예제 #1
0
     exit;
 }
 if (isset($_GET['auction_id'])) {
     $auction_id = mysqli_real_escape_string($link, $_GET['auction_id']);
     //sanitize auction_id input
 } else {
     $auction_id = $_SESSION['AUCTION_INFO']->getAuctionId();
 }
 $auction_query = mysqli_query($link, "SELECT * FROM auctions WHERE auction_id='{$auction_id}'");
 $auction = new Auction();
 if ($auction_query !== null) {
     while ($row = mysqli_fetch_array($auction_query)) {
         $auction->setAuctionId($row['auction_id']);
         $auction->setAuctionTitle($row['auction_title']);
         $auction->setAuctionDesc($row['auction_desc']);
         $auction->setISBN($row['isbn']);
         $auction->setBINPrice($row['bin_price']);
         $auction->setStartBidPrice($row['start_bid_price']);
         $auction->setUserId($row['user_id']);
         $auction->setCreationTime($row['auction_creation_time']);
         $auction->setEndTime($row['auction_end_time']);
         $auction->setAuctionEnded($row['auction_ended']);
         $auction->setWinnerUserName($row['winner_username']);
     }
 }
 $user_id = $auction->getUserId();
 $user_query = mysqli_query($link, "SELECT * FROM users WHERE id={$user_id}");
 if ($user_query !== null) {
     while ($row = mysqli_fetch_array($user_query)) {
         $auction->setSellerUserName($row['username']);
         $auction->setSellerDisplayName($row['displayname']);