false,'error'=>'Missing id']); exit; } $allow = ['guests','bar_package','chairs','tables','additional_services','discount_cents','notes_internal','notes_client','event_date']; $set = []; $params = []; foreach ($allow as $k) { if (array_key_exists($k, $body)) { $set[] = "$k = :$k"; $params[":$k"] = $body[$k]; } } if (!$set) { echo json_encode(['ok'=>false,'error'=>'No fields']); exit; } $params[':id'] = $id; $sql = "UPDATE quotes SET ".implode(',',$set)." WHERE id=:id"; $pdo->beginTransaction(); try { $stmt = $pdo->prepare($sql); $stmt->execute($params); $evt = $pdo->prepare("INSERT INTO quote_events(quote_id,event_type,details,actor) VALUES (?,?,?,?)"); $evt->execute([$id,'Edited',json_encode($body,JSON_UNESCAPED_UNICODE), $_SESSION['admin_email'] ?? 'admin']); $pdo->commit(); echo json_encode(['ok'=>true]); } catch(Exception $e) { $pdo->rollBack(); echo json_encode(['ok'=>false,'error'=>$e->getMessage()]); }