

<?php

if( $_POST ){



// include database connection

include 'config/database.php' ;



try{



// insert query

$query = "INSERT INTO products SET name=:name, description=:description, price=:price, created=:created" ;



// prepare query for execution

$stmt = $con -> prepare ( $query );



// posted values

$name = htmlspecialchars ( strip_tags ( $_POST [ 'name' ]));

$description = htmlspecialchars ( strip_tags ( $_POST [ 'description' ]));

$price = htmlspecialchars ( strip_tags ( $_POST [ 'price' ]));



// bind the parameters

$stmt -> bindParam ( ':name' , $name );

$stmt -> bindParam ( ':description' , $description );

$stmt -> bindParam ( ':price' , $price );



// specify when this record was inserted to the database

$created = date ( 'Y-m-d H:i:s' );

$stmt -> bindParam ( ':created' , $created );



// Execute the query

if( $stmt -> execute ()){

echo "<div class='alert alert-success'>Record was saved.</div>" ;

}else{

echo "<div class='alert alert-danger'>Unable to save record.</div>" ;

}



}



// show error

catch( PDOException $exception ){

die( 'ERROR: ' . $exception -> getMessage ());

}

}

?>