trf_certest/public/userarea/update_photo_flags.php

<?php
include('include/headscript.php');

header('Content-Type: application/json');

try {
    $db = DBHandlerSelect::getInstance();
    $pdo = $db->getConnection();

    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        throw new Exception('Metodo non valido');
    }

    $photoId = isset($_POST['photo_id']) ? (int)$_POST['photo_id'] : 0;
    $field = isset($_POST['field']) ? trim($_POST['field']) : '';
    $value = isset($_POST['value']) ? (int)$_POST['value'] : 0;

    if ($photoId <= 0) {
        throw new Exception('photo_id mancante o non valido');
    }

    $allowedFields = ['StampaNelRapporto', 'PrimaPagina'];
    if (!in_array($field, $allowedFields, true)) {
        throw new Exception('Campo non consentito');
    }

    $value = $value === 1 ? 1 : 0;

    // Recupera la foto per sapere a quale record padre appartiene
    $stmt = $pdo->prepare("
        SELECT id, iddatadb, idquotations
        FROM datadb_photos
        WHERE id = ?
        LIMIT 1
    ");
    $stmt->execute([$photoId]);
    $photo = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$photo) {
        throw new Exception('Foto non trovata');
    }

    $iddatadb = !empty($photo['iddatadb']) ? (int)$photo['iddatadb'] : null;
    $idquotations = !empty($photo['idquotations']) ? (int)$photo['idquotations'] : null;

    $pdo->beginTransaction();

    if ($field === 'PrimaPagina' && $value === 1) {
        // Solo una foto può essere PrimaPagina per lo stesso record padre
        if ($iddatadb) {
            $stmtReset = $pdo->prepare("
                UPDATE datadb_photos
                SET PrimaPagina = 0
                WHERE iddatadb = ?
            ");
            $stmtReset->execute([$iddatadb]);
        } elseif ($idquotations) {
            $stmtReset = $pdo->prepare("
                UPDATE datadb_photos
                SET PrimaPagina = 0
                WHERE idquotations = ?
            ");
            $stmtReset->execute([$idquotations]);
        }
    }

    $stmtUpdate = $pdo->prepare("
        UPDATE datadb_photos
        SET {$field} = ?
        WHERE id = ?
    ");
    $stmtUpdate->execute([$value, $photoId]);

    $pdo->commit();

    echo json_encode([
        'success' => true,
        'photo_id' => $photoId,
        'field' => $field,
        'value' => $value
    ]);
} catch (Exception $e) {
    if (isset($pdo) && $pdo->inTransaction()) {
        $pdo->rollBack();
    }

    echo json_encode([
        'success' => false,
        'message' => $e->getMessage()
    ]);
}