Curriculaa Curriculaa - 7 months ago 11
SQL Question

Writing the attributes of a database in PHP

I am writing an application in which user can enter a database name and I should write all of its contents in table with using PHP.I can do it when I know the name of database with the following code.

$result = mysqli_query($con,"SELECT * FROM course");

echo "<table border='1'>
<tr>
<th>blablabla</th>
<th>blabla</th>
<th>blablabla</th>
<th>bla</th>
</tr>";

while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['blablabla'] . "</td>";
echo "<td>" . $row['blabla'] . "</td>";
echo "<td>" . $row['blablabla'] . "</td>";
echo "<td>" . $row['bla'] . "</td>";
echo "</tr>";
}
echo "</table>";


In this example I can show it since I know the name of table is course and it has 4 attributes.But I want to be able to show the result regardless of the name the user entered.So if user wants to view the contents of instructors there should be two columns instead of 4.How can I accomplish this.I get the table name with html.

Table:<input type="text" name="table">


Edit:Denis's answer and GrumpyCroutons' answer are both correct.You can also ask me if you didnt understand something in their solution.

Answer

Quickly wrote this up, commented it (This way you can easily learn what's going on, you see), and tested it for you.

    <form method="GET">
        <input type="text" name="table">
    </form>

    <?php


    //can be done elsewhere, I used this for testing. vv
    $config = array(
         'SQL-Host' => '',
         'SQL-User' => '',
         'SQL-Pass' => '',
         'SQL-Database' => ''
    );
    $con = mysqli_connect($config['SQL-Host'], $config['SQL-User'], $config['SQL-Pass'], $config['SQL-Database']) or die("Error " . mysqli_error($con));
    //can be done elsewhere, I used this for testing. ^^


    if(!isSet($_GET['table'])) { //check if table choser form was submitted.
        //In my case, do nothing, but you could display a message saying something like no db chosen etc.
    } else {

    $table   = mysqli_real_escape_string($con, $_GET['table']); //escape it because it's an input, helps prevent sqlinjection.

    $sql     = "SELECT * FROM " . $table; // SELECT * returns a list of ALL column data
    $sql2    = "SHOW COLUMNS FROM " . $table; // SHOW COLUMNS FROM returns a list of columns

    $result  = mysqli_query($con, $sql);
    $Headers = mysqli_query($con, $sql2);

    //you could do more checks here to see if anything was returned, and display an error if not or whatever.

    echo "<table border='1'>";
    echo "<tr>"; //all in one row

    $headersList = array(); //create an empty array

    while($row = mysqli_fetch_array($Headers)) { //loop through table columns
         echo "<td>" . $row['Field'] . "</td>"; // list columns in TD's or TH's.
         array_push($headersList, $row['Field']); //Fill array with fields
    } //$row = mysqli_fetch_array($Headers)

    echo "</tr>";

    $amt = count($headersList); // How many headers are there?

    while($row = mysqli_fetch_array($result)) {
         echo "<tr>"; //each row gets its own tr
         for($x = 1; $x <= $amt; $x++) { //nested for loop, based on the $amt variable above, so you don't leave any columns out - should have been <= and not <, my bad
             echo "<td>" . $row[$headersList[$x]] . "</td>"; //Fill td's or th's with column data
        } //$x = 1; $x < $amt; $x++
             echo "</tr>";
    } //$row = mysqli_fetch_array($result)

    echo "</table>";
    }
    ?>