prepare('INSERT INTO bids(amount, user_id, listing_id) VALUES(:amount, :user_id, :listing_id)'); $values = [ 'amount' => $_POST['bid'], 'user_id' => $_SESSION['loggedin'], 'listing_id' => $listing['listing_id'] ]; $stmt->execute($values); } else if (isset($_POST['reviewSubmit'])) { $stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email'); $values = [ 'email' => $listing['email'] ]; $stmt->execute($values); $user = $stmt->fetch(); $stmt = $pdo->prepare('INSERT INTO review (review_user, review_date, review_contents, user_id) VALUES (:review_user, :review_date, :review_contents, :user_id)'); $values = [ 'review_user' => $_SESSION['loggedin'], 'review_date' => date('Y-m-d'), 'review_contents' => $_POST['reviewtext'], 'user_id' => $user['user_id'] ]; $stmt->execute($values); } $pageContent = '

Product Page

'. populateContent($listing) .'

'; require '../layout.php'; checkListing(); function populateContent($listing) { $pdo = startDB(); $stmt = $pdo->prepare('SELECT * FROM category WHERE category_id = :category_id'); $values = [ 'category_id' => $listing['categoryId'] ]; $stmt->execute($values); $category = $stmt->fetch(); $stmt = $pdo->prepare('SELECT MAX(amount) FROM bids WHERE listing_id = :listing_id'); $values = [ 'listing_id' => $listing['listing_id'] ]; $stmt->execute($values); $bid = $stmt->fetch(); $stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email'); $values = [ 'email' => $listing['email'] ]; $stmt->execute($values); $user = $stmt->fetch(); $output = ' product name

'. $listing['title'] .'

'. $category['name'] .'

Auction created by '. $user['first_name'].$user['last_name'] .'

Current bid: '. $bid['MAX(amount)'] .'

Time left:'. round((strtotime($listing['endDate']) - strtotime(date('Y-m-d H:i:s')))/60/60,1 ) .' Hours

'. $listing['description'] .'

'; $output .= '

Reviews of '. $user['first_name'].$user['last_name'].'

'. getReviews($user['user_id']) .'

'; if($user['user_id'] === $_SESSION['loggedin']) { $output .= 'edit'; } return $output; } function getReviews($user_id) { $pdo = startDB(); $output = ''; $stmt = $pdo->prepare('SELECT * FROM review WHERE user_id = :user_id'); $values = [ 'user_id' => $user_id ]; $stmt->execute($values); $reviews = $stmt->fetchAll(); foreach ($reviews as &$review) { $stmt = $pdo->prepare('SELECT * FROM users WHERE user_id = :user_id'); $values = [ 'user_id' => $review['review_user'] ]; $stmt->execute($values); $user = $stmt->fetch(); $output .= '

'.$user['first_name'].$user['last_name'].' said '.$review['review_content'].' '. $review['review_date'] .'

'; } } ?> //TODO: add bid history