As the other posters have mentioned already, table names, column names, and values need to be quoted differently:

$sth = $dbh->prepare(
  sprintf("select * from %s where %s = %s",
    $dbh->quote_identifier($table),
    $dbh->quote_identifier($col),
    $dbh->quote($sel))
);
[download]

And (continuing with the other posters theme), you ought to be using prepared statements to decouple SQL and the actual values.