function sanitize($data)
{
return htmlentities(strip_tags(mysql_znote_escape_string($data)));
}
// Insert news
if ($action === 'i') {
echo '<font color="green"><b>News created successfully!</b></font>';
list($charid, $title, $text) = array((int) $_POST['selected_char'], mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
$date = time();
mysql_insert("INSERT INTO `znote_news` (`title`, `text`, `date`, `pid`) VALUES ('{$title}', '{$text}', '{$date}', '{$charid}');");
// Reload the cache.
$cache = new Cache('engine/cache/news');
$news = fetchAllNews();
$cache->setContent($news);
$cache->save();
}
// Save
if ($action === 's') {
echo '<font color="green"><b>News successfully updated!</b></font>';
list($title, $text) = array(mysql_znote_escape_string($_POST['title']), mysql_znote_escape_string($_POST['text']));
mysql_update("UPDATE `znote_news` SET `title`='{$title}',`text`='{$text}' WHERE `id`='{$id}';");
$cache = new Cache('engine/cache/news');
$news = fetchAllNews();
$cache->setContent($news);
$cache->save();
}
// Edit
if ($action === 'e') {
$news = fetchAllNews();
$edit = array();
foreach ($news as $n) {
if ($n['id'] == $id) {
$edit = $n;
}
}