hjkhghoppoopppooppoppoppoopoirh

<?php include 'lib/core.php'; $time_stamp=date('Y-m-d H:i:s'); if(auth()) { if(isset($_POST['comment_booking_id'])) { $booking_id=test_input($_POST['comment_booking_id']); $comment=mysqli_real_escape_string($conn, $_POST['comment']); $sql="UPDATE bookings SET comment='$comment' WHERE id='$booking_id'"; if($conn->query($sql)===true) { $admin_user_id=$_SESSION['session_login']; $sql=$conn->query("INSERT INTO user_role_activity(booking_id,user_id,type,created_at) VALUES ('$booking_id','$admin_user_id','Comment','$time_stamp')"); echo 'ok'; } } if(isset($_POST['bk_id'])) { $booking_id=test_input($_POST['bk_id']); $status=test_input($_POST['status']); $sql="UPDATE bookings SET customer_details='$status' WHERE id='$booking_id'"; if($conn->query($sql)===true) { echo 'ok'; } } } ?>