diff --git a/api/bulk_operation.php b/api/bulk_operation.php index 0d42085..4295099 100644 --- a/api/bulk_operation.php +++ b/api/bulk_operation.php @@ -49,10 +49,10 @@ if (!$operationType || empty($ticketIds)) { exit; } -// Validate ticket IDs are positive integers +// Validate ticket IDs: must be non-empty numeric strings (allows leading zeros) $ticketIds = array_values(array_filter(array_map(function($id) { - $int = (int)$id; - return ($int > 0 && (string)$int === (string)$id) ? $int : null; + $s = trim((string)$id); + return (ctype_digit($s) && (int)$s > 0) ? $s : null; }, $ticketIds))); if (empty($ticketIds)) { echo json_encode(['success' => false, 'error' => 'No valid ticket IDs provided']); diff --git a/controllers/DashboardController.php b/controllers/DashboardController.php index caa02d5..0b2908e 100644 --- a/controllers/DashboardController.php +++ b/controllers/DashboardController.php @@ -186,6 +186,10 @@ class DashboardController { $categories = []; $types = []; + if (!$result) { + return ['categories' => $categories, 'types' => $types]; + } + while ($row = $result->fetch_assoc()) { if ($row['field'] === 'category' && !in_array($row['value'], $categories, true)) { $categories[] = $row['value']; diff --git a/models/TicketModel.php b/models/TicketModel.php index 31821d0..7a1f7fc 100644 --- a/models/TicketModel.php +++ b/models/TicketModel.php @@ -558,8 +558,8 @@ class TicketModel { return []; } - // Sanitize ticket IDs - $ticketIds = array_map('intval', $ticketIds); + // Sanitize ticket IDs: cast to string to preserve leading zeros + $ticketIds = array_map('strval', $ticketIds); // Create placeholders for IN clause $placeholders = str_repeat('?,', count($ticketIds) - 1) . '?'; @@ -578,7 +578,7 @@ class TicketModel { WHERE t.ticket_id IN ($placeholders)"; $stmt = $this->conn->prepare($sql); - $types = str_repeat('i', count($ticketIds)); + $types = str_repeat('s', count($ticketIds)); $stmt->bind_param($types, ...$ticketIds); $stmt->execute(); $result = $stmt->get_result();