1. 首页
  2. 问答
  3. 在另一个表中添加列的多个查询

在另一个表中添加列的多个查询

2017-02-13 136 views
-2

请我想从特定表中删除一条记录,并将相同的记录插入另一个表。这是工作正常,如果所有的表都包含相同的列,但我需要添加另一列到删除的记录被插入的表。在另一个表中添加列的多个查询

这里是我的代码谢谢

<?php 

// connect to the database 
$con=mysqli_connect("localhost", "root", ""); 


if(mysqli_select_db($con, "e-office")); 
$execute =''; 
$Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]); 


// confirm that the 'id' variable has been set 
if (isset($_GET['execute'])) $execute = $_GET['execute']; 
{ 
// get the 'id' variable from the URL 
if($execute=='delete'){ 
$id = $_GET['id']; 

// delete record from database 
$sql = mysqli_query($con, "INSERT INTO tbl_income_approved SELECT * FROM 
tbl_income WHERE (trn_no = '$id' AND Approved_by ='$Posting_User') "); 
$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'"); 
if($sql) 

// redirect user after delete is successful 
header("Location: income_report.php"); 
else 
// if the 'id' variable isn't set, redirect the user 

echo "query not successful"; 
} 
} 
?>

来源

2017-02-13 AbubakarRuma

+0

请问您可以在这个问题上解释C#和Adobe标记,还是我错过了什么? –

+0

**您可以[SQL注入](http://php.net/manual/en/security.database.sql-injection.php)**,并确实使用** [Prepared Statements](http: //php.net/manual/en/mysqli.quickstart.prepared-statements.php)**,而不是串联你的查询。特别是因为你没有逃避用户输入! –

+0

感谢Nileshsinh Rathod的编辑。 Magnus我计划在最终实施之前逃脱我的用户输入。 – AbubakarRuma

回答

0

为了上帝的荣耀!我现在有一个工作代码,谢谢所有

<?php 
session_start(); 

if(!$_SESSION[('Uname')]){ 
header("location:login.php"); 
} 


// connect to the database 
$con=mysqli_connect("localhost", "root", ""); 


if(mysqli_select_db($con, "e-office")); 
$execute =''; 
$Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]); 


// confirm that the 'id' variable has been set 
if (isset($_GET['execute'])) $execute = $_GET['execute']; 
{ 
    $id = $_GET['id']; 
    ///testing 
$sql="SELECT * FROM tbl_income WHERE trn_no='$id'"; 
$result=mysqli_query($con, $sql); 

//echo $count; 
while($row = mysqli_fetch_assoc($result)){ 
    $Posting_User = mysqli_escape_string($con, $row['Posting_User']); 
    $date = mysqli_escape_string($con, $row['date']); 
    $rno = mysqli_escape_string($con, $row['rno']); 
    $source = mysqli_escape_string($con, $row['source']); 
    $subsidiary = mysqli_escape_string($con, $row['subsidiary']); 
    $deposit = mysqli_escape_string($con, $row['deposit']); 
    $amount = mysqli_escape_string($con, $row['amount']); 
    $narration = mysqli_escape_string($con, $row['narration']); 
    $timestamp = mysqli_escape_string($con, $row['timestamp']); 
    $trn_no = mysqli_escape_string($con, $row['trn_no']); 
    $Approved_by = mysqli_escape_string($con, $_SESSION[('Uname')]); 

$sql=mysqli_query($con, "INSERT INTO tbl_income_approved (Posting_User, date, rno, subsidiary, deposit, source, amount, narration, Approved_by) VALUES ('$Posting_User','$date','$rno', '$subsidiary', '$deposit', '$source', '$amount', '$narration', '$Approved_by')"); 
} 
///close testing 

// get the 'id' variable from the URL 
if($execute=='delete'){ 
$id = $_GET['id']; 


$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'"); 

if($sql) 

// redirect user after delete is successful 
header("Location: income_report.php"); 
else 
// if the 'id' variable isn't set, redirect the user 

echo "query not successful"; 
} 
} 
?>

来源

2017-02-14 15:51:57 AbubakarRuma

相关问题

 相关问题