<?php
require "../api.php";

$api = new spamhasiApi();

if (!$api->checkAuth()) {
    die('{"status":500, "error":"Unauthorized"}');
}

if (!isset($_POST["id"])) {
    die('{"status":500, "error":"Missing parameter"}');
}

$id = intval($_POST["id"]);

$db = $api->getDB();

$sql = "SELECT * FROM opfer WHERE id = :id";
$stmt = $db->prepare($sql);
$stmt->execute([':id' => $id]);

$result = $stmt->fetch(PDO::FETCH_ASSOC);

if ($result) {
    $json["opfer"] = $result;
    $json["status"] = 200; 
}else{
    $json["status"] = 500;
    $json["error"] = "Empty SQL Result";
}

die(json_encode($json));
?>