发表新帖
发表新帖

PHP / MYSQL Add button to column

前端 未结
关注
2 1326
庸人自扰
庸人自扰 2021-01-28 21:08 

ColumnOne   ColumnTwo   ColumnThree Columnfour  Columnfive    ColumnSix
one           two          three       four        0        \'Button Here\'

As you can se

相关标签:
2条回答
  • 青春惊慌失措
    2021-01-28 21:18

    Change your code into this to make it secure and functional:

    <?php
// Connect to the database

mysql_connect ("localhost","Username","Password") 
  or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);

$action = mysql_real_escape_string('insert php code for button here');

$query = "INSERT INTO CustomerInformation 
         (Email,Name,Company,Price,Tab Count,Action) 
         VALUES
         ('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

    Note that you don't need to insert an id into the table. If you have an autoincrement field id than MySQL will autocreate an id for you.
    mysql_real_escape_string() escapes values for you. Always surround your $var in the query with ' single quotes or mysql_real_escape_string() will not work! And never use it for column/table or database names, only for values.

    See: these questions for more info:

    SQL injection in general: How does the SQL injection from the "Bobby Tables" XKCD comic work?
    protecting against SQL injection when using dynamic table names: How to prevent SQL injection with dynamic tablenames?

    0 讨论(0)
  • 野性不改
    2021-01-28 21:21

    Well, you will need to one or two things (depends...). You will probably have to name the submit button:

    <input type="submit" name="delete" value="Delete this ugly thing" />

    Than in PHP, you can do this IF:

    if (isset($_POST["delete]") {
    mysql_query("DELETE FROM ...");
}

    But, if you will have more records in the table, you will also have to add input with record ID. This is little bit more complicated, because the form is covering whole table and you dont know what ID input to chose. One of possible solutions is naming the input button by id of the record, for example:

    <input type="submit" name="delete_5" value="Delete this ugly thing" />

    Than in PHP you could do this:

    foreach ($_POST as $name => $value) {
    if (preg_match("/^delete_[0-9]+$/", $name)) {
        $idArray = explode("_", $name);
        $id = addSlashes($idArray[1]);

        mysql_query("DELETE FROM ... WHERE id = '" . $id . "'");
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题