It seems like your code is vulnerable to SQL injection, which could be causing issues, especially when running on the web server. It's always essential to sanitize user inputs to prevent such vulnerabilities.
<?php
if (isset($_GET['COMPANY_ID'])) {
include('dataconn/connection.php');
// Prepare an update statement
$sql = "UPDATE `MASTER_COMPANY` SET `COMPANY_STATUS`=? WHERE `COMPANY_ID`=?";
// Attempt to prepare the SQL statement
if ($stmt = mysqli_prepare($con, $sql)) {
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "si", $PCompanySts, $id);
// Set parameters
$id = $_GET['COMPANY_ID'];
$PCompanySts = "N";
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)) {
session_start();
$_SESSION["delete"] = "Company Deleted Successfully!";
header("Location: /Companyindex.php");
exit();
} else {
echo "Something went wrong";
}
// Close statement
mysqli_stmt_close($stmt);
} else {
echo "Error: Unable to prepare SQL statement.";
}
// Close connection
mysqli_close($con);
} else {
echo "Company does not exist";
}
?>
In this code:
We're using prepared statements to safely execute the SQL query.
User inputs are sanitized through parameter binding, reducing the risk of SQL injection.
I've added exit() after the redirect header to ensure that no further code is executed after the redirection.
Best Regard
Danish Hafeez | QA Assistant
ICTInnovations