WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a51fd9dbebc85d50d4ddeadbcb401fc3d8b75765
WKVS/www/intern/scripts/rechnungen/ajax_delete_order.php
Fabio Herzig a51fd9dbeb First version, for githup; UNSTABLE, DO NOT USE!
2026-04-12 21:25:44 +02:00

74 lines
2.0 KiB
PHP
Raw Blame History

<?php
header('Content-Type: application/json');
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 0 ) {
http_response_code(403);
exit;
}
if (!isset($baseDir)) {
$baseDir = $_SERVER['DOCUMENT_ROOT'];
}
$type = 'wkl';
$data = include $baseDir . '/../scripts/db/db-verbindung-script.php';
if ($data['success'] === false){
echo json_encode(['success' => false, 'message' => $data['message']]);
http_response_code(500);
exit;
}
require $baseDir . '/../scripts/db/db-tables.php';
if (!isset($_POST['ids']) || !is_array($_POST['ids']) || count($_POST['ids']) < 1) {
echo json_encode(['success' => false, 'message' => 'Keine Id angegeben']);
http_response_code(422);
exit;
}
$ids = $_POST['ids'];
// Validate: all IDs must be integers
$ids = array_filter($ids, fn($id) => ctype_digit(strval($id)));
if (count($ids) === 0) {
echo json_encode(['success' => false, 'message' => 'Kein gültiger Input']);
http_response_code(422);
exit;
}
// Build placeholders for prepared statement
$placeholders = implode(',', array_fill(0, count($ids), '?'));
// Prepare the SQL statement
$sql = "DELETE FROM $tableOrders WHERE order_id IN ($placeholders)";
$stmt = $mysqli->prepare($sql);
if (!$stmt) {
echo json_encode(['success' => false, 'message' => 'Fehler beim Vorbereiten der Abfrage']);
http_response_code(500);
exit;
}
// Bind parameters dynamically
$types = str_repeat('i', count($ids)); // all integers
$stmt->bind_param($types, ...$ids);
// Execute
if (!$stmt->execute()) {
echo json_encode(['success' => false, 'message' => 'Fehler beim Löschen']);
http_response_code(500);
exit;
}
$stmt->close();
$mysqli->close();
echo json_encode(['success' => true, 'message' => 'Bestellungen erfolgreich gelöscht']);
http_response_code(200);
exit;
Reference in New Issue View Git Blame Copy Permalink