state = "Active"; } else { $category = ''; } $sql = $dbconn->prepare("SELECT * FROM `textbooks` WHERE `BookId` = :id"); $sql->bindParam(":id", $id); $sql->execute(); $result = $sql->fetch(PDO::FETCH_ASSOC); if ($action == "hide") { $category = $result['CategoryId']; $state = "Hidden"; } elseif ($action == "active") { $category = $result['CategoryId']; $state = "Active"; } if ($result['CategoryId'] == $category && $result['UserId'] == $_SESSION['Username']) { try { $sql = $dbconn->prepare("UPDATE `textbooks` SET `State`=:state WHERE `BookId` = :id"); $sql->bindParam(":id", $id); $sql->bindParam(":state", $state); $result = $sql->execute(); if ($result) { header('location: ../myuploads.php'); } } catch (PDOException $e) { errorHandle($e); } } }
<?php ini_set('display_errors', '0'); include_once "scripts/connect.php"; include_once "scripts/functions.php"; $id = 4; $uid = 1; //avoid sql injection and other exploiters tecniches $stmt = $db->prepare("SELECT pTitle from PRODUCT pId=:id"); //bind the variable value $stmt->bindParam(':id', $id, PDO::PARAM_STR); try { $stmt->execute(); } catch (PDOException $e) { echo errorHandle($e); } while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { print_r($row); }