add_dogbreed_php

1. <?php
2. session_start();
3. include_once "../config.php";
4. include "functions.php";
5. include "../includes/db.php";
6.  
7.  
8. $passed = 0;
9. $number_passed = 0;
10.  
11. $_SESSION['message'] = "<ul>";
12.  
13. if ($_POST['dogbreed'] &&
14.     $_POST['description'] &&
15.     $_POST['country_code'] &&
16.     $_POST['price'] &&
17.     $_POST['discount_rate']) {
18.    
19.     if (!is_numeric($_POST['price']) || !is_numeric($_POST['discount_rate'])) {
20.         $_SESSION['message'] .= "<li>Price and discount rate must be in numeric form.</li>";
21.     } else {
22.         $number_passed = 1;
23.         $passed = 1;
24.     }
25.        
26.     if ($passed = 1) {
27.         $sql = "INSERT INTO dogbreeds (dogbreed, description, country_code, price, discount_rate)
28.         VALUES (
29.             '" . $_POST['dogbreed'] . "',
30.             '" . $_POST['description'] . "',
31.             '" . $_POST['country_code'] . "',
32.             '" . $_POST['price'] . "',
33.             '" . $_POST['discount_rate'] . "'
34.             )";
35.         $result = mysqli_query($_SESSION['dblink'],$sql);
36.         if ($result) {
37.             $_SESSION['message'] .= "Record added!";
38.         } else {
39.             $_SESSION['message'] .= "Record NOT added! " . mysqli_error($_SESSION['dblink']);
40.         }
41.         $_SESSION['message'] .= "</ul>";
42.         header("Location: " . SITE_URL . "/admin");
43.     } else {
44.         header("Location: " . SITE_URL . "/admin");
45.     }
46. } else {
47.     $_SESSION['message'] .= "<li>Please fill in ALL fields.</li></ul>";
48.     header("Location: " . SITE_URL . "/admin");
49. }