Professional CodeIgniter

(singke) #1

Chapter 9: Security and Performance


274


Without belaboring the obvious, here are a few of those modified functions:

function getCategory($id){
$data = array();
$options = array(‘id’ = > id_clean($id) );
$Q = $this- > db- > getwhere(‘categories’,$options,1);
if ($Q- > num_rows() > 0){
$data = $Q- > row_array();
}
$Q- > free_result();
return $data;
}
function addCategory(){
$data = array(
‘name’ = > db_clean($_POST[‘name’]) ,
‘shortdesc’ = > db_clean($_POST[‘shortdesc’]) ,
‘longdesc’ = > db_clean($_POST[‘longdesc’],5000) ,
‘status’ = > db_clean($_POST[‘status’],8) ,
‘parentid’ = > id_clean($_POST[‘parentid’])

);

$this- > db- > insert(‘categories’, $data);
}

function updateCategory(){
$data = array(
‘name’ = > db_clean($_POST[‘name’]) ,
‘shortdesc’ = > db_clean($_POST[‘shortdesc’]) ,
‘longdesc’ = > db_clean($_POST[‘longdesc’],5000) ,
‘status’ = > db_clean($_POST[‘status’],8) ,
‘parentid’ = > id_clean($_POST[‘parentid’])
);

$this- > db- > where(‘id’, id_clean($_POST[‘id’]) );
$this- > db- > update(‘categories’, $data);

}

function deleteCategory($id){
$data = array(‘status’ = > ‘inactive’);
$this- > db- > where(‘id’, id_clean($id) );
$this- > db- > update(‘categories’, $data);
}
Free download pdf