diff --git a/admin-update.php b/admin-update.php index 70a6d3bf3a12b6567304d5cc59a37d71ff48f3ba..a77fc0959e948d39ec0198ca8d5a17cb5f031d8a 100644 --- a/admin-update.php +++ b/admin-update.php @@ -1,9 +1,9 @@ <?php +if (session_id() == '' || !isset($_SESSION)) { + session_start(); +} -//if (session_status() !== PHP_SESSION_ACTIVE) {session_start();} -if(session_id() == '' || !isset($_SESSION)){session_start();} - -if($_SESSION["type"]!="admin") { +if ($_SESSION["type"] != "admin") { header("location:index.php"); } @@ -12,34 +12,33 @@ include 'config.php'; $_SESSION["products_id"] = array(); $_SESSION["products_id"] = $_REQUEST['quantity']; - $result = $mysqli->query("SELECT * FROM products ORDER BY id asc"); -$i=0; -$x=1; +$i = 0; +$x = 1; -if($result) { - while($obj = $result->fetch_object()) { - if(empty($_SESSION["products_id"][$i])) { +if ($result) { + while ($obj = $result->fetch_object()) { + if (empty($_SESSION["products_id"][$i])) { $i++; $x++; - } - else { - $newqty = $obj->qty + $_SESSION["products_id"][$i]; - if($newqty < 0) $newqty = 0; //So, Qty will not be in negative. - $update = $mysqli->query("UPDATE products SET qty =".$newqty." WHERE id =".$x); - if($update) + } else { + $newqty = $obj->qty + intval($_SESSION["products_id"][$i]); // Use intval to sanitize input as an integer + if ($newqty < 0) $newqty = 0; // So, Qty will not be in negative. + + // Use prepared statement to update the product quantity + $stmt = $mysqli->prepare("UPDATE products SET qty = ? WHERE id = ?"); + $stmt->bind_param("ii", $newqty, $x); + + if ($stmt->execute()) { echo 'Data Updated'; + } + $stmt->close(); $i++; $x++; } } } - - -header ("location:success.php"); - - - +header("location:success.php"); ?>