<?php include('include/headscript.php'); ?>
<?php
// Include database connection details
// Assuming you have an existing connection to the database
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Retrieve the POST data
$field = $_POST['field'];
$value = $_POST['value'];
$idyogaschool = $_POST['idyogaschool'];

// Ensure the field name is a valid column in the database
$validFields = ['nameschool', 'address', 'country', 'referencemeailschool', 'schooldescription', 'shortschooldescription', 'city', 'zip', 'emailschool', 'referencenameschool', 'latitude' . 'longitude'];

if (in_array($field, $validFields)) {
    // Prepare the SQL statement using prepared statements to prevent SQL injection
    $stmt = $conn->prepare("UPDATE yogaschool SET $field = ? WHERE idyogaschool = ?");
    $stmt->bind_param("si", $value, $idyogaschool);

    // Execute the statement
    if ($stmt->execute()) {
        echo "Field updated successfully";
    } else {
        echo "Error updating field: " . $conn->error;
    }

    // Close the statement
    $stmt->close();
} else {
    echo "Invalid field";
}

// Close the connection
$conn->close();
?>