在我的PHP代码下拉列表中从MYSQL中选择项目时出错 - error in my PHP code drop down list to select item from MYSQL

error in my PHP code drop down list to select item from MYSQL

我有一个有下拉列表的界面，你必须选择一个项目并点击提交按钮才能在mysql中查看数据库，但不起作用，它会给出错误"Table'balhaf.$Table'不存在"

这是我的代码接口

<html>
<body>
<form method="post" action="list_files.php">
<input name="go" type="submit" value="submit" / >
<?php
$dbname = 'balhaf';
if (!mysql_connect('localhost', 'sqldata', 'sqldata')) {
echo 'Could not connect to mysql';
exit;
}
$sql = "SHOW TABLES FROM $dbname";
$result = mysql_query($sql);
if (!$result) {
echo "DB Error, could not list tables'n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
echo '<select name="dropdown" style="width:150px">';
echo '<option value="">Select</option>';
while ($row = mysql_fetch_row($result)) {
echo '<option value="'.$row[0].'">'.$row[0].'</option>';
}
echo '</select>';
echo '</form>';
mysql_free_result($result);
?>
</body>
</html>

我的第二个代码"list_files.php"

<?php
if(isset($_POST["dropdown"]))
{
echo "ok";
}
$table = $_POST['dropdown'];
// Connect to the database
$dbLink = new mysqli('localhost', 'sqldata', 'sqldata', 'balhaf');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Query for a list of all existing files
$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM $table';
$result = $dbLink->query($sql);
// Check if it was successfull
if($result) {
// Make sure there are some files in there
if($result->num_rows == 0) {
    echo '<p>There are no files in the database</p>';
}
else {
    // Print the top of a table
    echo '<table border="1" align="center">
          <H2 align="center"> Report Table</H>
            <tr>
                <td><b>Name</b></td>
                <td><b>Mime</b></td>
                <td><b>Size (bytes)</b></td>
                <td><b>Created</b></td>
                <td><b>Download</b></td>
            </tr>';
 // Print each file
    while($row = $result->fetch_assoc()) {
        echo "
            <tr>
                <td>{$row['name']}</td>
                <td>{$row['mime']}</td>
                <td>{$row['size']}</td>
                <td>{$row['created']}</td>
                <td><a style='text-decoration:none;' href='get_file.php?id=    {$row['id']}'>Download</a></td>
            </tr>";
    }
    // Close table
    echo '</table>';
   }
   // Free the result
   $result->free();
   }
   else
   {
   echo 'Error! SQL query failed:';
   echo "<pre>{$dbLink->error}</pre>";
   }
  // Close the mysql connection
  $dbLink->close();
  ?>

您看到的错误是数据库错误。这与下降无关。

您所遵循的语法不正确。

更改

$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM $table';

至

$sql = "SELECT id, name, mime, size, created FROM '$table'";

您的代码：

$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM $table';

应为：

$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM '.$table;

或

$sql = "SELECT `id`, `name`, `mime`, `size`, `created` FROM $table";

当变量在字符串中时，将｛｝放在它们周围：

 $sql = "SHOW TABLES FROM $dbname"; //might work
 $sql = "SHOW TABLES FROM {$dbname}"; //preferable

在字符串中放入变量时，请确保使用双引号：

 $sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM $table'; //wrong
 $sql = "SELECT `id`, `name`, `mime`, `size`, `created` FROM {$table}"; //right

此外，请注意，如果您让用户设置您放入字符串中的变量，那么这将容易受到SQL注入攻击。