Professional CodeIgniter

Chapter 9: Security and Performance

274

Without belaboring the obvious, here are a few of those modified functions:

function getCategory($id){

$data = array();

$options = array(‘id’ = > id_clean($id) );

$Q = $this- > db- > getwhere(‘categories’,$options,1);

if ($Q- > num_rows() > 0){

$data = $Q- > row_array();

}

$Q- > free_result();

return $data;

}

function addCategory(){

$data = array(

‘name’ = > db_clean($_POST[‘name’]) ,

‘shortdesc’ = > db_clean($_POST[‘shortdesc’]) ,

‘longdesc’ = > db_clean($_POST[‘longdesc’],5000) ,

‘status’ = > db_clean($_POST[‘status’],8) ,

‘parentid’ = > id_clean($_POST[‘parentid’])

);

$this- > db- > insert(‘categories’, $data);

}

function updateCategory(){

$data = array(

‘name’ = > db_clean($_POST[‘name’]) ,

‘shortdesc’ = > db_clean($_POST[‘shortdesc’]) ,

‘longdesc’ = > db_clean($_POST[‘longdesc’],5000) ,

‘status’ = > db_clean($_POST[‘status’],8) ,

‘parentid’ = > id_clean($_POST[‘parentid’])

);

$this- > db- > where(‘id’, id_clean($_POST[‘id’]) );

$this- > db- > update(‘categories’, $data);

}

function deleteCategory($id){

$data = array(‘status’ = > ‘inactive’);

$this- > db- > where(‘id’, id_clean($id) );

$this- > db- > update(‘categories’, $data);

}