I would like to know how to put the name of a table received by POST in a SELECT. I'm trying several alternatives and there's no way I can do the search:
$response=mysql_query("select id,answer from ".$_POST['bd']." where id IN($order)
ORDER BY FIELD(id,$order)") or die(mysql_error());
First, as you have already been told, you should use PDO. You should use prepared queries so that nobody can do sql injections, using the unfiltered parameters that you have as $ _POST ['bd'].
Even so, the first thing I would do in your case would be to collect and see what value comes to you in $ _POST ['bd'] and make a purify to remove labels such as and according to the value that comes to you, which could be for example numerical assign a value.
Example:
if (intval($_POST['bd']) === 1) {
$from = "db.answers";
}
$query=mysql_query("
select
id,answer
from
{$from}
where
id IN($order)
ORDER BY
FIELD(id,$order)") or die(mysql_error());