prepare(' INSERT INTO block_info (modx_user_id, name, block_id, location, area, gps, status, date_added) VALUES (?, ?, ?, ?, ?, ?, 0, CURDATE()) '); $stmt->execute([$userId, $name, $blockId, $location, (int) $areaHa, $gps]); $_SESSION['flash_success'] = 'Paddock "' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '" created.'; header('Location: /dashboard/crop-cards/'); exit; } if ($action === 'edit') { $recordId = (int) ($_POST['record_id'] ?? 0); if ($recordId <= 0) { $_SESSION['flash_error'] = 'Invalid record.'; header('Location: /dashboard/crop-cards/'); exit; } // Ownership check $check = $pdo->prepare('SELECT id FROM block_info WHERE id = ? AND modx_user_id = ? LIMIT 1'); $check->execute([$recordId, $userId]); if (!$check->fetch()) { $_SESSION['flash_error'] = 'Record not found or access denied.'; header('Location: /dashboard/crop-cards/'); exit; } $stmt = $pdo->prepare(' UPDATE block_info SET name = ?, block_id = ?, location = ?, area = ?, gps = ? WHERE id = ? AND modx_user_id = ? '); $stmt->execute([$name, $blockId, $location, (int) $areaHa, $gps, $recordId, $userId]); $_SESSION['flash_success'] = 'Paddock "' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . '" updated.'; header('Location: /dashboard/crop-cards/'); exit; } // Unknown action header('Location: /dashboard/crop-cards/'); exit;