ColumnOne ColumnTwo ColumnThree Columnfour Columnfive ColumnSix one two three four 0 'Button Here'
As you can see above, I have six columns, five of which contain some sort of text, and the sixth column is to contain a button. My end goal is to have column six contain three buttons just like this image HERE shows. These buttons will allow me to edit, delete, and possibly one other function.
For now, though, I am just curious as to how I can make a button appear in the last column using my code below:
<?php
// Create variables to retrieve the POST data
$ID= $_POST['Input1'];
$Email= $_POST['Input2'];
$Name= $_POST['Input3'];
$Company= $_POST['Input4'];
$Price= $_POST['Input5'];
// Connect to the database
mysql_connect ("localhost","Username","Password") or die ('Error: ' . mysql_error());
echo "connected to database!";
mysql_select_db ("Database");
// Insert data into 开发者_如何学Pythontable
$query = "INSERT INTO CustomerInformation (ID, Email,Name,Company,Price,Tab Count,Action) VALUES(
'NULL', '".$ID."', '".$Email."', '".$Name."', '".$Company."', '".$Price."', "Form input type = "button" (something like this!) )";
// Above is my best attempt... I'm sure it's nowhere close (sorry!).
mysql_query($query) or die ('Error updating database');
echo "Database updated successfully!";
?>
Change your code into this to make it secure and functional:
<?php
// Connect to the database
mysql_connect ("localhost","Username","Password")
or die ('Error: ' . mysql_error());
echo "connected to database!";
mysql_select_db ("Database");
// Insert data into table
$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);
$action = mysql_real_escape_string('insert php code for button here');
$query = "INSERT INTO CustomerInformation
(Email,Name,Company,Price,Tab Count,Action)
VALUES
('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');
echo "Database updated successfully!";
?>
Note that you don't need to insert an id
into the table. If you have an autoincrement field id
than MySQL will autocreate an id for you.
mysql_real_escape_string()
escapes values for you. Always surround your $var
in the query with '
single quotes or mysql_real_escape_string()
will not work!
And never use it for column/table or database names, only for values.
See: these questions for more info:
SQL injection in general: How does the SQL injection from the "Bobby Tables" XKCD comic work?
protecting against SQL injection when using dynamic table names: How to prevent SQL injection with dynamic tablenames?
Well, you will need to one or two things (depends...). You will probably have to name the submit button:
<input type="submit" name="delete" value="Delete this ugly thing" />
Than in PHP, you can do this IF:
if (isset($_POST["delete]") {
mysql_query("DELETE FROM ...");
}
But, if you will have more records in the table, you will also have to add input with record ID. This is little bit more complicated, because the form is covering whole table and you dont know what ID input to chose. One of possible solutions is naming the input button by id of the record, for example:
<input type="submit" name="delete_5" value="Delete this ugly thing" />
Than in PHP you could do this:
foreach ($_POST as $name => $value) {
if (preg_match("/^delete_[0-9]+$/", $name)) {
$idArray = explode("_", $name);
$id = addSlashes($idArray[1]);
mysql_query("DELETE FROM ... WHERE id = '" . $id . "'");
}
}
精彩评论