'Unauthorized']); exit; } $cid = trim($_GET['customer_id'] ?? ''); if (!$cid) { echo json_encode(['error'=>'No customer ID','orders'=>[]]); exit; } try { $orders = db()->fetchAll( "SELECT order_id, order_number, total, order_status, payment_status, items, shipping_address, tracking_number, created_at FROM orders WHERE customer_id = :id ORDER BY created_at DESC", ['id' => $cid] ); echo json_encode(['success'=>true,'orders'=>$orders]); } catch (Exception $e) { echo json_encode(['error'=>$e->getMessage(),'orders'=>[]]); }