checkAuth()) { header("Location: /index.html?status=500&error=Unauthorized"); exit; } if (!isset($_POST["id"]) || !isset($_POST["name"]) || !isset($_POST["mail"]) || !isset($_POST["number"])) { die('{"status":500, "error":"Missing fields"}'); } $name = htmlspecialchars($_POST["name"]); $mail = htmlspecialchars($_POST["mail"]); $number = intval(htmlspecialchars($_POST["number"])); echo $number; $id = intval(htmlspecialchars($_POST["id"])); if (isset($_POST["enabled2"])) { $enabled = 1; }else{ $enabled = 0; } $db = $api->getDB(); $sql = "UPDATE opfer SET name = :name, mail = :mail, number = :number, status = :status WHERE id = :id"; $stmt = $db->prepare($sql); $sql_exec = $stmt->execute([':name' => $name, ':mail' => $mail, ':number' => $number, ':status' => $enabled, ':id' => $id]); if ($sql_exec) { header("Location: /index.html?status=200"); }else{ header("Location: /index.html?status=500&error=SQL Error"); } exit; ?>