1. 首頁
  2. 問答
  3. 在另一個表中添加列的多個查詢

在另一個表中添加列的多個查詢

2017-02-13 79 views
-2

請我想從特定表中刪除一條記錄,並將相同的記錄插入另一個表。這是工作正常,如果所有的表都包含相同的列,但我需要添加另一列到刪除的記錄被插入的表。在另一個表中添加列的多個查詢

這裏是我的代碼謝謝

<?php 

// connect to the database 
$con=mysqli_connect("localhost", "root", ""); 


if(mysqli_select_db($con, "e-office")); 
$execute =''; 
$Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]); 


// confirm that the 'id' variable has been set 
if (isset($_GET['execute'])) $execute = $_GET['execute']; 
{ 
// get the 'id' variable from the URL 
if($execute=='delete'){ 
$id = $_GET['id']; 

// delete record from database 
$sql = mysqli_query($con, "INSERT INTO tbl_income_approved SELECT * FROM 
tbl_income WHERE (trn_no = '$id' AND Approved_by ='$Posting_User') "); 
$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'"); 
if($sql) 

// redirect user after delete is successful 
header("Location: income_report.php"); 
else 
// if the 'id' variable isn't set, redirect the user 

echo "query not successful"; 
} 
} 
?>

來源

2017-02-13 AbubakarRuma

+0

請問您可以在這個問題上解釋C#和Adobe標記,還是我錯過了什麼? –

+0

**您可以[SQL注入](http://php.net/manual/en/security.database.sql-injection.php)**,並確實使用** [Prepared Statements](http: //php.net/manual/en/mysqli.quickstart.prepared-statements.php)**,而不是串聯你的查詢。特別是因爲你沒有逃避用戶輸入! –

+0

感謝Nileshsinh Rathod的編輯。 Magnus我計劃在最終實施之前逃脫我的用戶輸入。 – AbubakarRuma

回答

0

爲了上帝的榮耀!我現在有一個工作代碼,謝謝所有

<?php 
session_start(); 

if(!$_SESSION[('Uname')]){ 
header("location:login.php"); 
} 


// connect to the database 
$con=mysqli_connect("localhost", "root", ""); 


if(mysqli_select_db($con, "e-office")); 
$execute =''; 
$Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]); 


// confirm that the 'id' variable has been set 
if (isset($_GET['execute'])) $execute = $_GET['execute']; 
{ 
    $id = $_GET['id']; 
    ///testing 
$sql="SELECT * FROM tbl_income WHERE trn_no='$id'"; 
$result=mysqli_query($con, $sql); 

//echo $count; 
while($row = mysqli_fetch_assoc($result)){ 
    $Posting_User = mysqli_escape_string($con, $row['Posting_User']); 
    $date = mysqli_escape_string($con, $row['date']); 
    $rno = mysqli_escape_string($con, $row['rno']); 
    $source = mysqli_escape_string($con, $row['source']); 
    $subsidiary = mysqli_escape_string($con, $row['subsidiary']); 
    $deposit = mysqli_escape_string($con, $row['deposit']); 
    $amount = mysqli_escape_string($con, $row['amount']); 
    $narration = mysqli_escape_string($con, $row['narration']); 
    $timestamp = mysqli_escape_string($con, $row['timestamp']); 
    $trn_no = mysqli_escape_string($con, $row['trn_no']); 
    $Approved_by = mysqli_escape_string($con, $_SESSION[('Uname')]); 

$sql=mysqli_query($con, "INSERT INTO tbl_income_approved (Posting_User, date, rno, subsidiary, deposit, source, amount, narration, Approved_by) VALUES ('$Posting_User','$date','$rno', '$subsidiary', '$deposit', '$source', '$amount', '$narration', '$Approved_by')"); 
} 
///close testing 

// get the 'id' variable from the URL 
if($execute=='delete'){ 
$id = $_GET['id']; 


$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'"); 

if($sql) 

// redirect user after delete is successful 
header("Location: income_report.php"); 
else 
// if the 'id' variable isn't set, redirect the user 

echo "query not successful"; 
} 
} 
?>

來源

2017-02-14 15:51:57 AbubakarRuma

相關問題

 相關問題