if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } if (isset($_GET['auction_id'])) { $auction_id = mysqli_real_escape_string($link, $_GET['auction_id']); //sanitize auction_id input } else { $auction_id = $_SESSION['AUCTION_INFO']->getAuctionId(); } $auction_query = mysqli_query($link, "SELECT * FROM auctions WHERE auction_id='{$auction_id}'"); $auction = new Auction(); if ($auction_query !== null) { while ($row = mysqli_fetch_array($auction_query)) { $auction->setAuctionId($row['auction_id']); $auction->setAuctionTitle($row['auction_title']); $auction->setAuctionDesc($row['auction_desc']); $auction->setISBN($row['isbn']); $auction->setBINPrice($row['bin_price']); $auction->setStartBidPrice($row['start_bid_price']); $auction->setUserId($row['user_id']); $auction->setCreationTime($row['auction_creation_time']); $auction->setEndTime($row['auction_end_time']); $auction->setAuctionEnded($row['auction_ended']); $auction->setWinnerUserName($row['winner_username']); } } $user_id = $auction->getUserId(); $user_query = mysqli_query($link, "SELECT * FROM users WHERE id={$user_id}"); if ($user_query !== null) { while ($row = mysqli_fetch_array($user_query)) {