-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathbidInfo.php
59 lines (50 loc) · 2.77 KB
/
bidInfo.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php
connectToDB(); // method from connect.php
$display_block = "<h1>Logged in as ".$_SESSION['email']."</h1>";
$high_bid_sql = "SELECT i.name, i.description, i.reserve_price, i.owner, u.email, b.value"
. " FROM items i INNER JOIN bids b ON i.id = b.items_id"
. " INNER JOIN users u on b.users_id = u.id WHERE i.id = ".filter_input(INPUT_GET, 'items_id')
. " ORDER BY b.time DESC";
$high_bid_result = mysqli_query($mysqli, $high_bid_sql) or die(mysqli_error($mysqli));
$display_block .=
"<table width=\"100%\" cellpadding=\"3\" cellspacing=\"1\" border=\"1\">
<tr>
<th>Item</th>
<th>Description</th>
<th>Highest Bidder</th>
<th>Current Bid</th>
</tr>";
if (mysqli_num_rows($high_bid_result) < 1) {
$item_sql = "SELECT * FROM items WHERE id = ".filter_input(INPUT_GET, 'items_id');
$item_result = mysqli_query($mysqli, $item_sql) or die(mysqli_error($mysqli));
$item_info = mysqli_fetch_array($item_result);
$item_name = stripslashes($item_info['name']);
$item_owner = stripslashes($item_info['owner']);
$item_desc = nl2br(stripslashes($item_info['description']));
$item_res_price = $item_info['reserve_price'];
$display_block .=
"<tr>
<td width=\"15%\" valign=\"top\"><em>Name:</em><strong> ".$item_name."</strong><br><br><em>Seller:</em> <strong>".substr($item_owner, 0, strpos($item_owner, '@'))."</strong></td>
<td width=\"55%\" valign=\"top\">".$item_desc."</td>
<th width=\"15%\">--</th>
<th width=\"15%\">No bids!!</th>
</tr></table>";
} else {
$high_bid_info = mysqli_fetch_array($high_bid_result);
$item_name = stripslashes($high_bid_info['name']);
$item_owner = stripslashes($high_bid_info['owner']);
$user = stripslashes($high_bid_info['email']);
$item_desc = nl2br(stripslashes($high_bid_info['description']));
$high_bid_price = $high_bid_info['value'];
$item_res_price = $high_bid_info['reserve_price'];
$display_block .=
"<tr>
<td width=\"15%\" valign=\"top\"><em>Name:</em><strong> ".$item_name."</strong><br><br><em>Seller:</em> <strong>".substr($item_owner, 0, strpos($item_owner, '@'))."</strong></td>
<td width=\"55%\" valign=\"top\">".$item_desc."</td>
<th width=\"15%\">".substr($user, 0, strpos($user, '@'))."</th>
<th width=\"15%\">$".$high_bid_price."</th>
</tr></table>";
//free result
mysqli_free_result($high_bid_result);
}
?>