diff --git a/admin-update.php b/admin-update.php
index 70a6d3bf3a12b6567304d5cc59a37d71ff48f3ba..a77fc0959e948d39ec0198ca8d5a17cb5f031d8a 100644
--- a/admin-update.php
+++ b/admin-update.php
@@ -1,9 +1,9 @@
 <?php
+if (session_id() == '' || !isset($_SESSION)) {
+  session_start();
+}
 
-//if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
-if(session_id() == '' || !isset($_SESSION)){session_start();}
-
-if($_SESSION["type"]!="admin") {
+if ($_SESSION["type"] != "admin") {
   header("location:index.php");
 }
 
@@ -12,34 +12,33 @@ include 'config.php';
 $_SESSION["products_id"] = array();
 $_SESSION["products_id"] = $_REQUEST['quantity'];
 
-
 $result = $mysqli->query("SELECT * FROM products ORDER BY id asc");
-$i=0;
-$x=1;
+$i = 0;
+$x = 1;
 
-if($result) {
-  while($obj = $result->fetch_object()) {
-    if(empty($_SESSION["products_id"][$i])) {
+if ($result) {
+  while ($obj = $result->fetch_object()) {
+    if (empty($_SESSION["products_id"][$i])) {
       $i++;
       $x++;
-    }
-    else {
-      $newqty = $obj->qty + $_SESSION["products_id"][$i];
-      if($newqty < 0) $newqty = 0; //So, Qty will not be in negative.
-      $update = $mysqli->query("UPDATE products SET qty =".$newqty." WHERE id =".$x);
-      if($update)
+    } else {
+      $newqty = $obj->qty + intval($_SESSION["products_id"][$i]); // Use intval to sanitize input as an integer
+      if ($newqty < 0) $newqty = 0; // So, Qty will not be in negative.
+
+      // Use prepared statement to update the product quantity
+      $stmt = $mysqli->prepare("UPDATE products SET qty = ? WHERE id = ?");
+      $stmt->bind_param("ii", $newqty, $x);
+      
+      if ($stmt->execute()) {
         echo 'Data Updated';
+      }
 
+      $stmt->close();
       $i++;
       $x++;
     }
   }
 }
 
-
-
-header ("location:success.php");
-
-
-
+header("location:success.php");
 ?>