SQL执行语句

I am trying to insert a row to a dynamic HTML table and then update it in a database. I have a SQL prepare and execute statement inside php tags in a separate file. Is there a way that I can put variables inside the execute statement that will read and store information from what was inserted in the dialog box on the main page so that it will insert whatever is typed into the textfields to add a row?? The only thing I can find online so far is hardcoding specific information into the execute statement, which I do not want.

Buttons for table:

<form> 
    Table Name: <input type="text" value="Stage_Rebate_Master" id="tableNameInput">
    <button class="create-user" id="insertButton">Insert Test Object</button>
    <button id="updateButton">Update Test Object</button>
    <button id="deleteButton">Delete Test Object</button>
    </form>

HTML table that loops through DB to import rows of info:

<div id="users-contain" class="ui-widget">  
<table id="html_master" class="ui-widget ui-widget-content">
<thead>
    <tr class="ui-widget-header">
    <td>ID</td>
    <td>Vendor</td>
    <td>Buyer ID</td>
    <td>POC Name</td>
    <td>POC Email</td>
    <td>POC Phone</td>
    <td>Edit/Delete</td>
    </tr>
</thead>
<tbody>


<?php
    /* Foreach loop that brings in information to populate table */
    foreach ($dbh->query($sql) as $rows){
    ?>
    <tr>
        <td class="mr_id" contenteditable="false"><?php echo intval ($rows['MR_ID'])?></td>
        <td class="mr_name" name="field" contenteditable="false"><?php echo $rows['MR_Name']?></td>
        <td class="buyer_id" contenteditable="false"><?php echo $rows['Buyer_ID']?></td>
        <td class="poc_n" contenteditable="false"><?php echo $rows['MR_POC_N']?></td>     
        <td class="poc_e" contenteditable="false"><?php echo $rows['MR_POC_E']?></td>
        <td class="poc_p" contenteditable="false"><?php echo $rows['MR_POC_P']?></td>
        <td><input type="button" class="edit" name="edit" value="Edit">
        <input type="button" class="deactivate" name="deactivate" value="Deactivate"></td>
    </tr>
 <?php
  }
 ?>

DB connection and execute statement:

<?php

  $tableName = $_POST['tableName'];

  $host="xxxx"; 
  $dbName="xxxxxx"; 
  $dbUser="xxxxxxxxxxx"; 
  $dbPass="xxxxxx";

  $pdo = new PDO("sqlsrv:server=".$host.";Database=".$dbName, $dbUser, $dbPass);

  $sql = "INSERT INTO ".$tableName." (MR_ID, MR_Name, Buyer_ID, MR_POC_N, MR_POC_E, MR_POC_P) VALUES (?, ?, ?, ?, ?, ?)";
  $stmt = $pdo->prepare($sql);
  $result = $stmt->execute(array(0,'Test Object', '1234', 'John','john@example.com','555-555-5555'));  
  echo json_encode($result);

?>

Dialog Box that I want information pulled from and entered into my execute statement:

  <p>All form fields are required.</p>

  <form>
    <fieldset>
      <label for="mr_name">Vendor</label>
      <input type="text" id="mr_name">
      <label for="buyer_id">Buyer ID</label>
      <input type="text" id="buyer_id">
      <label for="poc_n">POC Name</label>
      <input type="text" id="poc_n">
      <label for="poc_p">POC Email</label>
      <input type="text" id="poc_e">
      <label for="poc_p">POC Phone</label>
      <input type="text" id="poc_p">

      <input type="submit" id="submit" tabindex="-1" style="position:absolute; top:-1000px">
    </fieldset>
  </form>

An option could be using AJAX to call your code within your separate PHP file and use AJAX to also add a row into your table, or get it to reload the page after you've completed the SQL query.

You can always pass variables through to the PHP page being called through the 'data:' section of the ajax;

<script type="text/javascript">
function addRow() {
ajaxWrite = $.ajax({
    url: './requesters/addRow.php',
    type: 'GET',
    dataType: 'text',
    data: { fileName: "." + propFolder + currentUser + userTimings,
            fileContents: JSON.stringify( slotTimings )
    },
    beforeSend: function( xhr, settings ) {
        $( "#fileLoadIndicator" ).fadeIn( 0, "linear" );
        document.getElementById( "fileLoadIndicator" ).innerHTML = "Creating custom user file for: " + currentUser + "<br>Now uploading file to server.";
    },
    success: function( data, textStatus, xhr ) {
        document.getElementById( "fileLoadIndicator" ).innerHTML = xhr.responseText;
        $( "#fileLoadIndicator" ).delay( 5000 ).fadeOut( "slow", "linear" );
    },
    error: function( xhr, textStatus, errorThrown ) {
        document.getElementById( "fileLoadIndicator" ).innerHTML = "No custom user file was able to be written for: " + currentUser + "<br>Error: " + errorThrown + ".";
        $( "#fileLoadIndicator" ).delay( 5000 ).fadeOut( "slow", "linear" );
    }
});

}

In the HTML;

<button id="addRow" onclick="addRow()">Add a Row</button>

To pull them out, its a simple PHP variable assignment;

<?php
$fileName=$_GET[ 'fileName' ];
$fileContents=$_GET[ 'fileContents' ];
?>