Home/ Questions/Q 6022785
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T03:54:31+00:00

ColumnOne ColumnTwo ColumnThree Columnfour Columnfive ColumnSix one two three four 0 ‘Button Here’ As

  • 0

ColumnOne   ColumnTwo   ColumnThree Columnfour  Columnfive    ColumnSix
one           two          three       four        0        'Button Here'

As you can see above, I have six columns, five of which contain some sort of text, and the sixth column is to contain a button. My end goal is to have column six contain three buttons just like this image HERE shows. These buttons will allow me to edit, delete, and possibly one other function.

For now, though, I am just curious as to how I can make a button appear in the last column using my code below:

<?php

// Create variables to retrieve the POST data

$ID= $_POST['Input1'];
$Email= $_POST['Input2'];
$Name= $_POST['Input3'];
$Company= $_POST['Input4'];
$Price= $_POST['Input5'];

// Connect to the database

mysql_connect ("localhost","Username","Password") or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$query = "INSERT INTO CustomerInformation (ID, Email,Name,Company,Price,Tab Count,Action) VALUES(
'NULL', '".$ID."', '".$Email."', '".$Name."', '".$Company."', '".$Price."', "Form input type = "button" (something like this!) )";

// Above is my best attempt... I'm sure it's nowhere close (sorry!).

mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Change your code into this to make it secure and functional:

    <?php
// Connect to the database

mysql_connect ("localhost","Username","Password") 
  or die ('Error: ' . mysql_error());

echo "connected to database!";

mysql_select_db ("Database");

// Insert data into table

$Email= mysql_real_escape_string($_POST['Input2']);
$Name= mysql_real_escape_string($_POST['Input3']);
$Company= mysql_real_escape_string($_POST['Input4']);
$Price= mysql_real_escape_string($_POST['Input5']);

$action = mysql_real_escape_string('insert php code for button here');

$query = "INSERT INTO CustomerInformation 
         (Email,Name,Company,Price,Tab Count,Action) 
         VALUES
         ('$Email', '$Name', '$Company', '$Price', '$action') ";
mysql_query($query) or die ('Error updating database');

echo "Database updated successfully!";

?>

    Note that you don’t need to insert an id into the table. If you have an autoincrement field id than MySQL will autocreate an id for you.
    mysql_real_escape_string() escapes values for you. Always surround your $var in the query with ' single quotes or mysql_real_escape_string() will not work!
    And never use it for column/table or database names, only for values.

    See: these questions for more info:

    SQL injection in general: How does the SQL injection from the "Bobby Tables" XKCD comic work?
    protecting against SQL injection when using dynamic table names: How to prevent SQL injection with dynamic tablenames?

    • 0