I have a field where the user can set the name of each column of a mysql table. I use a prepared statement so the SQL Injection part is safe but I have the following situati
