prepare($post_sql);
$stmt->bind_param('i', $_GET['post']);
$stmt->execute();
$post_result = $stmt->get_result();
if(!$post_result)
{
echo 'The post could not be retrieved, please try again later.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
if(!$_SESSION['signedIn'])
{
echo 'You must be signed in to delete a post. You can also sign up for an account.';
}
else if ($_SESSION['userNo'] != $post_result->fetch_assoc()['postBy'])
{
echo 'You cannot edit this post. You are not OP!';
}
else
{
echo 'Are you sure you want to remove this post?
';
//show edit form
echo '
';
}
}
else
{
//the form has been posted, now it's time to process.
//start the transaction
$query = "BEGIN WORK;";
if(!$conn->query($query))
{
//Damn! the query failed, quit
echo 'An error occured while editing your post. Please try again later.';
}
else
{
//the form has been posted, so save it
//update the post in the posts table then save it
$update_sql = " UPDATE posts
SET postContent = ?
WHERE postNo = ?";
$update_stmt = $conn->prepare($update_sql);
$update_stmt->bind_param('si', $content, $_GET['post']);
if(!$update_stmt->execute())
{
//something went wrong, display the error
echo 'An error occured while inserting your data. Please try again later.
' . $conn->error;
$sql = "ROLLBACK;";
$conn->query($sql);
}
else
{
$sql = "COMMIT;";
$conn->query($sql);
//after a lot of work, the query succeeded!
echo 'You have succesfully removed your post.';
}
}
}
}
include 'footer.php';
?>