Closed. This question needs details or clarity。它当前不接受答案。
                            
                        
                    
                
                            
                                
                
                        
                            
                        
                    
                        
                            想改善这个问题吗?添加详细信息并通过editing this post阐明问题。
                        
                        2年前关闭。
                                                                                            
                
        
帮助请。我只想完成查询,但不知道如何放置回声值show tables from (echo value which is the database)

<?php

if (isset($_POST['database'])){

    echo $_POST['database'];

    $qry = "show tables from ";
    $res = mysqli_query($link,$qry);

    while ($row = mysqli_fetch_array($res)){
         echo $row[0]."<br>";
    }
}

最佳答案

您可以使用输入值轻松完成查询,请参见以下代码:



<?php
 if (isset($_POST['database'])){

 echo $_POST['database'];

 $qry = "show tables from " . $_POST['database'];
 $res = mysqli_query($link,$qry);

  while ($row = mysqli_fetch_array($res)){
  echo $row[0]."<br>";
  }
  }





但是如果这个函数是内部函数,可以看看sql injections hack,但是如果您从外部客户端获取数据库名称,则应该使用以下代码来完成查询:



in PDO :

$query = "SELECT * FROM test_table WHERE enabled = 1 AND id = :id";
$stmnt = $db->prepare($query);
$stmnt->execute(array(':id' => $_POST['id']));

10-06 06:18