Adding control to a table (PHP) [duplicate]
Possible Duplicate:
PHP / MYSQL Add button to column
Please correct any mistakes throughout this question - I am very new to both PHP and MYSQL.
My goal is to create a table, that I will display onto a web page that looks something like this:
I have done the following. Any help on where I go wrong is much appreciated.
Created a MYSQL Table named "
CustomerInformation
"Added five columns to the table, identical to the five columns in the picture above; (
id, name, email, is_admin, A开发者_如何学Goction
).I made four
$POST
text boxes whose data will be passed into each column (other than the last one as I want an "action" button to appear there).Below I will show my full code for which I used in order to populate a new row in my
CustomerInformation
table.
<?php
// Connect to the database
mysql_connect ("localhost","username","password") or die ('Error: ' . mysql_error());
echo "connected to database!";
mysql_select_db ("database");
// Create variables to retrieve the POST data
$ID= $_POST['textbox1'];
$C_ID= $_POST['textbox2'];
$Value= $_POST['textbox3'];
$Count= $_POST['textbox4'];
$action = ' "<input type="submit" name="AddRow" value="Add New Row" />"';
// Insert data into table
$query = "INSERT INTO CustomerInformation (ID,C_ID,Value,Count,Action)
VALUES(
'".$ID."', '".$C_ID."', '".$Value."', '".$Count."','".$action."')";
mysql_query($query) or die ('Error updating database');
echo "Database updated successfully!";
?>
The only problem occurs when I include the line: $action = ' "<input type="submit" name="AddRow" value="Add New Row" />"';
I am clearly butchering this line, and I would greatly appreciate any help at all on this one!
The answer to your question is quite simply mysql_real_escape_string
. Apply it on each string variable before you intermingle it with the SQL command.
It's simpler however not to bother with the old mysql_ API. You can keep the query separate from the data and avoid the effort with:
$db = new PDO('mysql:host=hostname;dbname=db', 'username', 'pwd');
$db->prepare(" INSERT INTO CustomerInformation
(ID,C_ID,Value,Count,Action) VALUES (?,?,?,?,?) ")
->execute(array($ID, $C_ID, $Value, $Count, $action));
精彩评论