diff --git a/api/update_ticket.php b/api/update_ticket.php
index 592fb03..f4f3ac1 100644
--- a/api/update_ticket.php
+++ b/api/update_ticket.php
@@ -92,8 +92,8 @@ try {
 
             // Authorization: admins can edit any ticket; others only their own or assigned
             if (!$this->isAdmin
-                && $currentTicket['created_by'] != $this->userId
-                && $currentTicket['assigned_to'] != $this->userId
+                && (int)$currentTicket['created_by'] !== (int)$this->userId
+                && (int)$currentTicket['assigned_to'] !== (int)$this->userId
             ) {
                 return [
                     'success' => false,
diff --git a/models/AttachmentModel.php b/models/AttachmentModel.php
index 82c4626..c5d6ac4 100644
--- a/models/AttachmentModel.php
+++ b/models/AttachmentModel.php
@@ -131,7 +131,7 @@ class AttachmentModel {
         }
 
         $attachment = $this->getAttachment($attachmentId);
-        return $attachment && $attachment['uploaded_by'] == $userId;
+        return $attachment && (int)$attachment['uploaded_by'] === (int)$userId;
     }
 
     /**
diff --git a/models/TicketModel.php b/models/TicketModel.php
index b3f8b53..74bffa3 100644
--- a/models/TicketModel.php
+++ b/models/TicketModel.php
@@ -468,7 +468,7 @@ class TicketModel {
         $markdownEnabled = $commentData['markdown_enabled'] ? 1 : 0;
         
         $stmt->bind_param(
-            "sssi",
+            "issi",
             $ticketId,
             $username,
             $commentData['comment_text'],
@@ -591,7 +591,7 @@ class TicketModel {
         // Confidential tickets: only creator, assignee, and admins
         if ($visibility === 'confidential') {
             $userId = $user['user_id'] ?? null;
-            return ($ticket['created_by'] == $userId || $ticket['assigned_to'] == $userId);
+            return ((int)$ticket['created_by'] === (int)$userId || (int)$ticket['assigned_to'] === (int)$userId);
         }
 
         // Internal tickets: check if user is in any of the allowed groups