'Missing QID parameter']); exit; } $qid = $_POST['qid']; $input = $_POST['survey'] ?? ''; if (preg_match('/^SV_[a-zA-Z0-9]+$/', $input)) { // Input is valid $survey = $input; } else { // Invalid format die("Invalid survey ID format."); } $q1 = filter_input(INPUT_POST, 'Q1', FILTER_VALIDATE_INT); $q2 = filter_input(INPUT_POST, 'Q2', FILTER_VALIDATE_INT); $q3 = filter_input(INPUT_POST, 'Q3', FILTER_VALIDATE_INT); } $qualifier = " AND s.surveyId = '${survey}'"; if ($q1 > 0) { $qualifier.=" AND r.Q1 = " . $q1; } if ($q2 > 0) { $qualifier.=" AND r.Q2 = " . $q2; } if ($q3 > 0) { $qualifier.=" AND r.Q3 = " . $q3; } // Database connection (adjust credentials accordingly) // $config = require 'config.php'; $host = $config['db_host']; $db = $config['db_name']; $user = $config['db_user']; $pass = $config['db_pass']; $charset = 'utf8mb4'; $dsn = "mysql:host=$host;dbname=$db;charset=$charset"; $options = [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, ]; try { $pdo = new PDO($dsn, $user, $pass, $options); $sql = " SELECT a.text FROM Answers a INNER JOIN Responses r ON a.responseId = r.id INNER JOIN Surveys s ON a.surveyId = s.id WHERE a.QID = :qid ".$qualifier; // echo $sql; $stmt = $pdo->prepare($sql); $stmt->execute(['qid' => $qid]); $results = $stmt->fetchAll(); $json = json_encode($results); echo $json; if ($json === false) { echo json_last_error_msg(); } } catch (PDOException $e) { echo json_encode(['error' => 'Database error: ' . $e->getMessage()]); exit; }