Adding control to a table (PHP) [duplicate]_问答_开发者

Adding control to a table (PHP) [duplicate]

开发者 https://www.devze.com 2023-03-13 05:23 出处：网络

This question already has answers here: Closed 11 years ago. Possible Duplicate: PHP / MYSQL Add button to column

相关专题：button php

This question already has answers here: Closed 11 years ago.

Possible Duplicate:
PHP / MYSQL Add button to column

Please correct any mistakes throughout this question - I am very new to both PHP and MYSQL.

My goal is to create a table, that I will display onto a web page that looks something like this:

Adding control to a table (PHP) [duplicate]

I have done the following. Any help on where I go wrong is much appreciated.

Created a MYSQL Table named "CustomerInformation"
Added five columns to the table, identical to the five columns in the picture above; (id, name, email, is_admin, A开发者_如何学Goction).
I made four $POST text boxes whose data will be passed into each column (other than the last one as I want an "action" button to appear there).
Below I will show my full code for which I used in order to populate a new row in my CustomerInformation table.

<?php

// Connect to the database
mysql_connect ("localhost","username","password") or die ('Error: ' . mysql_error());
echo "connected to database!";
mysql_select_db ("database");

// Create variables to retrieve the POST data
$ID= $_POST['textbox1'];
$C_ID= $_POST['textbox2'];
$Value= $_POST['textbox3'];
$Count= $_POST['textbox4'];
$action = ' "<input type="submit" name="AddRow" value="Add New Row" />"';

// Insert data into table
$query = "INSERT INTO CustomerInformation (ID,C_ID,Value,Count,Action) 
VALUES(
'".$ID."', '".$C_ID."', '".$Value."', '".$Count."','".$action."')";
mysql_query($query) or die ('Error updating database');
echo "Database updated successfully!";
?>

The only problem occurs when I include the line: $action = ' "<input type="submit" name="AddRow" value="Add New Row" />"';

I am clearly butchering this line, and I would greatly appreciate any help at all on this one!

The answer to your question is quite simply mysql_real_escape_string. Apply it on each string variable before you intermingle it with the SQL command.

It's simpler however not to bother with the old mysql_ API. You can keep the query separate from the data and avoid the effort with:

$db = new PDO('mysql:host=hostname;dbname=db', 'username', 'pwd');

$db->prepare(" INSERT INTO CustomerInformation 
               (ID,C_ID,Value,Count,Action) VALUES (?,?,?,?,?) ")
   ->execute(array($ID, $C_ID, $Value, $Count, $action));