prepare("SELECT * FROM customers WHERE id = ? AND deleted_at IS NULL"); $stmt->execute([$id]); $customer = $stmt->fetch(); } $page_title = $id ? "Edit Customer" : "Add Customer"; if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!validate_csrf($_POST['csrf_token'] ?? '')) { die("CSRF token validation failed"); } $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; $address = $_POST['address']; $category = $_POST['category']; $status = $_POST['status']; if ($id) { $stmt = db()->prepare("UPDATE customers SET name = ?, email = ?, phone = ?, address = ?, category = ?, status = ? WHERE id = ?"); $stmt->execute([$name, $email, $phone, $address, $category, $status, $id]); } else { $stmt = db()->prepare("INSERT INTO customers (name, email, phone, address, category, status) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->execute([$name, $email, $phone, $address, $category, $status]); $id = db()->lastInsertId(); } // Log action $log_stmt = db()->prepare("INSERT INTO audit_logs (user_id, action, entity_type, entity_id, details) VALUES (?, ?, ?, ?, ?)"); $log_stmt->execute([$_SESSION['user_id'], $id ? 'UPDATE' : 'CREATE', 'CUSTOMER', $id, "Name: $name"]); $_SESSION['success'] = "Customer " . ($id ? "updated" : "created") . " successfully."; header("Location: customers.php"); exit; } require_once 'includes/header.php'; ?>

Cancel