<?php session_start(); include_once('../../../admin/db/saucerer.php'); if(isset($_POST['submit'])){ if ($_POST['username']=='') { $listing_id = mysqli_real_escape_string($mysqli, $_POST['listing_id']); $listing = mysqli_real_escape_string($mysqli, $_POST['listing']); $name = mysqli_real_escape_string($mysqli, $_POST['name']); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $review = mysqli_real_escape_string($mysqli, $_POST['review']); $rate = mysqli_real_escape_string($mysqli, $_POST['rate']); $url = mysqli_real_escape_string($mysqli, $_POST['url']); $sql = "INSERT INTO reviews (listing_id, listing, name, email, review, rate) VALUES ('$listing_id', '$listing', '$name', '$email', '$review', '$rate')"; //use for MySQLi OOP if(mysqli_query($mysqli, $sql)){ $_SESSION['success'] = "<span style='font-weight:bold; font-size: 12px;'>Thank you for the review.</span>"; } else{ $_SESSION['error'] = "<span style='font-weight:bold; font-size: 12px;'>Review failed!</span>"; } } } header('location: ../?url='.$url.''); ?>