} elseif ($action == "unsell") {
$category = "0";
$state = "Active";
} else {
$category = '';
}
$sql = $dbconn->prepare("SELECT * FROM `textbooks` WHERE `BookId` = :id");
$sql->bindParam(":id", $id);
$sql->execute();
$result = $sql->fetch(PDO::FETCH_ASSOC);
if ($action == "hide") {
$category = $result['CategoryId'];
$state = "Hidden";
} elseif ($action == "active") {
$category = $result['CategoryId'];
$state = "Active";
}
if ($result['CategoryId'] == $category && $result['UserId'] == $_SESSION['Username']) {
try {
$sql = $dbconn->prepare("UPDATE `textbooks` SET `State`=:state WHERE `BookId` = :id");
$sql->bindParam(":id", $id);
$sql->bindParam(":state", $state);
$result = $sql->execute();
if ($result) {
header('location: ../myuploads.php');
}
} catch (PDOException $e) {
errorHandle($e);
}
}
}
<?php
ini_set('display_errors', '0');
include_once "scripts/connect.php";
include_once "scripts/functions.php";
$id = 4;
$uid = 1;
//avoid sql injection and other exploiters tecniches
$stmt = $db->prepare("SELECT pTitle from PRODUCT pId=:id");
//bind the variable value
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
try {
$stmt->execute();
} catch (PDOException $e) {
echo errorHandle($e);
}
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
print_r($row);
}
