Hej
Solution:
To fix the bug in your script, you will need to ensure that your script verifies the packetname - qr_id association in the database. To do so, you can add a prepared statement that queries the database to determine if the submitted qr_id is associated with the submitted packetname. This prepared statement should be added immediately after the statement to retrieve access period information from the database based on the submitted packetname.
In the code, you can add an if statement that checks if the qr_id exists in the database when the packetname is provided. If the qr_id is not found, the user is redirected to an error page. You can also use a boolean variable to indicate whether the qr_id exists in the database or not. If the variable is false, the user is redirected to an error page.
To ensure the validity of the query results, you need to add a couple of checks. Firstly, you can check if the number of rows returned from the query is more than zero. Secondly, you can check that the qr_id obtained from the query result is the same as the submitted one. If either of these checks fails, the user is redirected to an error page.
By adding this check, you can ensure that the submitted qr_id is associated with the submitted packetname in the database. This will solve your bug and ensure that your script works correctly.
Best regards,
Giáp Văn Hưng