<?php
require_once '../Connections/cmctrfdb.php';
require_once '../webassist/mysqli/rsobj.php';

$cmctrfdb = new mysqli($servername, $username, $password, $dbname);

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $id = $_POST['id'];
    $field = $_POST['field'];
    $value = $_POST['value'];

    // Sanitize field name to prevent SQL injection
    $allowed_fields = ['level', 'degradationpercentage'];
    if (!in_array($field, $allowed_fields)) {
        echo "error";
        exit;
    }

    // Prepare the SQL statement
    $query = "UPDATE trfchemicalagent SET $field = ? WHERE idtrfchemicalagent = ?";
    $stmt = $cmctrfdb->prepare($query);
    $stmt->bind_param('si', $value, $id);

    if ($stmt->execute()) {
        echo "success";
    } else {
        echo "error";
    }

    $stmt->close();
}