Updating SQL Column

Question

So I have a table with 6 columns, each column corresponds to a certain product type. Each column holds a number that corresponds to the number of times people have chosen that p

Answer 1

First make sure, $column is in an accepted list of values. Next, you can't bind :column you will have assign it like so:

$stmt = $link->prepare('UPDATE table SET ' . $column .' = :num'); 
$stmt->bindParam(':num', $num);
$stmt->execute();

If you were going to check for a valid $column I would use

$valid_column = preg_match('/[a-z0-9_]/i, $column);

or a sufficient replace (preg_replace). Though you would likely wrap it in a try/catch and set exceptions to be thrown in your PDO instance to make sure it's even legit.