36247-vm/add_prescription.php

<?php
require_once 'auth.php';
require_role('doctor');
require_once 'db/config.php';

header('Content-Type: application/json');

$response = ['success' => false, 'message' => 'An unknown error occurred.'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $visit_id = $_POST['visit_id'] ?? null;
    $patient_id = $_POST['patient_id'] ?? null;
    $medication = $_POST['medication'] ?? null;
    $dosage = $_POST['dosage'] ?? null;
    $frequency = $_POST['frequency'] ?? null;
    $notes = $_POST['notes'] ?? '';
    $doctor_id = $_SESSION['user_id'] ?? null;

    if ($visit_id && $patient_id && $doctor_id && $medication && $dosage && $frequency) {
        try {
            $pdo = db();
            $stmt = $pdo->prepare(
                "INSERT INTO prescriptions (visit_id, patient_id, doctor_id, medication, dosage, frequency, notes) 
                 VALUES (?, ?, ?, ?, ?, ?, ?)"
            );
            $stmt->execute([$visit_id, $patient_id, $doctor_id, $medication, $dosage, $frequency, $notes]);
            
            $response['success'] = true;
            $response['message'] = 'Prescription saved successfully.';

        } catch (PDOException $e) {
            // In a real app, log this error instead of echoing it.
            $response['message'] = 'Database error: ' . $e->getMessage();
        }
    } else {
        $response['message'] = 'Invalid or missing data provided.';
    }
} else {
    $response['message'] = 'Invalid request method.';
}

echo json_encode($response);
?>