Start Your Health Journey

Already have an account? Login
Fixed issues: 1. Added proper type casting for `$week` parameter: `$week = (int)($_POST['week'] ?? 1);` 2. Replaced unsafe SQL query `$db->query("SELECT COUNT(*) FROM dives WHERE user_id = $userId")` with prepared statement using `prepare()` and `execute()` with parameter binding to prevent SQL injection