mysqli_fetch_all() not working when table name is a variable

Question

I am trying to get an array from a database. I got the table name from a previous PHP file and I am trying to return the array. However, it only responds with an error.

If I replace the $db_name in the query with the name as a string it works fine but that is not what I want. I don't know why it is not working. Is it just not liking the query? It only does not work when I put in the table name as a variable.

   $db_name = $_SESSION['databaseMenu'];
   echo $db_name;

   $sql="SELECT feed FROM '".$db_name."' ";
   $result=mysqli_query($con,$sql);

   // Fetch all
   $outp = mysqli_fetch_all($result,MYSQLI_ASSOC);


   $arra = array_values($outp);


   return $arra;

Like I said earlier, when the query is a simple text it returns the array however when I put in the variable it responds with the error: ''' Warning: mysqli_fetch_all() expects parameter 1 to be mysqli_result, boolean given in '''

Any advice is appreciated.

For one, you should be **really careful** with using variable table-names like this. Be very sure that you only accept values that you *know* are usable and safe. Secondly, tablenames are not to be quoted with `'` quotes like you have it - use ticks instead. `\`` — Qirel, Apr 05 '19 at 09:40

score 1 · Answer 1 · edited Apr 05 '19 at 09:49

1

Use

$sql="SELECT feed FROM ".$db_name." ";

Instead of

$sql="SELECT feed FROM '".$db_name."' ";

edited Apr 05 '19 at 09:49

Qirel

25,449
7
45
62

answered Apr 05 '19 at 09:42

Aakash Martand

926
1
8
21

1

Please avoid answering duplicate questions. – Qirel Apr 05 '19 at 09:50

mysqli_fetch_all() not working when table name is a variable

1 Answers1