exit;
}
if (isset($_GET['auction_id'])) {
$auction_id = mysqli_real_escape_string($link, $_GET['auction_id']);
//sanitize auction_id input
} else {
$auction_id = $_SESSION['AUCTION_INFO']->getAuctionId();
}
$auction_query = mysqli_query($link, "SELECT * FROM auctions WHERE auction_id='{$auction_id}'");
$auction = new Auction();
if ($auction_query !== null) {
while ($row = mysqli_fetch_array($auction_query)) {
$auction->setAuctionId($row['auction_id']);
$auction->setAuctionTitle($row['auction_title']);
$auction->setAuctionDesc($row['auction_desc']);
$auction->setISBN($row['isbn']);
$auction->setBINPrice($row['bin_price']);
$auction->setStartBidPrice($row['start_bid_price']);
$auction->setUserId($row['user_id']);
$auction->setCreationTime($row['auction_creation_time']);
$auction->setEndTime($row['auction_end_time']);
$auction->setAuctionEnded($row['auction_ended']);
$auction->setWinnerUserName($row['winner_username']);
}
}
$user_id = $auction->getUserId();
$user_query = mysqli_query($link, "SELECT * FROM users WHERE id={$user_id}");
if ($user_query !== null) {
while ($row = mysqli_fetch_array($user_query)) {
$auction->setSellerUserName($row['username']);
$auction->setSellerDisplayName($row['displayname']);