File "index.php"

Full Path: /home/custbahd/tourismfraternity.com/listings/1/reviews/index.php
File size: 1.1 KB
MIME-type: text/x-php
Charset: utf-8

<?php
	session_start();
	include_once('../../../admin/db/saucerer.php');

	if(isset($_POST['submit'])){

	  if ($_POST['username']=='') {
		$listing_id = mysqli_real_escape_string($mysqli, $_POST['listing_id']);
		$listing = mysqli_real_escape_string($mysqli, $_POST['listing']);
		$name = mysqli_real_escape_string($mysqli, $_POST['name']);
		$email = mysqli_real_escape_string($mysqli, $_POST['email']);
		$review = mysqli_real_escape_string($mysqli, $_POST['review']);
		$rate = mysqli_real_escape_string($mysqli, $_POST['rate']);
		$url = mysqli_real_escape_string($mysqli, $_POST['url']);

		$sql = "INSERT INTO reviews (listing_id, listing, name, email, review, rate) 

				VALUES ('$listing_id', '$listing', '$name', '$email', '$review', '$rate')";

		//use for MySQLi OOP
		if(mysqli_query($mysqli, $sql)){
			$_SESSION['success'] = "<span style='font-weight:bold; font-size: 12px;'>Thank you for the review.</span>";
		}
		
		
		else{
			$_SESSION['error'] = "<span style='font-weight:bold; font-size: 12px;'>Review failed!</span>";
		}

	}

}

header('location: ../?url='.$url.'');

?>