34567-vm/taxes/update.php

<?php
require_once '../db/config.php';

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') { 
    http_response_code(405);
    echo json_encode(['error' => 'Method Not Allowed']);
    exit;
}

$id = $_GET['id'] ?? null;

if (!$id) {
    http_response_code(400);
    echo json_encode(['error' => 'Tax ID is required']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);

$name = $data['name'] ?? null;
$rate = $data['rate'] ?? null;

if (!$name || !isset($rate)) {
    http_response_code(400);
    echo json_encode(['error' => 'Missing required fields: name, rate']);
    exit;
}

if (!is_numeric($rate) || $rate < 0 || $rate > 100) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid rate. Must be a number between 0 and 100.']);
    exit;
}

try {
    $pdo = db();

    $stmt = $pdo->prepare("SELECT id FROM taxes WHERE id = ?");
    $stmt->execute([$id]);
    if (!$stmt->fetch()) {
        http_response_code(404);
        echo json_encode(['error' => 'Tax not found']);
        exit;
    }

    $stmt = $pdo->prepare("UPDATE taxes SET name = ?, rate = ? WHERE id = ?");
    $stmt->execute([$name, $rate, $id]);

    echo json_encode(['success' => 'Tax updated successfully']);

} catch (PDOException $e) {
    if ($e->errorInfo[1] == 1062) { // Duplicate entry
        http_response_code(409);
        echo json_encode(['error' => 'A tax with this name already exists.']);
    } else {
        http_response_code(500);
        echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
    }
}