escaping column name with PDO

Question

I have a function that\'s like

function getInfoById($id, $info) {

}

the idea is to have a query be \"SELECT $info FROM table WHERE i

Answer 1

I would just filter it out with some regex. Keep it simple.

Also, you should bind $id and have it be :id

$info = preg_replace('/[^A-Za-z0-9_]+/', '', $info);

$stmt = $pdo->prepare('SELECT $info FROM table WHERE id = :id'); 
$stmt->bindParam(':id', $id);
$stmt->execute();