prepare("SELECT * FROM products WHERE id = ? AND deleted_at IS NULL"); $stmt->execute([$id]); $product = $stmt->fetch(); } $page_title = $id ? "Edit Product" : "Add Product"; if ($_SERVER['REQUEST_METHOD'] === 'POST') { // CSRF Validation if (!validate_csrf($_POST['csrf_token'] ?? '')) { die("CSRF token validation failed."); } $name = $_POST['name'] ?? ''; $description = $_POST['description'] ?? ''; $price = $_POST['price'] ?? 0; if ($id) { $stmt = db()->prepare("UPDATE products SET name = ?, description = ?, price = ? WHERE id = ?"); $stmt->execute([$name, $description, $price, $id]); } else { $stmt = db()->prepare("INSERT INTO products (name, description, price) VALUES (?, ?, ?)"); $stmt->execute([$name, $description, $price]); } header("Location: products.php"); exit; } require_once 'includes/header.php'; ?>

Cancel