$rule) { $value = $data[$field] ?? null; // Check required if (isset($rule['required']) && $rule['required'] && empty($value)) { $errors[$field] = "Field '{$field}' is required"; continue; } // Skip validation if value is empty and not required if (empty($value) && (!isset($rule['required']) || !$rule['required'])) { continue; } // Check type if (isset($rule['type'])) { switch ($rule['type']) { case 'string': if (!is_string($value)) { $errors[$field] = "Field '{$field}' must be string"; } break; case 'integer': if (!is_numeric($value)) { $errors[$field] = "Field '{$field}' must be numeric"; } break; case 'double': if (!is_numeric($value)) { $errors[$field] = "Field '{$field}' must be numeric"; } break; case 'enum': if (isset($rule['values']) && !in_array($value, $rule['values'])) { $errors[$field] = "Field '{$field}' has invalid value"; } break; } } // Check length if (isset($rule['maxLength']) && strlen($value) > $rule['maxLength']) { $errors[$field] = "Field '{$field}' exceeds max length ({$rule['maxLength']})"; } // Check min/max if (isset($rule['min']) && $value < $rule['min']) { $errors[$field] = "Field '{$field}' must be >= {$rule['min']}"; } if (isset($rule['max']) && $value > $rule['max']) { $errors[$field] = "Field '{$field}' must be <= {$rule['max']}"; } } return $errors; } /** * Sanitize input to prevent SQL injection */ function sanitizeInput($data, $conn) { if (is_array($data)) { foreach ($data as $key => $value) { $data[$key] = sanitizeInput($value, $conn); } return $data; } if (is_string($data)) { return $conn->real_escape_string(trim($data)); } return $data; } /** * Send JSON response */ function sendResponse($success, $message, $data = null, $code = 200) { http_response_code($code); $response = [ 'success' => $success, 'message' => $message, 'timestamp' => date('Y-m-d H:i:s') ]; if ($data !== null) { $response['data'] = $data; } echo json_encode($response); exit; } /** * Send error response */ function sendError($message, $code = 400, $errors = null) { http_response_code($code); $response = [ 'success' => false, 'message' => $message, 'timestamp' => date('Y-m-d H:i:s') ]; if ($errors !== null) { $response['errors'] = $errors; } echo json_encode($response); exit; } /** * Log activity */ function logActivity($conn, $action, $details, $user = null) { $timestamp = date('Y-m-d H:i:s'); $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; $details_json = $conn->real_escape_string(json_encode($details)); $sql = "INSERT INTO activity_log (action, details, user_name, ip_address, created_at) VALUES ('$action', '$details_json', '" . ($user ?? 'system') . "', '$ip', '$timestamp')"; $conn->query($sql); } /** * Get database connection */ function getConnection() { $conn = new mysqli("localhost", "root", "", "webgis_unified"); if ($conn->connect_error) { sendError("Database connection failed: " . $conn->connect_error, 500); } $conn->set_charset("utf8mb4"); return $conn; } ?>