Voucher codes claim and admin.

CREATE TABLE `vouchers` (
  `id` int(11) NOT NULL auto_increment,
  `voucher` varchar(225) NOT NULL,
  `value` varchar(225) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM;

<?php
session_start();
include "config.php";
if($logged[username] && $logged[userlevel] == 6)
{
switch($_GET[page])
{
default:
echo ("
Hello. Would you like to create a voucher?<br>
<form method='post' action='?page=create'>
<b>Value:</b> <input type='text' name='value' maxlength='3'><br>
<input type='submit' value='Claim' name='submit'>
</form>
<table width='200'>
<tr>
<td width='150'><b>Voucher Code</b></td>
<td width='50'><b>Value</b></td>
</tr>");
$fetch = mysql_query("SELECT * FROM `vouchers`");
$rows = mysql_num_rows($fetch);
if ($rows = 0)
{
echo ("<tr>
<td width='150'><b>No Vouchers</b></td>
<td width='50'><b>No Vouchers</b></td>
</tr>");
}
while ($vc = mysql_fetch_array($fetch))
{
echo ("<tr>
<td width='150'>$vc[voucher]</td>
<td width='50'>$vc[value]</td>
</tr>");
}
echo ("</table>");
break;
 
case 'create':
$value = $_POST[value];
$random  = "abcdefghijklmnopqrstuvwxyz";
$voucher = substr(str_shuffle($random), 0, 10);
$insert = mysql_query("INSERT INTO `vouchers` (`voucher`, `value`) VALUES ('$voucher', '$value')");
echo ("Congratulations, you have created a voucher worth $vc[value] points. The voucher code is $voucher");
break;
}
}
?>

<?php
session_start();
include "config.php";
if($logged[username])
{
switch($_GET[page])
{
default:
echo ("
Hello. Would you like to claim a voucher?<br>
<form method='post' action='?page=claim'>
<b>Voucher Code:</b> <input type='text' name='voucher' maxlength='10'><br>
<input type='submit' value='Claim' name='submit'>
</form>
");
break;
 
case 'claim':
$voucher = $_POST[voucher];
$fetch = mysql_query("SELECT * FROM `vouchers` WHERE `voucher` = '$voucher'");
$rows = mysql_num_rows($fetch);
if ($rows == 0) 
{ 
echo ("Invalid Reward code!"); 
} 
else
{ 
$vc = mysql_fetch_array($fetch);
if ($voucher = $vc[voucher])
{
$points = $logged[points]+$vc[value];
$insert = mysql_query("UPDATE `members` SET `points` = '$points' WHERE `username` = '$logged[username]'");
$delete = mysql_query("DELETE FROM `vouchers` WHERE `id` = '$vc[id]'");
echo ("Congratulations, you have claimed a voucher worth $vc[value] points.");
}
}
break;
}
}
?>