32 lines
988 B
PHP
32 lines
988 B
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
// استقبال المتغيرات — force user IDs from JWT based on role
|
|
$rideID = filterRequest("rideID");
|
|
$note = filterRequest("note");
|
|
|
|
// Force driverID/passengerID from JWT based on user role
|
|
if ($role === 'driver') {
|
|
$driverID = $user_id;
|
|
$passengerID = filterRequest("passengerID");
|
|
} else {
|
|
$passengerID = $user_id;
|
|
$driverID = filterRequest("driverID");
|
|
}
|
|
|
|
// تنفيذ الإدخال بطريقة آمنة
|
|
$sql = "INSERT INTO `canecl` (`driverID`, `passengerID`, `rideID`, `note`)
|
|
VALUES (:driverID, :passengerID, :rideID, :note)";
|
|
$stmt = $con->prepare($sql);
|
|
$stmt->bindParam(':driverID', $driverID);
|
|
$stmt->bindParam(':passengerID', $passengerID);
|
|
$stmt->bindParam(':rideID', $rideID);
|
|
$stmt->bindParam(':note', $note);
|
|
$stmt->execute();
|
|
|
|
if ($stmt->rowCount() > 0) {
|
|
jsonSuccess(null, "Record inserted successfully");
|
|
} else {
|
|
jsonError("Failed to insert record");
|
|
}
|
|
?>
|