Primo commit: trasferimento del progetto PPEasy
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
require_once '../Connections/cmctrfdb.php';
|
||||
require_once '../webassist/mysqli/rsobj.php';
|
||||
|
||||
$cmctrfdb = new mysqli($servername, $username, $password, $dbname);
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
$id = $_POST['id'];
|
||||
$field = $_POST['field'];
|
||||
$value = $_POST['value'];
|
||||
|
||||
// Sanitize field name to prevent SQL injection
|
||||
$allowed_fields = ['level', 'degradationpercentage'];
|
||||
if (!in_array($field, $allowed_fields)) {
|
||||
echo "error";
|
||||
exit;
|
||||
}
|
||||
|
||||
// Prepare the SQL statement
|
||||
$query = "UPDATE trfchemicalagent SET $field = ? WHERE idtrfchemicalagent = ?";
|
||||
$stmt = $cmctrfdb->prepare($query);
|
||||
$stmt->bind_param('si', $value, $id);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
echo "success";
|
||||
} else {
|
||||
echo "error";
|
||||
}
|
||||
|
||||
$stmt->close();
|
||||
}
|
||||
Reference in New Issue
Block a user