prepare($post_sql); $stmt->bind_param('i', $_GET['post']); $stmt->execute(); $post_result = $stmt->get_result(); if(!$post_result) { echo 'The post could not be retrieved, please try again later.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { $post_result = $post_result->fetch_assoc(); if(!$_SESSION['signedIn']) { echo 'You must be signed in to edit a post. You can also sign up for an account.'; } else if ($_SESSION['userNo'] != $post_result['postBy']) { echo 'You cannot edit this post. You are not OP!'; } else { $content = htmlentities(stripslashes($post_result['postContent'])); //show edit form echo '

Post:
' . htmlentities($content, ENT_QUOTES | ENT_HTML5, 'UTF-8') . '

'; } } else { //the form has been posted, now it's time to process. //start the transaction $query = "BEGIN WORK;"; if(!$conn->query($query)) { //Damn! the query failed, quit echo 'An error occured while editing your post. Please try again later.'; } else { //the form has been posted, so save it //update the post in the posts table then save it $update_sql = " UPDATE posts SET postContent = ? WHERE postNo = ?"; $update_stmt = $conn->prepare($update_sql); $update_stmt->bind_param('si', $_POST['postContent'], $_GET['post']); if(!$update_stmt->execute()) { //something went wrong, display the error echo 'An error occured while inserting your data. Please try again later.

' . $conn->error; $sql = "ROLLBACK;"; $conn->query($sql); } else { $sql = "COMMIT;"; $conn->query($sql); //after a lot of work, the query succeeded! echo 'You have succesfully edited your post.'; } } } } include 'footer.php'; ?>