Ajax post to php to update mysql

Question

I've built an admin page for my site, that contains numerous forms that save, update, delete data into different tables in my database.

Currently i have one PHP file for each function that does the mysql query according to my ajax post command. which is getting a bit out of control.

for example i have a file for saving a new category

$cataddname = $_POST['name'];
$area = $_POST['area'];

$shortname = preg_replace('/\s+/', '_', $cataddname);

$update_category = "INSERT INTO clet_faq_category (id, name, nickname, area) VALUES ('', '$cataddname', '$shortname', '$area')";
mysqli_query($db_connect, $update_category);

my save new category command posts to this file:

then i have a file that saves a category edit:

$cataddname = $_POST['name'];
$area = $_POST['area'];
$id = $_POST['cid'];
$shortname = preg_replace('/\s+/', '_', $cataddname);

$update_category = "UPDATE clet_faq_category SET name='$cataddname', nickname='$shortname', area='$area' WHERE id = '$id'";
mysqli_query($db_connect, $update_category);

And another one to delete a category:

$c_id = $_POST['delete_id'];

$sql_del = "DELETE FROM clet_faq_category WHERE id = '$c_id'";
$del_question = mysqli_query( $db_connect, $sql_del );

then i have an jQuery ajax call that calls the page:

function newcat(){
    var id = "answer";
    tinymce.execCommand('mceRemoveEditor', true, id);

    var category = document.getElementById('newcategory').value;
    var area = document.getElementById('area').value;
    var dataString = 'name=' + category + '&area=' + area;
    $.ajax({
        type: "post",
        url:  "newcat.php?area_id=" + areaid,
        data : {
          'name': category,
          'area': area,
          'query' : query
        },
        cache: false,
        success: function(html){
            $('#category_table').html(html);
            $('#cat-form').text("Category Saved");
        }
    });
    return false;
}

And When you look at them it's pretty much the same thing it's just a mysql query running.

What i'm trying to do is streamline this a little bit, i thought about passing the entire query via ajax to my php file, but that's not an option as anyone that can see my js file will be able to figure out all my queries and table names, and all they need to do is post a query to my php page and damage my entire DB.

so my question is, is there a way to do this in a smarter way maybe creating php functions inside the same file, that has category_delete(), category_add(), category_edit() on the same file and using ajax target each one of those categories, at least all my functions and queries will be on the same spot not in multiple separate files if you know what i mean.

Answer 1

You can have to send extra parameter in ajax as action, this parameter specifies the action

in php

     switch($_POST['action'])
     {
         case 'delete':
           .....
      }

Answer 2

You can do like this create a separate class which perform options for insert delete and update. and on your ajax page call these function like this

$func = new CUD();

switch($_POST['action'])
     {
         case 'delete':
           $func->delete($values..)
         case 'update':
           $func->update($values..)
          case 'delete':
           $func->insert($values..)

  }