0 
ColumnOne   ColumnTwo   ColumnThree Columnfour  Columnfive    ColumnSix
one           two          three       four        0        'Button Here'

As you can see above, I have six columns, five of which contain some sort of text, and the sixth column is to contain a button. My end goal is to have column six contain three buttons just like this image HERE shows. These buttons will allow me to edit, delete, and possibly one other function.

For now, though, I am just curious as to how I can make a button appear in the last column using my code below:

<?php

// Create variables to retrieve the POST data

$ID= $_POST['Input1'];
$Email= $_POST['Input2'];
$Name= $_POST['Input3'];
$Company= $_POST['Input4'];
$Price= $_POST['Input5'];

// Connect to the database

mysql_connect ("localhost","Username","Password") or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$query = "INSERT INTO CustomerInformation (ID, Email,Name,Company,Price,Tab Count,Action) VALUES(
'NULL', '".$ID."', '".$Email."', '".$Name."', '".$Company."', '".$Price."', "Form input type = "button" (something like this!) )";

// Above is my best attempt... I'm sure it's nowhere close (sorry!).

mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>
Improve this question
4
  • Looks like the link to your picture is broken. Commented Jun 12, 2011 at 23:08
  • Why do you want to put a button into your database?? Commented Jun 12, 2011 at 23:11
  • Take a look at the picture ... I'm trying to create something just like this picture so that I will have the ability to delete or edit any row. Commented Jun 12, 2011 at 23:13
  • You are mixing behaviors in your script, inserting to MySQL database won't generate the UI automatically. You need a code path for fetching the data from the database and displaying the UI; and another path for handling the input from the UI and saving the state (inserting/updating/deleting). Commented Jun 14, 2011 at 23:38

2 Answers 2

Reset to default
2

Change your code into this to make it secure and functional:

<?php
// Connect to the database

mysql_connect ("localhost","Username","Password") 
  or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);

$action = mysql_real_escape_string('insert php code for button here');

$query = "INSERT INTO CustomerInformation 
         (Email,Name,Company,Price,Tab Count,Action) 
         VALUES
         ('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

Note that you don't need to insert an id into the table. If you have an autoincrement field id than MySQL will autocreate an id for you.
mysql_real_escape_string() escapes values for you. Always surround your $var in the query with ' single quotes or mysql_real_escape_string() will not work! And never use it for column/table or database names, only for values.

See: these questions for more info:

SQL injection in general: How does the SQL injection from the "Bobby Tables" XKCD comic work?
protecting against SQL injection when using dynamic table names: How to prevent SQL injection with dynamic tablenames?

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

@Johan when I use the mysql_real_escape_string() I get lots of errors when attempting to run this code: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'vhostswww'@'localhost' (using password: NO) in /www/solidwebhost.com/f/a/r/farinaevan/htdocs/AddDataToTable.php on line 6 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /www/solidwebhost.com/f/a/r/farinaevan/htdocs/AddDataToTable.php on line 6
@Evan 1000x sorry you need to be connected to the database before using mysql_real_escape_string(), fixed the answer
@Evan, the error says that you cannot connect to MySQL because user vhostswww does not have access rights on localhost you need to grant user vhostswww on localhost explicitly, granting a user on % (all) does not include localhost.
@Johan - for this to work properly, must I make the last column (the one with the button) a special type? Right now it's a type: string, and I'll get an error "Error updating database". For my input button code, I am using this: $action = mysql_real_escape_string( ' "<input type="submit" name="delete_5" value="Delete this ugly thing" />"'); I swear I'm not a moron, but this PHP stuff just isn't clicking with me yet! Thanks so much for sticking with me
@Evan, Try it without the mysql_real_escape_string(): $action = ' "<input type="submit" name="delete_5" value="Delete this ugly thing" />"';
|
-1

Well, you will need to one or two things (depends...). You will probably have to name the submit button:

<input type="submit" name="delete" value="Delete this ugly thing" />

Than in PHP, you can do this IF:

if (isset($_POST["delete]") {
    mysql_query("DELETE FROM ...");
}

But, if you will have more records in the table, you will also have to add input with record ID. This is little bit more complicated, because the form is covering whole table and you dont know what ID input to chose. One of possible solutions is naming the input button by id of the record, for example:

<input type="submit" name="delete_5" value="Delete this ugly thing" />

Than in PHP you could do this:

foreach ($_POST as $name => $value) {
    if (preg_match("/^delete_[0-9]+$/", $name)) {
        $idArray = explode("_", $name);
        $id = addSlashes($idArray[1]);

        mysql_query("DELETE FROM ... WHERE id = '" . $id . "'");
    }
}
Improve this answer

10 Comments

@James, does this: stackoverflow.com/questions/332365/… ring a bell?
of course dont forget about SQL injection protection, but these is basic that has to be implemented in every PHP dynamic SQL query
I am confused as to where I am supposed to put the line of "<input type="submit" name="delete_5" value="Delete this ugly thing" />". When attempting to put it in the line where all of the other data was added, I get a T_String error. Perhaps I put the data in incorrectly?
That input is the button. If you are inserting it directly into PHP code, dont forget to escape " - use \".
I wrote it exactly as follows (including the quotations): "<input type="submit" name="delete_5" value="Delete this ugly thing" />"
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.