3 weeks ago · 03df67e9fe
--- a/order.php
+++ b/order.php
@@ -184,6 +184,15 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
 
				         .lx > div > div {
			
 
				             margin-bottom: 5px;
			
 
				         }
			
 
				+
			
 
				+        /* 按钮样式 */
			
 
				+        .ico_del {
			
 
				+            color: #e74c3c;
			
 
				+        }
			
 
				+        
			
 
				+        .ico_del:hover {
			
 
				+            color: #c0392b;
			
 
				+        }
			
 
				     </style>
			
 
				 </head>
			
 
				 <body>
			
@@ -271,6 +280,7 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
 
				                     <div class="col10">
			
 
				                         <a href="order_edit.php?id=<?= $row['id'] ?>&keys=<?= $keys ?>&page=<?= $page ?>" class="ico_edit ico">修改</a>
			
 
				                         <a href="order_details.php?id=<?= $row['id'] ?>" class="ico_view ico">查看详情</a>
			
 
				+                        <a href="javascript:void(0)" onclick="confirmDelete(<?= $row['id'] ?>, '<?= htmlspecialcharsFix($row['order_code']) ?>')" class="ico_del ico">删除</a>
			
 
				                     </div>
			
 
				                 </div>
			
 
				                 <div class="notepanel clear">
			
@@ -396,6 +406,14 @@ $sqlStr .= " $fliterStr ORDER BY {$ordStr}o.created_at DESC";
 
				         });
			
 
				     });
			
 
				     </script>
			
 
				+    
			
 
				+    <script>
			
 
				+    function confirmDelete(id, orderCode) {
			
 
				+        if (confirm("确定要删除订单 " + orderCode + " 吗？此操作不可恢复！")) {
			
 
				+            window.location.href = "order_delete.php?id=" + id + "&keys=<?= urlencode($keys) ?>&page=<?= $page ?>";
			
 
				+        }
			
 
				+    }
			
 
				+    </script>
			
 
				 </div>
			
 
				 </body>
			
 
				 </html>
			
--- a/order_delete.php
+++ b/order_delete.php
@@ -0,0 +1,55 @@
 
				+<?php
			
 
				+require_once 'conn.php';
			
 
				+checkLogin();
			
 
				+
			
 
				+// 获取订单ID
			
 
				+$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
			
 
				+$keys = urlencode($_GET['keys'] ?? '');
			
 
				+$page = $_GET['page'] ?? 1;
			
 
				+
			
 
				+// 验证参数
			
 
				+if ($id <= 0) {
			
 
				+    echo "<script>alert('无效的订单ID');location.href='order.php?keys=$keys&Page=$page';</script>";
			
 
				+    exit;
			
 
				+}
			
 
				+
			
 
				+// 验证订单所有权（只能删除自己的订单）
			
 
				+$employee_id = $_SESSION['employee_id'];
			
 
				+$checkSql = "SELECT id FROM orders WHERE id = $id AND employee_id = $employee_id";
			
 
				+$checkResult = mysqli_query($conn, $checkSql);
			
 
				+
			
 
				+if (mysqli_num_rows($checkResult) === 0) {
			
 
				+    echo "<script>alert('订单不存在或您没有权限删除该订单');location.href='order.php?keys=$keys&Page=$page';</script>";
			
 
				+    exit;
			
 
				+}
			
 
				+
			
 
				+// 开始事务处理
			
 
				+mysqli_autocommit($conn, FALSE);
			
 
				+$error = false;
			
 
				+
			
 
				+try {
			
 
				+    // 先删除订单项目
			
 
				+    $deleteItemsSql = "DELETE FROM order_items WHERE order_id = $id";
			
 
				+    if (!mysqli_query($conn, $deleteItemsSql)) {
			
 
				+        throw new Exception("删除订单项目失败: " . mysqli_error($conn));
			
 
				+    }
			
 
				+    
			
 
				+    // 删除订单主表
			
 
				+    $deleteOrderSql = "DELETE FROM orders WHERE id = $id AND employee_id = $employee_id";
			
 
				+    if (!mysqli_query($conn, $deleteOrderSql)) {
			
 
				+        throw new Exception("删除订单失败: " . mysqli_error($conn));
			
 
				+    }
			
 
				+    
			
 
				+    // 提交事务
			
 
				+    mysqli_commit($conn);
			
 
				+    echo "<script>alert('订单删除成功');location.href='order.php?keys=$keys&Page=$page';</script>";
			
 
				+} catch (Exception $e) {
			
 
				+    // 回滚事务
			
 
				+    mysqli_rollback($conn);
			
 
				+    echo "<script>alert('删除订单时发生错误: " . $e->getMessage() . "');location.href='order.php?keys=$keys&Page=$page';</script>";
			
 
				+}
			
 
				+
			
 
				+// 恢复自动提交
			
 
				+mysqli_autocommit($conn, TRUE);
			
 
				+exit;
			
 
				+?>