PHP : Using a variable to hold a table name, and using that variable in queries [duplicate]

Answer 1

$query = "SELECT `stud_no` FROM `".$mysql_tb."` WHERE `stud_no`='$studno'";

and

$query = "INSERT INTO `".$mysql_tb."` VALUES ('".$studno."','".$firstname."','".$lastname."')";

You may also want to look into using something like PDO which will allow you to use named parameters and avoid SQL injections.