<?php
require_once 'conn.php';
checkLogin();

$cid = $_GET['cid'] ?? '';
$eid = $_GET['eid'] ?? '';

if (!is_numeric($cid) || !is_numeric($eid)) {
    echo "<script>alert('参数错误');</script>";
    exit;
}

$tagvalue = urldecode($_GET['tagvalue'] ?? '');

$sql = "SELECT * FROM tagtable WHERE customerId = " . $conn->real_escape_string($cid) . 
       " AND employeeId = " . $conn->real_escape_string($eid) . 
       " AND tagName = '" . $conn->real_escape_string($tagvalue) . "'";

$result = $conn->query($sql);

if ($result && $result->num_rows > 0) {
    // Tag exists, delete it
    $sql = "DELETE FROM tagtable WHERE customerId = " . $conn->real_escape_string($cid) . 
           " AND employeeId = " . $conn->real_escape_string($eid) . 
           " AND tagName = '" . $conn->real_escape_string($tagvalue) . "'";
} else {
    // Tag doesn't exist, add it
    $sql = "INSERT INTO tagtable (tagName, employeeId, customerId) VALUES ('" . 
           $conn->real_escape_string($tagvalue) . "', " . 
           $conn->real_escape_string($eid) . ", " . 
           $conn->real_escape_string($cid) . ")";
}

$conn->query($sql);
?>