PHP / MYSQL添加按钮到列

时间:2011-06-12 22:59:58

标签: php mysql button 


ColumnOne   ColumnTwo   ColumnThree Columnfour  Columnfive    ColumnSix
one           two          three       four        0        'Button Here'

如上所示,我有六列,其中五列包含某种文本,第六列包含一个按钮。我的最终目标是让第六列包含三个按钮,就像这张图像HERE所示。这些按钮允许我编辑,删除和可能的其他功能。

但是现在,我很好奇我如何使用下面的代码在最后一栏中显示一个按钮:

<?php

// Create variables to retrieve the POST data

$ID= $_POST['Input1'];
$Email= $_POST['Input2'];
$Name= $_POST['Input3'];
$Company= $_POST['Input4'];
$Price= $_POST['Input5'];

// Connect to the database

mysql_connect ("localhost","Username","Password") or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$query = "INSERT INTO CustomerInformation (ID, Email,Name,Company,Price,Tab Count,Action) VALUES(
'NULL', '".$ID."', '".$Email."', '".$Name."', '".$Company."', '".$Price."', "Form input type = "button" (something like this!) )";

// Above is my best attempt... I'm sure it's nowhere close (sorry!).

mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

2 个答案:

答案 0 :(得分:2)

将您的代码更改为此代码以使其安全且功能正常:

<?php
// Connect to the database

mysql_connect ("localhost","Username","Password") 
  or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);

$action = mysql_real_escape_string('insert php code for button here');

$query = "INSERT INTO CustomerInformation 
         (Email,Name,Company,Price,Tab Count,Action) 
         VALUES
         ('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

请注意,您无需在表格中插入id。如果你有一个自动增量字段id,那么MySQL将为你自动创建一个id mysql_real_escape_string()为您逃避。始终使用$var单引号包围查询中的',或mysql_real_escape_string()工作! 永远不要将它用于列/表或数据库名称,仅用于值。

请参阅:这些问题以获取更多信息:

一般的SQL注入:How does the SQL injection from the "Bobby Tables" XKCD comic work?
使用动态表名时防止SQL注入:How to prevent SQL injection with dynamic tablenames?

答案 1 :(得分:-1)

嗯,你需要一两件事(取决于......)。您可能必须为提交按钮命名:

<input type="submit" name="delete" value="Delete this ugly thing" />

比在PHP中,你可以这样做:

if (isset($_POST["delete]") {
    mysql_query("DELETE FROM ...");
}

但是,如果表中有更多记录,则还必须添加带有记录ID的输入。这有点复杂,因为表格覆盖整个表格,你不知道选择哪个ID输入。一种可能的解决方案是通过记录的id命名输入按钮,例如:

<input type="submit" name="delete_5" value="Delete this ugly thing" />

在PHP中你可以这样做:

foreach ($_POST as $name => $value) {
    if (preg_match("/^delete_[0-9]+$/", $name)) {
        $idArray = explode("_", $name);
        $id = addSlashes($idArray[1]);

        mysql_query("DELETE FROM ... WHERE id = '" . $id . "'");
    }
}
相关问题
最新问题