//改正前
orderid=intval(
o
r
d
e
r
i
d
=
i
n
t
v
a
l
(
_REQUEST[‘id’]);
//
sql="SELECTusernameFROM".
s
q
l
="
S
E
L
E
C
T
u
s
e
r
n
a
m
e
F
R
O
M
"
.
ecs->table(‘order_info’) . ” WHERE order_id = ‘” .
GET[‘id′].“′”;//
G
E
T
[
‘
i
d
′
]
.
“
′
”
;
/
/
username =
db−>getOne(
d
b
−
>
g
e
t
O
n
e
(
sql);
//检查权限
check_authz_json(‘remove_back’);
exc−>edit("isdelete=1",
e
x
c
−
>
e
d
i
t
(
"
i
s
d
e
l
e
t
e
=
1
"
,
order_id);
//将id=$goods_id的is_delete更新为1,表示在回收站
clear_cache_files();
$sql = "SELECT `order_sn` FROM " . $GLOBALS['ecs']->table('order_info') . " WHERE `order_id` = '$order_id'";
$order_sn=$GLOBALS['db']->getRow($sql);
admin_log(addslashes($order_sn['order_sn']), 'trash', 'order'); /// 记录日志
$url = 'order.php?act=query&' . str_replace('act=remove_order', '', $_SERVER['QUERY_STRING']);
ecs_header("Location: $url\n");
exit;
//改正后…..后台订单移入回收站改为删除
id=intval(
i
d
=
i
n
t
v
a
l
(
_GET[‘id’]);
check_authz_json('remove_back');;
$sql = "DELETE FROM " . $GLOBALS['ecs']->table('order_info') . " WHERE `order_id` = '$id'";
$GLOBALS['db']->query($sql);
clear_cache_files();
admin_log(addslashes($id), 'remove', 'order'); /// 记录日志