$sql = "INSERT INTO reports (data) VALUES ('" . $text . "')"; $id = $DB->insert($sql); $output = $id; } if ($id == "getContact") { $DB = new conn(); $DB->connect(); $val = $DB->sanitize($_REQUEST["value"]); $array = $DB->getContactInfo($val); $output = $array; } if ($id == "searchContacts") { $DB = new conn(); $DB->connect(); $val = $DB->sanitize($_REQUEST["value"]); $array = $DB->searchContacts($val); $output = $array; } if ($id == "getNewProductTable") { if (!UserMay("Admin_ViewProducts")) { AccessDenied(); } $DB = new conn(); $DB->connect(); $sql = <<<SQLEND \t\t\t\t \t\t\tSELECT * from products SQLEND; $and = false; if (isset($_POST["productDescription"])) {