<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'ahmedulmdt_db');
define('DB_PASSWORD', 'TechKnowGram$5');
define('DB_NAME', 'markdowntoday2ah_db');

$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

if ($link === false) {
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

$jsonData = json_decode(file_get_contents('php://input'), true);

if ($jsonData) {
    // Use prepared statements to prevent SQL injection
    $checkProductSql = "SELECT * FROM scraped_products WHERE name = ?";
    $stmt = mysqli_prepare($link, $checkProductSql);
    mysqli_stmt_bind_param($stmt, "s", $jsonData['name']);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

    if (mysqli_num_rows($result) > 0) {
        echo "Product already exists";
    } else {
        $productDataSql = "INSERT INTO scraped_products (
                    name, url, image,
                    model,price)
            VALUES (?, ?, ?, ?, ?)";
        
        $stmt = mysqli_prepare($link, $productDataSql);
        mysqli_stmt_bind_param($stmt, "sssss", 
            $jsonData['name'], $jsonData['url'], $jsonData['image'],
            $jsonData['model'], $jsonData['price']);
        
        $productDataSqlRun = mysqli_stmt_execute($stmt);

        if ($productDataSqlRun) {
            echo "Success";
        } else {
            echo "Failed";
        }
    }
} else {
    echo "Failed";
}
?>