22 lines
751 B
PHP
22 lines
751 B
PHP
<?php
|
|
include('../include/headscript.php');
|
|
include("../class/company.php");
|
|
$conn = new mysqli($servername, $username, $password, $database);
|
|
if (isset($_POST['id'], $_POST['field'], $_POST['value'])) {
|
|
$id = $_POST['id'];
|
|
$field = $_POST['field'];
|
|
$value = $_POST['value'];
|
|
|
|
// Proteggi da SQL injection utilizzando prepared statements
|
|
$stmt = $conn->prepare("UPDATE compundsvocabulary SET $field = ? WHERE idcompoundsvocabulary = ?");
|
|
$stmt->bind_param('si', $value, $id);
|
|
|
|
if ($stmt->execute()) {
|
|
echo json_encode(['success' => true]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => $stmt->error]);
|
|
}
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid input']);
|
|
}
|