在另一个表中添加列的多个查询答案

【问题标题】：Multiple queries with addition of column in another table在另一个表中添加列的多个查询
【发布时间】：2017-02-13 15:20:11
【问题描述】：

我想从特定表中删除一条记录并将相同的记录插入另一个表中。如果所有表都包含相同的列，这工作正常，但我需要在插入已删除记录的表中添加另一列。

这是我的代码，谢谢

    <?php

// connect to the database
$con=mysqli_connect("localhost", "root", "");


 if(mysqli_select_db($con, "e-office")); 
 $execute ='';
 $Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]);


// confirm that the 'id' variable has been set
if (isset($_GET['execute'])) $execute = $_GET['execute'];
{
// get the 'id' variable from the URL
if($execute=='delete'){
$id = $_GET['id'];

// delete record from database
$sql = mysqli_query($con, "INSERT INTO tbl_income_approved SELECT * FROM   
tbl_income WHERE (trn_no = '$id' AND Approved_by ='$Posting_User') ");
$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'");
if($sql)

// redirect user after delete is successful
header("Location: income_report.php"); 
else
// if the 'id' variable isn't set, redirect the user

echo "query not successful";
}
}
?>

【问题讨论】：

你能解释一下这个问题上的 C# 和 Adobe 标签，还是我遗漏了什么？
您对SQL Injections 持开放态度，应该真正使用Prepared Statements，而不是连接您的查询。特别是因为您根本没有逃避用户输入！
感谢 Nileshsinh Rathod 的编辑。 Magnus 我计划在最终实施之前转义我的用户输入。
你永远不应该等待那些东西。总是从正确的实现开始，否则你会忘记/没有时间/错过一些，你会发布不安全的代码。
顺便说一句，你真的应该检查你的 if 语句。没有多大意义。

标签： php database mysqli

【解决方案1】：

愿荣耀归于上帝！我现在有一个工作代码，谢谢大家

 <?php
session_start();

if(!$_SESSION[('Uname')]){
header("location:login.php");
}


// connect to the database
$con=mysqli_connect("localhost", "root", "");


 if(mysqli_select_db($con, "e-office")); 
 $execute ='';
 $Posting_User = mysqli_escape_string($con, $_SESSION[('Uname')]);


// confirm that the 'id' variable has been set
if (isset($_GET['execute'])) $execute = $_GET['execute'];
{
    $id = $_GET['id'];
    ///testing
$sql="SELECT * FROM tbl_income WHERE trn_no='$id'";
$result=mysqli_query($con, $sql);

//echo $count;
while($row = mysqli_fetch_assoc($result)){
    $Posting_User = mysqli_escape_string($con, $row['Posting_User']);
    $date = mysqli_escape_string($con, $row['date']);
    $rno = mysqli_escape_string($con, $row['rno']);
    $source = mysqli_escape_string($con, $row['source']);
    $subsidiary = mysqli_escape_string($con, $row['subsidiary']);
    $deposit = mysqli_escape_string($con, $row['deposit']);
    $amount = mysqli_escape_string($con, $row['amount']);
    $narration = mysqli_escape_string($con, $row['narration']);
    $timestamp = mysqli_escape_string($con, $row['timestamp']);
    $trn_no = mysqli_escape_string($con, $row['trn_no']);
    $Approved_by = mysqli_escape_string($con, $_SESSION[('Uname')]);

$sql=mysqli_query($con, "INSERT INTO tbl_income_approved (Posting_User, date, rno, subsidiary, deposit, source, amount, narration, Approved_by) VALUES ('$Posting_User','$date','$rno', '$subsidiary', '$deposit', '$source', '$amount', '$narration', '$Approved_by')");   
}
///close testing

// get the 'id' variable from the URL
if($execute=='delete'){
$id = $_GET['id'];


$sql = mysqli_query($con, "DELETE FROM tbl_income WHERE trn_no = '$id'");

if($sql)

// redirect user after delete is successful
header("Location: income_report.php"); 
else
// if the 'id' variable isn't set, redirect the user

echo "query not successful";
}
}
?>

【讨论】：