May 27, 2013

How to provide table name to select from a search text box like: SELECT * FROM $query

User2425381’s Question:

I cant find the answer anywhere, maybe someone could help me. I need to display my MySQL table, but I need to give the name of the table through search box.
Something like this:

$raw_results = mysql_query("SELECT * FROM $query") or die(mysql_error());

Your code already does that, only thing remaining is to pass the value to the variable $query

$query = "your search query";

$raw_results = mysql_query("SELECT * FROM $query") or die(mysql_error());

However, what you are doing is very vulnerable, you should not pass the table name from the text box to the code directly.

$query = $_POST['searchbox'];

Doing such will leave your code very vulnerable as I could type in users and get all the details of the user.

Change your programming, whatever you are trying to do is wrong.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!