prepare('SELECT * FROM courses WHERE courses_name LIKE ? ORDER BY courses_name ASC'); $stmt->execute([$search]); json_success(['courses' => $stmt->fetchAll()]); break; case 'get': if (!$id) json_error('ID required'); $stmt = $db->prepare('SELECT * FROM courses WHERE record_id=?'); $stmt->execute([$id]); $row = $stmt->fetch(); if (!$row) json_error('Not found', 404); json_success(['course' => $row]); break; case 'create': require_admin($user); $fields = ['courses_name','valid_for','unit_standard_number','is_a_code_capacity_type_course','produce_cards','expiry_refresher_heading','certificate_no_prefix','capacity','code','restricitions','attachement','client_other_info','company_specific_template_name','facilitator_hod_names','assesor_name','assesor_reg_no']; $data = []; foreach ($fields as $f) $data[$f] = $_POST[$f] ?? ''; if (empty($data['courses_name'])) json_error('Course name required'); $cols = implode(',', $fields); $ph = implode(',', array_fill(0, count($fields), '?')); $db->prepare("INSERT INTO courses ($cols) VALUES ($ph)")->execute(array_values($data)); json_success(['id' => $db->lastInsertId()], 'Course created'); break; case 'update': require_admin($user); if (!$id) json_error('ID required'); $fields = ['courses_name','valid_for','unit_standard_number','is_a_code_capacity_type_course','produce_cards','expiry_refresher_heading','certificate_no_prefix','capacity','code','restricitions','attachement','client_other_info','company_specific_template_name','facilitator_hod_names','assesor_name','assesor_reg_no']; $sets = []; $vals = []; foreach ($fields as $f) { if (isset($_POST[$f])) { $sets[] = "$f=?"; $vals[] = $_POST[$f]; } } if (empty($sets)) json_error('Nothing to update'); $vals[] = $id; $db->prepare('UPDATE courses SET ' . implode(',', $sets) . ' WHERE record_id=?')->execute($vals); json_success([], 'Course updated'); break; case 'delete': require_admin($user); if (!$id) json_error('ID required'); $db->prepare('DELETE FROM courses WHERE record_id=?')->execute([$id]); json_success([], 'Course deleted'); break; // ── Certificates ───────────────────────────────────────────────────────── case 'list_certificates': $emp_id = (int)($_GET['client_employees_id'] ?? 0); $where = $emp_id ? 'cert.client_employees_id=?' : '1'; $params = $emp_id ? [$emp_id] : []; $stmt = $db->prepare( "SELECT cert.*, e.client_employees_name, e.surname, c.courses_name FROM certificates cert LEFT JOIN client_employees e ON e.record_id = cert.client_employees_id LEFT JOIN courses c ON c.record_id = cert.courses_id WHERE $where ORDER BY cert.record_id DESC" ); $stmt->execute($params); json_success(['certificates' => $stmt->fetchAll()]); break; case 'create_certificate': require_admin($user); $fields = ['certificate_number','prefix','client_employees_id','date_time_created','date_time_of_certification','expiry_date','certification_template','nqf_level','credits','dol_ci_no','iso_no','unit_std_no','courses_id']; $data = []; foreach ($fields as $f) $data[$f] = $_POST[$f] ?? ''; $data['safesure_users_id'] = $user['record_id']; $all_fields = array_merge($fields, ['safesure_users_id']); $cols = implode(',', $all_fields); $ph = implode(',', array_fill(0, count($all_fields), '?')); $vals = array_map(fn($f) => $data[$f], $all_fields); $db->prepare("INSERT INTO certificates ($cols) VALUES ($ph)")->execute($vals); json_success(['id' => $db->lastInsertId()], 'Certificate created'); break; default: json_error('Unknown action'); } } catch (Throwable $e) { json_error('DB error: ' . $e->getMessage() . ' in ' . basename($e->getFile()) . ':' . $e->getLine(), 500); }