嗨,这是我的代码插入数据到数据库表中我想从一个表中删除数据并插入数据到另一个表
<form action="page1.php" method="POST">
<input type="checkbox" name="chk1" value="one" /> <br/>
<input type="submit" name="submit" value="submit"/>
</form>
</body>
</html>
<?php
include 'config.php';
session_start();
$user=$_SESSION['sess_user'];
$checkbox1=$_POST['chk1'];
if ($_POST["submit"]=="submit")
{
$result = mysql_query("SELECT std_id,course_name,stdname FROM course_entry WHERE course_id = '".$checkbox1."' and username= '".$user."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; echo $row[1];
echo $row[2];
$query= "INSERT INTO course_finish (course_id,course_name,username,finishdate) values ('".$row[0]."','".$row[1]."','".$row[3]."',now())";
"delete from course_entry where (course_id,username) values ('".$checkbox1."','".$user."'";
mysql_query($query) or die (mysql_error());
echo "Record is inserted";
header("Location: profile.php");
}
?>
在数据库中插入到course_finish是成功的,但在course_entry表中没有行删除
试试这个:
$insertQuery = "INSERT INTO course_finish (course_id,course_name,username,finishdate) values ('".$row[0]."','".$row[1]."','".$row[3]."',now())";
mysql_query($insertQuery) or die (mysql_error());
$deleteQuery = "DELETE from course_entry where course_id = '".$checkbox1."' AND username = '".$user."'";
mysql_query($deleteQuery ) or die (mysql_error());
还要注意,$checkbox1的值将是one。我不知道course_id的类型,但如果是int,它也不会成功。
您的删除查询必须看起来像:
delete from course_entry where course_id = ".$checkbox1." and username ='".$user."'
第二件事是mysql_*接口被弃用了。您应该使用mysqli*或更好的pdo和预处理语句
$query= "INSERT INTO course_finish (course_id,course_name,username,finishdate) values ('".$row[0]."','".$row[1]."','".$row[3]."',now())";
mysql_query("delete from course_entry where course_id='".$checkbox1."'");
修改
delete from course_entry where (course_id,username) values ('".$checkbox1."','".$user."'"
delete from course_entry where course_id='".$checkbox1."' and user_name='".$user."'
完整解决方案
<?php
<form action="page1.php" method="POST">
<input type="checkbox" name="chk1" value="one" /> <br/>
<input type="submit" name="submit" value="submit"/>
</form>
</body>
</html>
<?php
include 'config.php';
session_start();
$user=$_SESSION['sess_user'];
$checkbox1=$_POST['chk1'];
if ($_POST["submit"]=="submit")
{
$result = mysql_query("SELECT std_id,course_name,stdname FROM course_entry WHERE course_id = '".$checkbox1."' and username= '".$user."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; echo $row[1];
echo $row[2];
$query= "INSERT INTO course_finish (course_id,course_name,username,finishdate) values ('".$row[0]."','".$row[1]."','".$row[3]."',now())";
$deletequry=mysql_query("delete from course_entry where course_id='".$checkbox1."'");
mysql_query($query) or die (mysql_error());
if($deletequry){
echo "deleted";
}
echo "Record is inserted";
header("Location: profile.php");
}
?>
我很惊讶,没有一个答案涵盖预处理语句!这一点在这里非常重要,因为您接受的是用户输入,而由于SQL注入可能是危险的。
以下是我推荐的方法(OOP风格):<?php
$db = new mysqli(HOST, USERNAME, PASSWORD, DBNAME);
$db->set_charset('utf8');
$stmt1 = $db->prepare("SELECT std_id,course_name,stdname FROM course_entry WHERE course_id = ? and username = ? LIMIT 1");
$stmt1->bind_param('is', $checkbox1, $user);
$stmt1->execute();
$result1 = $stmt1->get_result();
$stmt1->close();
$row = $result1->fetch_row();
$stmt2 = $db->prepare("INSERT INTO course_finish (course_id,course_name,username,finishdate) values (?, ?, ?, NOW())");
$stmt2->bind_param('iss', $row[0], $row[1], $row[2]); //i think it's $row[2], not $row[3]
$stmt2->execute();
$stmt2->close();
$stmt3 = $db->prepare("delete from course_entry where (course_id, username) values (?, ?)");
$stmt3->bind_param('is', $checkbox1, $user);
$stmt3->execute();
$stmt3->close();
$db->close();
也许你不喜欢代码(我也不喜欢,但是因为我不喜欢mysqli哈哈),但是在可能的地方使用预处理语句是非常明智的。