Untitled

<?php
include('../db/db_connection.php');

// Log the raw GET request for debugging
error_log("GET parameters: " . print_r($_GET, true));

// Ensure the database connection is successful
if ($conn === false) {
    echo json_encode(['success' => false, 'error' => 'Database connection failed.']);
    exit;
}

// Validate student_id
if (empty($_GET['student_id']) || !is_numeric($_GET['student_id'])) {
    error_log("Invalid or missing student_id."); // Log the issue
    echo json_encode(['success' => false, 'error' => 'Invalid or missing Student ID.']);
    exit;
}

// Get the student ID from the request
$Student_id = intval($_GET['student_id']); // Sanitize and cast input to integer
error_log("Fetching student with ID: " . $Student_id); // Log the student ID

// Parameterized query to prevent SQL injection
$strsql = "SELECT * FROM tbl_counseling WHERE student_id = ?";
$params = array($Student_id);
$query = sqlsrv_query($conn, $strsql, $params);


if ($query === false) {
    error_log(print_r(sqlsrv_errors(), true)); // Log SQL Server errors
    echo json_encode(['success' => false, 'error' => 'Query execution failed.']);
    exit;
}

// Fetch the result
$row = sqlsrv_fetch_array($query, SQLSRV_FETCH_ASSOC);

// Return the result
if ($row) {
    echo json_encode(['success' => true, 'data' => $row]);
} else {
    echo json_encode(['success' => false, 'error' => 'No results found']);
}

exit;
?>