41 lines
1.2 KiB
PHP
41 lines
1.2 KiB
PHP
<?php include('include/headscript.php'); ?>
|
|
<?php
|
|
// Include database connection details
|
|
// Assuming you have an existing connection to the database
|
|
$conn = new mysqli($servername, $username, $password, $database);
|
|
|
|
// Check connection
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
// Retrieve the POST data
|
|
$field = $_POST['field'];
|
|
$value = $_POST['value'];
|
|
$idyogaschool = $_POST['idyogaschool'];
|
|
|
|
// Ensure the field name is a valid column in the database
|
|
$validFields = ['nameschool', 'address', 'country', 'referencemeailschool', 'schooldescription', 'shortschooldescription', 'city', 'zip', 'emailschool', 'referencenameschool', 'latitude' . 'longitude'];
|
|
|
|
if (in_array($field, $validFields)) {
|
|
// Prepare the SQL statement using prepared statements to prevent SQL injection
|
|
$stmt = $conn->prepare("UPDATE yogaschool SET $field = ? WHERE idyogaschool = ?");
|
|
$stmt->bind_param("si", $value, $idyogaschool);
|
|
|
|
// Execute the statement
|
|
if ($stmt->execute()) {
|
|
echo "Field updated successfully";
|
|
} else {
|
|
echo "Error updating field: " . $conn->error;
|
|
}
|
|
|
|
// Close the statement
|
|
$stmt->close();
|
|
} else {
|
|
echo "Invalid field";
|
|
}
|
|
|
|
// Close the connection
|
|
$conn->close();
|
|
?>
|