为什么在PHP中这是一个糟糕的MYSQL查询？(Why is this a bad MYSQL query in PHP?)

为什么在PHP中这是一个糟糕的MYSQL查询？(Why is this a bad MYSQL query in PHP?)

这是我在php中使用的错误的mysql查询吗？

$tablenamep = $_POST["tablenamep"]; $res = mysqli_query($con, "SELECT * FROM `$tablenamep` WHERE number=9");

所以当我尝试使用以下方法获取结果时：

while ($row = mysqli_fetch_assoc($res))

有一个sql注入错误： mysqli_fetch_assoc（）期望参数1是mysqli_result，给出布尔值

我已经阅读了有关此错误的几个问题和答案，但我的问题是为什么查询返回一个布尔值，当我甚至为$ tablenamep变量添加了一个值。 我使用以下代码从我的Android应用程序中将值添加到变量中：

nameValuePairs.add(new BasicNameValuePair("tablenamep", msg));

代码工作，并没有任何错误，但我的Android应用程序崩溃当我试图得到PHP的结果。 我该怎么解决这个问题！ （注意：我的Android应用程序没有任何问题，我已经彻底检查了它）

为什么这是一个糟糕的查询？ 我可以做什么让Query不返回布尔值，并返回实际值？

Is this a bad mysql query i used in php?

$tablenamep = $_POST["tablenamep"]; $res = mysqli_query($con, "SELECT * FROM `$tablenamep` WHERE number=9");

So when i try to fetch the result using:

while ($row = mysqli_fetch_assoc($res))

There is an sql injection error : mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given

I have read several questions and answers regarding this error, but my question is why is the query returning a boolean, when i have even added a value to $tablenamep variable. I added the value to the variable from my android app using this code :

nameValuePairs.add(new BasicNameValuePair("tablenamep", msg));

The codes are working and there aren't any errors, but my android app is crashing when i try to get the result of the php. How can i solve this! (NOTE : there is nothing wrong in my android app, i've thoroughly checked it)

Why is this a bad query? What can i do for the Query to not return a boolean, and return the actual value?

最满意答案

我想你的$res = mysqli_query($con, "SELECT * FROM $ tablenamep WHERE number=9"); 返回失败。

正如技术细节表中所述

对于成功的SELECT，SHOW，DESCRIBE或EXPLAIN查询，它将返回一个mysqli_result对象。 对于其他成功的查询，它将返回TRUE。 失败时错误

mysqli_fetch_assoc（）函数需要mysqli_result但是查询失败了，为什么它返回boolean而不是object。

I guess your $res = mysqli_query($con, "SELECT * FROM$tablenamepWHERE number=9"); returns fails.

As what stated here in TECHNICAL DETAILS TABLE

For successful SELECT, SHOW, DESCRIBE, or EXPLAIN queries it will return a mysqli_result object. For other successful queries it will return TRUE. FALSE on failure

mysqli_fetch_assoc() function needs mysqli_result but the query fails that why it returns boolean instead of object.