admin 20

ride/promo/update.php

@@ -2,30 +2,39 @@
 require_once __DIR__ . '/../../connect.php';
 
 $id = filterRequest("id");
-$promoCode = filterRequest("promoCode");
-$description = filterRequest("description");
-$validityStartDate = filterRequest("validityStartDate");
-$validityEndDate = filterRequest("validityEndDate");
+if (empty($id)) {
+    jsonError("ID is required for update");
+    exit;
+}
 
-$sql = "UPDATE `promos` SET
-  `promo_code` = :promoCode,
-  `description` = :description,
-  `validity_start_date` = :validityStartDate,
-  `validity_end_date` = :validityEndDate
-WHERE `id` = :id";
+$allowedFields = [
+    "promo_code", "amount", "description", "passengerID", 
+    "validity_start_date", "validity_end_date"
+];
+
+$setParts = [];
+$params = [];
+
+foreach ($allowedFields as $field) {
+    if (isset($_POST[$field])) {
+        $value = filterRequest($field);
+        $setParts[] = "`$field` = :$field";
+        $params[":$field"] = $value;
+    }
+}
+
+if (empty($setParts)) {
+    jsonError("No valid fields to update.");
+    exit;
+}
+
+$sql = "UPDATE `promos` SET " . implode(", ", $setParts) . " WHERE `id` = :id";
+$params[":id"] = $id;
 
 $stmt = $con->prepare($sql);
-$stmt->bindParam(':promoCode', $promoCode);
-stmt->bindParam(':description', $description);
-stmt->bindParam(':validityStartDate', $validityStartDate);
-$stmt->bindParam(':validityEndDate', $validityEndDate);
-stmt->bindParam(':id', $id, PDO::PARAM_INT);
-
-$stmt->execute();
-
-if ($stmt->rowCount() > 0) {
-    jsonSuccess(null, "Promo data updated successfully");
+if ($stmt->execute($params)) {
+    jsonSuccess(null, "Promo updated successfully");
 } else {
-    jsonError("Failed to update promo data");
+    jsonError("Failed to update promo");
 }
 ?>