PHP/MYSQL 添加按钮到列

Question

ColumnOne   ColumnTwo   ColumnThree Columnfour  Columnfive    ColumnSixone           two          three       four        0        'Button Here'

As you can see above, I have six columns, five of which contain some sort of text, and the sixth column is to contain a button. My end goal is to have column six contain three buttons just like this image HERE shows. These buttons will allow me to edit, delete, and possibly one other function.

For now, though, I am just curious as to how I can make a button appear in the last column using my code below:

<?php

// Create variables to retrieve the POST data

$ID= $_POST['Input1'];
$Email= $_POST['Input2'];
$Name= $_POST['Input3'];
$Company= $_POST['Input4'];
$Price= $_POST['Input5'];

// Connect to the database

mysql_connect ("localhost","Username","Password") or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$query = "INSERT INTO CustomerInformation (ID, Email,Name,Company,Price,Tab Count,Action) VALUES(
'NULL', '".$ID."', '".$Email."', '".$Name."', '".$Company."', '".$Price."', "Form input type = "button" (something like this!) )";

// Above is my best attempt... I'm sure it's nowhere close (sorry!).

mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

Answer 1

将您的代码更改为以下内容，以使其安全且实用:

<?php
// Connect to the database

mysql_connect ("localhost","Username","Password") 
  or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);

$action = mysql_real_escape_string('insert php code for button here');

$query = "INSERT INTO CustomerInformation 
         (Email,Name,Company,Price,Tab Count,Action) 
         VALUES
         ('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

请注意，您不需要将 id 插入表中。如果您有一个自动增量字段id，MySQL 会自动为您创建一个 id。
mysql_real_escape_string() 为您转义值。始终用 ' 单引号将查询中的 $var 括起来，否则 mysql_real_escape_string() 将不起作用!切勿将其用于列/表或数据库名称，而仅用于值。

请参阅:这些问题以获取更多信息:

一般 SQL 注入(inject):How does the SQL injection from the "Bobby Tables" XKCD comic work?
使用动态表名称时防止 SQL 注入(inject):How to prevent SQL injection with dynamic tablenames?