Example #1
0
function maintCategory()
{
    $results = '';
    if (isset($_POST['save']) and $_POST['save'] == 'Save') {
        // check the token
        $badToken = true;
        if (!isset($_POST['token']) || !isset($_SESSION['token']) || empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']) {
            $results = array('', 'Sorry, go back and try again. There was a security issue.');
            $badToken = true;
        } else {
            $badToken = false;
            unset($_SESSION['token']);
            // Put the sanitized variables in an associative array
            // Use the FILTER_FLAG_NO_ENCODE_QUOTES to allow quotes in the description
            $item = array('cat_id' => (int) $_POST['cat_id'], 'cat_name' => filter_input(INPUT_POST, 'cat_name', FILTER_SANITIZE_STRING), 'cat_description' => filter_input(INPUT_POST, 'cat_description', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), 'cat_image' => filter_input(INPUT_POST, 'cat_image', FILTER_SANITIZE_STRING));
            // Set up a Category object based on the posts
            $category = new Category($item);
            if ($category->getCat_id()) {
                $results = $category->editRecord();
            } else {
                $results = $category->addRecord();
            }
        }
    }
    return $results;
}