// remove 'action' key from array, we no longer need it
// Never ever believe on end user, he could be a evil minded
$escapedPost = array_map('array_map_callback', $_POST);
$escapedPost = array_map('htmlentities', $escapedPost);
$res = $obj->save($escapedPost);
if ($res) {
$escapedPost["success"] = "1";
$escapedPost["id"] = $res;
echo json_encode($escapedPost);
} else {
echo $obj->error("save");
}
} else {
if ($action == "del") {
$id = $_POST['rid'];
$res = $obj->delete_record($id);
if ($res) {
echo json_encode(array("success" => "1", "id" => $id));
} else {
echo $obj->error("delete");
}
} else {
if ($action == "update") {
$escapedPost = array_map('array_map_callback', $_POST);
$escapedPost = array_map('htmlentities', $escapedPost);
$id = $obj->update_record($escapedPost);
if ($id) {
echo json_encode(array_merge(array("success" => "1", "id" => $id), $escapedPost));
} else {
echo $obj->error("update");
}
