function maintCategory() { $results = ''; if (isset($_POST['save']) and $_POST['save'] == 'Save') { // check the token $badToken = true; if (!isset($_POST['token']) || !isset($_SESSION['token']) || empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']) { $results = array('', 'Sorry, go back and try again. There was a security issue.'); $badToken = true; } else { $badToken = false; unset($_SESSION['token']); // Put the sanitized variables in an associative array // Use the FILTER_FLAG_NO_ENCODE_QUOTES to allow quotes in the description $item = array('cat_id' => (int) $_POST['cat_id'], 'cat_name' => filter_input(INPUT_POST, 'cat_name', FILTER_SANITIZE_STRING), 'cat_description' => filter_input(INPUT_POST, 'cat_description', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), 'cat_image' => filter_input(INPUT_POST, 'cat_image', FILTER_SANITIZE_STRING)); // Set up a Category object based on the posts $category = new Category($item); if ($category->getCat_id()) { $results = $category->editRecord(); } else { $results = $category->addRecord(); } } } return $results; }
echo $item->getCat_description(); ?> </textarea></li> <li><label for="cat_image" >Image</label><br /> <input type="text" name="cat_image" id="cat_image" value="<?php echo $item->getCat_image(); ?> " /></li> </ul> <?php // create token $salt = 'SomeSalt'; $token = sha1(mt_rand(1, 1000000) . $salt); $_SESSION['token'] = $token; ?> <input type="hidden" name="cat_id" id="cat_id" value="<?php echo $item->getCat_id(); ?> " /> <input type="hidden" name="task" id="task" value="category.maint" /> <input type='hidden' name='token' value='<?php echo $token; ?> '/> <input type="submit" name="save" value="Save" /> <a class="cancel" href="index.php?content=categories">Cancel</a> </fieldset> </form>