function addItemToCatalog title author pubyear price sql INSERT INTO c

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
function addItemToCatalog($title, $author, $pubyear, $price){
$sql = "INSERT INTO catalog (title, author, pubyear, price) VALUES ('$title', '$author', '$pubyear', '$price')";
$link = mysqli_connect(DB_HOST, DB_LOGIN, DB_PASSWORD, DB_NAME);
if (!$stmt = mysqli_prepare($link, $sql)) return false;
mysqli_stmt_bind_param($stmt, "ssii", $title, $author, $pubyear, $price);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
return true;
}
if(isset($_POST['title']) && isset($_POST['author']) && isset($_POST['pubyear']) && isset($_POST['price'])){
$title = htmlspecialchars($_POST['title']);
$author = htmlspecialchars($_POST['author']);
$pubyear = htmlspecialchars($_POST['pubyear']);
$price = htmlspecialchars($_POST['price']);
if(!addItemToCatalog($title, $author, $pubyear, $price)){
echo 'Произошла ошибка при добавлении товара в каталог';
}else{
header("Location: add2cat.php");
exit;
}
}