diff --git a/app/admin/devices/edit-result.php b/app/admin/devices/edit-result.php
index f32b76d61c338eedaf4a3ec1be04bdbdbb2ef2c6..57fe01626710e9c3cda989eb908d3694c8314139 100755
--- a/app/admin/devices/edit-result.php
+++ b/app/admin/devices/edit-result.php
@@ -14,11 +14,12 @@ $Admin	 	= new Admin ($Database, false);
 $Tools	 	= new Tools ($Database);
 $Racks      = new phpipam_rack ($Database);
 $Result 	= new Result ();
+$Params		= new Params ($User->strip_input_tags ($_POST));
 
 # verify that user is logged in
 $User->check_user_session();
 # perm check popup
-if($_POST['action']=="edit") {
+if($Params->action=="edit") {
     $User->check_module_permissions ("devices", User::ACCESS_RW, true, false);
 }
 else {
@@ -29,13 +30,12 @@ else {
 $User->check_maintaneance_mode ();
 
 # validate csrf cookie
-$User->Crypto->csrf_cookie ("validate", "device", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
-
+$User->Crypto->csrf_cookie ("validate", "device", $Params->csrf_cookie) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
 # get modified details
-$device = $Admin->strip_input_tags($_POST);
+$device = (array) $Params;
 
 # ID must be numeric
-if($_POST['action']!="add" && !is_numeric($_POST['switchid']))			{ $Result->show("danger", _("Invalid ID"), true); }
+if($Params->action!="add" && !is_numeric($Params->switchid))			{ $Result->show("danger", _("Invalid ID"), true); }
 
 # available devices set
 foreach($device as $key=>$line) {
@@ -62,9 +62,11 @@ if (!is_blank(@$device['rack']) && $User->get_module_permissions ("racks")>=User
         if (!is_numeric($device['rack']))                               { $Result->show("danger", _('Invalid rack identifier').'!', true); }
         if (!is_numeric($device['rack_start']))                         { $Result->show("danger", _('Invalid rack start position').'!', true); }
         if (!is_numeric($device['rack_size']))                          { $Result->show("danger", _('Invalid rack size').'!', true); }
-        # validate rack
-        $rack = $Racks->fetch_rack_details ($device['rack']);
-        if ($rack===false)                                              { $Result->show("danger", _('Rack does not exist').'!', true); }
+		# validate rack
+		$rack = $Racks->fetch_rack_details($device['rack']);
+		if (!is_numeric($device['rack']) || ($rack > 0 && !is_object($rack))) {
+			$Result->show("danger", _('Rack does not exist') . '!', true);
+		}
     }
 }
 
@@ -93,7 +95,7 @@ if(sizeof($custom) > 0) {
 
 # set update values
 $values = array(
-				"id"          =>$device['switchid'],
+				"id"          =>isset($device['switchid']) ? $device['switchid'] : null,
 				"hostname"    =>$device['hostname'],
 				"ip_addr"     =>$device['ip_addr'],
 				"type"        =>$device['type'],
@@ -117,10 +119,10 @@ if ($User->get_module_permissions ("locations")==User::ACCESS_NONE) {
 }
 
 # update device
-if(!$Admin->object_modify("devices", $_POST['action'], "id", $values))	{}
+if(!$Admin->object_modify("devices", $Params->action, "id", $values))	{}
 else { $Result->show("success", _("Device")." ".$device["action"]." "._("successful").'!', false); }
 
-if($_POST['action']=="delete"){
+if($Params->action=="delete"){
 	# remove all references from subnets and ip addresses
 	$Admin->remove_object_references ("subnets", "device", $values["id"]);
 	$Admin->remove_object_references ("nat", "device", $values["id"]);
diff --git a/app/admin/devices/edit.php b/app/admin/devices/edit.php
index 812e42cc7993c8f2a18c6f33f52ab80295371105..06924b4f8a1208c64b0ceaaba1d4c6429d7a6833 100755
--- a/app/admin/devices/edit.php
+++ b/app/admin/devices/edit.php
@@ -13,11 +13,12 @@ $User 		= new User ($Database);
 $Admin	 	= new Admin ($Database, false);
 $Tools	 	= new Tools ($Database);
 $Result 	= new Result ();
+$Params		= new Params ($User->strip_input_tags ($_POST));
 
 # verify that user is logged in
 $User->check_user_session();
 # perm check popup
-if($_POST['action']=="edit") {
+if($Params->action=="edit") {
     $User->check_module_permissions ("devices", User::ACCESS_RW, true, true);
 }
 else {
@@ -27,21 +28,19 @@ else {
 # create csrf token
 $csrf = $User->Crypto->csrf_cookie ("create", "device");
 
-# strip tags - XSS
-$_POST = $User->strip_input_tags ($_POST);
 
 # validate action
-$Admin->validate_action ($_POST['action'], true);
+$Admin->validate_action ($Params->action, true);
 
 # fetch custom fields
 $custom = $Tools->fetch_custom_fields('devices');
 
 # ID must be numeric
-if($_POST['action']!="add" && !is_numeric($_POST['switchid']))		{ $Result->show("danger", _("Invalid ID"), true, true); }
+if($Params->action!="add" && !is_numeric($Params->switchid))		{ $Result->show("danger", _("Invalid ID"), true, true); }
 
 # fetch device details
-if( ($_POST['action'] == "edit") || ($_POST['action'] == "delete") ) {
-	$device = (array) $Admin->fetch_object("devices", "id", $_POST['switchid']);
+if( ($Params->action == "edit") || ($Params->action == "delete") ) {
+	$device = (array) $Admin->fetch_object("devices", "id", $Params->switchid);
 	// false
 	if ($device===false)                                            { $Result->show("danger", _("Invalid ID"), true, true);  }
 }
@@ -51,10 +50,12 @@ else {
 	$device['type']       = 9;
 	$device['rack_start'] = 1;
 	$device['rack_size']  = 1;
+	$device['location'] = null;
+	$device['rack'] = null;
 }
 
 # set readonly flag
-$readonly = $_POST['action']=="delete" ? "readonly" : "";
+$readonly = $Params->action=="delete" ? "readonly" : "";
 
 
 # all locations
@@ -193,10 +194,10 @@ $('#switchManagementEdit select[name=rack]').change(function() {
 		<td>
 			<textarea name="description" class="form-control input-sm" placeholder="<?php print _('Description'); ?>" <?php print $readonly; ?>><?php if(isset($device['description'])) print $device['description']; ?></textarea>
 			<?php
-			if( ($_POST['action'] == "edit") || ($_POST['action'] == "delete") ) {
-				print '<input type="hidden" name="switchid" value="'. $_POST['switchid'] .'">'. "\n";
+			if( ($Params->action == "edit") || ($Params->action == "delete") ) {
+				print '<input type="hidden" name="switchid" value="'. $Params->switchid .'">'. "\n";
 			} ?>
-			<input type="hidden" name="action" value="<?php print escape_input($_POST['action']); ?>">
+			<input type="hidden" name="action" value="<?php print escape_input($Params->action); ?>">
 			<input type="hidden" name="csrf_cookie" value="<?php print $csrf; ?>">
 		</td>
 	</tr>
@@ -265,7 +266,7 @@ $('#switchManagementEdit select[name=rack]').change(function() {
 <div class="pFooter">
 	<div class="btn-group">
 		<button class="btn btn-sm btn-default hidePopups"><?php print _('Cancel'); ?></button>
-		<button class="btn btn-sm btn-default <?php if($_POST['action']=="delete") { print "btn-danger"; } else { print "btn-success"; } ?>" id="editSwitchsubmit"><i class="fa <?php if($_POST['action']=="add") { print "fa-plus"; } else if ($_POST['action']=="delete") { print "fa-trash-o"; } else { print "fa-check"; } ?>"></i> <?php print escape_input(ucwords(_($_POST['action']))); ?></button>
+		<button class="btn btn-sm btn-default <?php if($Params->action=="delete") { print "btn-danger"; } else { print "btn-success"; } ?>" id="editSwitchsubmit"><i class="fa <?php if($Params->action=="add") { print "fa-plus"; } else if ($Params->action=="delete") { print "fa-trash-o"; } else { print "fa-check"; } ?>"></i> <?php print escape_input(ucwords(_($Params->action))); ?></button>
 	</div>
 
 	<!-- result -->