Session expired. Please log in again.'; exit(); // Stop script execution if user_id is not set } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Get the security questions and answers from the form $question1 = mysqli_real_escape_string($con, $_POST['security_question1']); $answer1 = strtolower(mysqli_real_escape_string($con, $_POST['security_answer1'])); $question2 = mysqli_real_escape_string($con, $_POST['security_question2']); $answer2 = strtolower(mysqli_real_escape_string($con, $_POST['security_answer2'])); // Get the user ID and user type from the session $user_id = $_SESSION['user_id']; // Use user_id from session $user_type = $_SESSION['user_type']; //Get user type from session $email = $_SESSION['user_email']; $student_id = isset($_SESSION['user_student_id']) ? $_SESSION['user_student_id'] : NULL; //Handle student_id for students // Prepare SQL statement if($user_type == 'Student') { $sql = "INSERT INTO password_recovery_security_questions (user_id,user_type, student_id, email, question1, answer1, question2, answer2) VALUES ('$user_id', '$user_type', '$student_id', '$email', '$question1', '$answer1', '$question2', '$answer2') ON DUPLICATE KEY UPDATE question1='$question1', answer1='$answer1', question2='$question2', answer2='$answer2'"; } else { // For non-students (Lecturer, TA, etc.), exclude student_id $sql = "INSERT INTO password_recovery_security_questions (user_id, user_type, email, question1, answer1, question2, answer2) VALUES ('$user_id', '$user_type', '$email', '$question1', '$answer1', '$question2', '$answer2') ON DUPLICATE KEY UPDATE question1='$question1', answer1='$answer1', question2='$question2', answer2='$answer2'"; } // Execute the query and check for success if (mysqli_query($con, $sql)) { echo ''; echo ''; } else { echo ''; } } mysqli_close($con); ?> Security Questions