[FIX] Database::execute() → Database::query() in 5 controller

Database non ha metodo execute() — corretto in:
InviteController, ServicesController, WebhookController,
NormativeController, WhistleblowingController.
Causa del HTTP 500 su tutti gli endpoint /api/invites/*.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

application/controllers/InviteController.php

@@ -85,7 +85,7 @@ class InviteController extends BaseController
             $tokenHash = hash('sha256', $rawToken);
             $prefix    = substr($rawToken, 0, 10) . '...';
 
-            Database::execute(
+            Database::query(
                 'INSERT INTO invites
                  (token_prefix, token_hash, plan, duration_months, label, notes,
                   max_uses, max_users_per_org, price_eur, reseller_name,
@@ -153,7 +153,7 @@ class InviteController extends BaseController
         if ($channel) { $where[] = 'channel = ?'; $params[] = $channel; }
 
         // Auto-scaduti: aggiorna status se expires_at passato
-        Database::execute(
+        Database::query(
             "UPDATE invites SET status='expired' WHERE status='pending' AND expires_at < NOW()"
         );
 
@@ -213,7 +213,7 @@ class InviteController extends BaseController
         if (!$row) $this->jsonError('Invito non trovato', 404, 'NOT_FOUND');
         if ($row['status'] === 'used') $this->jsonError('Invito già usato — non revocabile', 422, 'ALREADY_USED');
 
-        Database::execute("UPDATE invites SET status='revoked', updated_at=NOW() WHERE id=?", [$id]);
+        Database::query("UPDATE invites SET status='revoked', updated_at=NOW() WHERE id=?", [$id]);
         $this->logAudit('invite.revoked', 'invite', $id);
         $this->jsonSuccess(['revoked' => true, 'id' => $id]);
     }
@@ -234,7 +234,7 @@ class InviteController extends BaseController
         $tokenHash = hash('sha256', $rawToken);
         $prefix    = substr($rawToken, 0, 10) . '...';
 
-        Database::execute(
+        Database::query(
             "UPDATE invites SET token_prefix=?, token_hash=?, status='pending', updated_at=NOW() WHERE id=?",
             [$prefix, $tokenHash, $id]
         );
@@ -312,7 +312,7 @@ class InviteController extends BaseController
         }
 
         if (strtotime($invite['expires_at']) < time()) {
-            Database::execute("UPDATE invites SET status='expired' WHERE id=?", [$invite['id']]);
+            Database::query("UPDATE invites SET status='expired' WHERE id=?", [$invite['id']]);
             return ['valid' => false, 'invite' => $invite, 'error' => 'Invito scaduto il ' . $invite['expires_at'], 'code' => 'EXPIRED'];
         }
 
@@ -324,7 +324,7 @@ class InviteController extends BaseController
      */
     public static function markUsed(int $inviteId, int $orgId, string $ip): void
     {
-        Database::execute(
+        Database::query(
             "UPDATE invites
              SET used_count = used_count + 1,
                  status     = CASE WHEN used_count + 1 >= max_uses THEN 'used' ELSE 'pending' END,
@@ -423,7 +423,7 @@ class InviteController extends BaseController
             }
 
             // Aggiorna last_used_at
-            Database::execute('UPDATE api_keys SET last_used_at=NOW() WHERE id=?', [$key['id']]);
+            Database::query('UPDATE api_keys SET last_used_at=NOW() WHERE id=?', [$key['id']]);
             return;
         }
 

application/controllers/NormativeController.php

@@ -124,7 +124,7 @@ class NormativeController extends BaseController
 
         if ($existing) {
             // Aggiorna note se già ACK
-            Database::execute(
+            Database::query(
                 'UPDATE normative_ack SET notes = ?, acknowledged_by = ?, acknowledged_at = NOW()
                  WHERE normative_update_id = ? AND organization_id = ?',
                 [$notes ?: null, $this->getCurrentUserId(), $id, $orgId]

application/controllers/ServicesController.php

@@ -95,7 +95,7 @@ class ServicesController extends BaseController
 
         // Aggiorna last_used_at (async: non blocchiamo su errore)
         try {
-            Database::execute(
+            Database::query(
                 'UPDATE api_keys SET last_used_at = NOW() WHERE id = ?',
                 [$record['id']]
             );
@@ -329,7 +329,7 @@ class ServicesController extends BaseController
             $firstName = $parts[0] ?? $email;
             $lastName  = $parts[1] ?? '';
 
-            Database::execute(
+            Database::query(
                 'INSERT INTO users (email, password_hash, first_name, last_name, role, status)
                  VALUES (?, ?, ?, ?, ?, "active")',
                 [$email, '', $firstName, $lastName, $role]
@@ -345,7 +345,7 @@ class ServicesController extends BaseController
             [$userId, $orgId]
         );
         if (!$membership) {
-            Database::execute(
+            Database::query(
                 'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?, ?, ?)',
                 [$userId, $orgId, $role]
             );
@@ -558,7 +558,7 @@ class ServicesController extends BaseController
             $orgId = (int) $existing['id'];
         } else {
             // ── 4. Crea organizzazione ───────────────────────────────────
-            Database::execute(
+            Database::query(
                 'INSERT INTO organizations
                  (name, legal_form, vat_number, fiscal_code, ateco_code, ateco_description,
                   legal_address, pec, phone, annual_turnover_eur, employees,
@@ -602,7 +602,7 @@ class ServicesController extends BaseController
         if ($existingUser) {
             $userId = (int) $existingUser['id'];
         } else {
-            Database::execute(
+            Database::query(
                 'INSERT INTO users (email, password_hash, first_name, last_name, role, status,
                   phone, job_title, must_change_password)
                  VALUES (?,?,?,?,\'super_admin\',\'active\',?,?,1)',
@@ -618,7 +618,7 @@ class ServicesController extends BaseController
             [$userId, $orgId]
         );
         if (!$mem) {
-            Database::execute(
+            Database::query(
                 'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?,?,\'super_admin\')',
                 [$userId, $orgId]
             );
@@ -635,12 +635,12 @@ class ServicesController extends BaseController
             : date('Y-m-d H:i:s', strtotime('+12 months'));
 
         // Revoca eventuali chiavi lg231-integration precedenti (idempotency)
-        Database::execute(
+        Database::query(
             'UPDATE api_keys SET is_active=0 WHERE organization_id=? AND name LIKE \'lg231-integration-%\'',
             [$orgId]
         );
 
-        Database::execute(
+        Database::query(
             'INSERT INTO api_keys (organization_id, name, key_prefix, key_hash, scopes, is_active, expires_at, created_by)
              VALUES (?,?,?,?,?,1,?,?)',
             [

application/controllers/WebhookController.php

@@ -146,7 +146,7 @@ class WebhookController extends BaseController
             $this->jsonError('API Key non trovata', 404, 'NOT_FOUND');
         }
 
-        Database::execute(
+        Database::query(
             'UPDATE api_keys SET is_active = 0, updated_at = NOW() WHERE id = ?',
             [$id]
         );
@@ -273,7 +273,7 @@ class WebhookController extends BaseController
         if (!empty($updates)) {
             $updates['updated_at'] = date('Y-m-d H:i:s');
             $setClauses = implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates)));
-            Database::execute(
+            Database::query(
                 "UPDATE webhook_subscriptions SET {$setClauses} WHERE id = ?",
                 array_merge(array_values($updates), [$id])
             );
@@ -297,7 +297,7 @@ class WebhookController extends BaseController
             $this->jsonError('Webhook non trovato', 404, 'NOT_FOUND');
         }
 
-        Database::execute('DELETE FROM webhook_subscriptions WHERE id = ?', [$id]);
+        Database::query('DELETE FROM webhook_subscriptions WHERE id = ?', [$id]);
         $this->logAudit('webhook_deleted', 'webhook_subscription', $id, ['name' => $sub['name']]);
         $this->jsonSuccess(null, 'Webhook eliminato');
     }

application/controllers/WhistleblowingController.php

@@ -238,7 +238,7 @@ class WhistleblowingController extends BaseController
         }
 
         if (!empty($updates)) {
-            Database::execute(
+            Database::query(
                 'UPDATE whistleblowing_reports SET ' .
                 implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates))) .
                 ', updated_at = NOW() WHERE id = ?',
@@ -265,7 +265,7 @@ class WhistleblowingController extends BaseController
         if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); }
 
         $userId = (int)$this->getParam('user_id');
-        Database::execute(
+        Database::query(
             'UPDATE whistleblowing_reports SET assigned_to = ?, updated_at = NOW() WHERE id = ?',
             [$userId, $id]
         );
@@ -295,7 +295,7 @@ class WhistleblowingController extends BaseController
         if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); }
 
         $resolution = trim($this->getParam('resolution_notes', ''));
-        Database::execute(
+        Database::query(
             'UPDATE whistleblowing_reports SET status = "closed", closed_at = NOW(),
              closed_by = ?, resolution_notes = ?, updated_at = NOW() WHERE id = ?',
             [$this->getCurrentUserId(), $resolution, $id]