$error]); exit; } $sql .= ' AND h.verification_status = ?'; $params[] = $status; } if (isset($_GET['masjid_id']) && $_GET['masjid_id'] !== '') { if (!is_numeric($_GET['masjid_id'])) { http_response_code(400); echo json_encode(['error' => 'masjid_id must be numeric']); exit; } $sql .= ' AND h.masjid_id = ?'; $params[] = (int)$_GET['masjid_id']; } if (isset($_GET['pontianak_area_id']) && $_GET['pontianak_area_id'] !== '') { if (!is_numeric($_GET['pontianak_area_id'])) { http_response_code(400); echo json_encode(['error' => 'pontianak_area_id must be numeric']); exit; } $sql .= ' AND h.pontianak_area_id = ?'; $params[] = (int)$_GET['pontianak_area_id']; } if (isset($_GET['q']) && trim((string)$_GET['q']) !== '') { $q = '%' . trim((string)$_GET['q']) . '%'; $sql .= ' AND (h.household_code LIKE ? OR h.head_name LIKE ?)'; $params[] = $q; $params[] = $q; } $limit = 200; if (isset($_GET['limit']) && $_GET['limit'] !== '') { if (!is_numeric($_GET['limit'])) { http_response_code(400); echo json_encode(['error' => 'limit must be numeric']); exit; } $limit = max(1, min((int)$_GET['limit'], 1000)); } $sql .= ' ORDER BY h.created_at DESC LIMIT ' . $limit; $stmt = $db->prepare($sql); $stmt->execute($params); $households = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode([ 'success' => true, 'count' => count($households), 'households' => $households ]); } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => $e->getMessage()]); } } else { http_response_code(405); echo json_encode(['error' => 'Method not allowed']); } ?>