'Invalid request'])); } $id = intval($_POST['id']); // Sanitize ID $column = $_POST['column']; $old_value = $_POST['old_value']; $new_value = $_POST['new_value']; // Allowed columns for security (prevent SQL injection) $allowed_columns = [ 'ac_reg', 'ac_type', 'ac_call', 'captain', 'in_from', 'pob_in', 'eta', 'fuel', 'pob_out', 'out_to', 'etd', 'email', 'phone', 'notes' ]; if (!in_array($column, $allowed_columns)) { die(json_encode(['error' => 'Invalid column'])); } // Convert eta or etd to UTC if supplied if (in_array($column, ['eta', 'etd'])) { $date = new DateTime($new_value, new DateTimeZone('Europe/London')); $date->setTimezone(new DateTimeZone('UTC')); $new_value = $date->format('Y-m-d H:i:s'); } $stmt = $conn->prepare("UPDATE submitted SET `$column` = ? WHERE id = ?"); if (!$stmt) { die(json_encode(['error' => 'Prepare statement failed'])); } $stmt->bind_param("si", $new_value, $id); $success = $stmt->execute(); $stmt->close(); // If update successful, log the change if ($success) { $message = $column . " changed from " . $old_value . " to " . $new_value; logJournal($conn, $id, $message); } $conn->close(); // Return JSON response echo json_encode([ 'success' => $success, 'column' => $column, 'old_value' => $old_value, 'new_value' => $new_value ]); ?>