What do you think about this solution instead of using tables name as a PDO parameter?

Question

I'm using the PDO class to connect to mysql becuase I noticed that it's the best and surest way to do it. I noticed also that i can't use PDO parameter in tables name so I saw this question: Can PHP PDO Statements accept the table or column name as parameter?

I use in my application a GET parameter as a table name and now my question is: It's better to use

   function buildQuery( $get_var ) 
{
    switch($get_var)
    {
        case 1:
            $tbl = 'users';
            break;
    }

    $sql = "SELECT * FROM $tbl";
}

or just give a "show tables" in MySql and compare every single table resulted from this command to the table passed via GET?

Thank you all!

Answer 1

Although "Just give a "show tables" in MySql and compare every single table resulted from this command to the table passed via GET" approach is flawed, it is not the main problem.

You are no the first one who, having no basic knowledge on database design, inventing yet another square wheel and then come to the community for help to make it move.

You need to rewind your ideas back some.
And reconsider database design, which should never involve dynamical tables, each of them used as a some sort of plain text file, queried with just SELECT * FROM table.

Please learn some relational database design basics first, then create a sensible design, then query your tables the way everyone do it: keep all the data in one table and use WHERE clause to get specific data.

Answer 2

Youre first solution is fine.

But don't pass the tablename via get. just pass a number which you can lookup via switch the table name.