PHP mysql statement not functioning with variable value

Question

Hi everyone I have a PHP script that I wrote which is supposed to validate if a user is already in the database. i can explain better which the code here first

<?php
 #this php file will check the users details entered against the details in the database and echo a response based on if theyre right or not
if($_SERVER['REQUEST_METHOD']=='POST'){
$database = $_POST['database'];
$username = $_POST['username'];
require_once('connection.php'); #require connection.php to connect to database 

$sql = "SELECT username FROM '$database' WHERE username = '$username'";
$result = mysqli_query($connect,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
echo 'exists';
}else{
echo 'success';
}
}
?>

The issue is with the SQL statement specifically the from $database part. The value of $database should be TPS_STATS which should work but isn't, if I change the statement too from TPS_STATS it works fine. I have echoed the value of $database out to test it and it returns TPS_STATS So I am at a loss to why it will not execute properly. To clarify further, if a username is in the database it should print exists where if not it will print success, it always prints success when i try to use the $database variables value

Where you refer to `$database`, you actually mean table, not database. — Mitya, Mar 02 '19 at 15:16
sorry yeah that is just bad naming conventions on my part, it is the table i am referring to — Charlie Ansell, Mar 02 '19 at 15:18
hi guys, I have just tried to echo var_dump($sql) and the result was "select username from 'TPS_STATS' where username = 'Charlie'" — Charlie Ansell, Mar 02 '19 at 15:23
Just in case you didn't figure it out `'$database'` should be `$database` i.e. the value should not be in quotes. — Nick, Mar 05 '19 at 00:28

PHP mysql statement not functioning with variable value

0 Answers0