Which way to loop or new technique

Dear all have you got any technique loop code look like this

        $handler=$this->prepare('SELECT :field FROM :table');
        $handler->execute(array( ':field' => $field, ':table' => $table 

what i need is ‘:field’ => $field, ‘:table’ => $table pleas help :slight_smile:

That question doesn’t really make any sense, but I can tell you that what you’re doing in your code will never work.

Placeholders in prepared statements are meant for values, not identifiers. They will never actually be a part of the query; they are passed to the database with the query and used after the query has been parsed. This is important to understand, because without a valid field definitions and a valid table name, the query won’t parse correctly.

If you need to construct a query based on variables, you’ll need to do that the old fashioned way. You shouldn’t really need to use prepared statements anyways, because under no circumstances should you be passing external variables into a query as an identifier without extensive validation and white-listing. In fact, you would do much better to use hard-coded values for the input, selected based on those variables

Something along the lines of:

function get_query_data() {
    $valid_tables = ["table1", "table2", "table3"];
    $valid_fields = ["field1", "field2", "field3", "field4"];

    if (!in_array($_GET["table"], $valid_tables)) {
        throw new Exception("Invalid table name passed!");
    if (!in_array($_GET["field"], $valid_fields)) {
        throw new Exception("Invalid field name passed!");

    return ["table" => $_GET["table"], "field" => $_GET["field"]];

try {
    $data = get_query_data();
    $sql = "SELECT %s FROM %s";
    $sql = sprintf($sql, $data["field"], $data["table"]);

    echo $sql;
catch (Exception $e) {
    trigger_error($e->getMessage(), E_USER_ERROR);