I am putting a placeholder for an identifier, and to sanitize the table variable I have done:
$table = "users";
$table = "`".str_replace("`","``",$table)."`";
and done this to run my query:
$stmt = $dbconn->prepare("SELECT * FROM ? WHERE username = ?");
$stmt->execute([$table, "irfan"]);
This is the error I am receiving:
check the manual that corresponds to your MariaDB server version for the right syntax to use near ''`users`' WHERE username = 'irfan''
