如何使用 PHP 和 MYSQL 动态更改表列

Question

I added a form including an input field and a button. Now I am trying to pass the text from the input field into my query as the column name when the button is pressed. the form's method is post and the action is the path to the PHP file that holds the function. The text from the input field is held in the variable $subject and now I'm trying to pass this variable into to the query. I'm running my application on XAMPP server and it keeps on giving me this

error: "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''English' VARCHAR(100)' at line 1" .

How do I do this successfully?

WEB PAGE SOURCE:

<form action="addons/functions.php" method="POST">
                            <br><h1 class="bg-warning">Subject</h1>
                            <input type="text" placeholder="add Subject" name="subject" class="input-group"><br>
                            <button type="submit" name="addsub" class="btn-success btn-dark">Add Subject</button>
                            <span class="mailspan"><?php 

                            if(isset($_SESSION['message'])){
                                echo $_SESSION['message'];
                                unset ($_SESSION['message']);
                            }

                    ?></span>
                        </form>

PHP FILE SOURCE:

if (isset($_POST['addsub'])){
    $sub=$_POST['subject'];
    $conn->query("ALTER TABLE students ADD '$sub' VARCHAR(100)" ) or die($conn->error);
    $_SESSION['message']='Subject added successfully!';
 header("location:../admin.php");
}

Answer 1

I think there is a missing word "COLUMN" in this query if you are going to add new column. Instead of this

"ALTER TABLE students ADD '$sub' VARCHAR(100)"

Try

"ALTER TABLE students ADD COLUMN '$sub' VARCHAR(100)"

But like other guys said, read about prepared statements to avoid SQL injection.