<?php
header('Content-Type: application/json');
include '../cms_admin/db_connection.php'; // Include your database connection file

// Initialize an empty array for suggestions
$suggestions = [];

if (isset($_GET['query'])) {
    // Limit the input length and sanitize the input
    $query = substr($_GET['query'], 0, 100);
    $query = trim($query);

    // Ensure the query is not empty after trimming
    if (!empty($query)) {
        // Use a prepared statement to prevent SQL injection
        $stmt = $conn->prepare("SELECT id, title FROM products WHERE title LIKE CONCAT(?, '%') LIMIT 10");
        $stmt->bind_param('s', $query);

        // Execute the statement and get the result
        if ($stmt->execute()) {
            $result = $stmt->get_result();

            while ($row = $result->fetch_assoc()) {
                $suggestions[] = [
                    'title' => htmlspecialchars($row['title']), // Prevent XSS
                    'url' => 'product_details?id=' . urlencode($row['id'])
                ];
            }
        } else {
            // Handle SQL execution error (optional, you could log the error)
            http_response_code(500);
            echo json_encode(['error' => 'An error occurred while fetching suggestions.']);
            exit;
        }

        $stmt->close();
    }
}

echo json_encode(['suggestions' => $suggestions]);

// Close the database connection
$conn->close();
?>