How to search for a constant value by posting the column name in php mysql?

Question

I have created this code to retrieve multiple user data where the pincode = the pin-code i am posting through post method and $value = 't'($value = a column name(i want to send the column name using post method(column name= a, b, ho, ll, c, d)) where i want it to look for 't'). my code is not complete and i don't know how to do it can anyone help me with this? Later i want it to connect with android app and list view the retrieved data.

My function in DbOperations.php

<?php

class DbOperations{

    private $con;

    function __construct(){

        require_once dirname(__FILE__).'/DbConnect.php';

        $db = new DbConnect();

        $this->con = $db->connect();

    }
public function gettestuser($pin){
        $stmt = $this->con->prepare("SELECT * FROM test_category WHERE $value = 't' pin = ?");
        $stmt->bind_param("s",$pin);
        $stmt->execute();
        return $stmt->get_result()->fetch_assoc();
    }

My gettestuser.php

<?php
require_once '../include/DbOperations.php';

$response = array();

if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['reg_pin'])){

    $db = new DbOperations();

    $test_category = $db->gettestuser($_POST['reg_pin']);

    var_dump($test_category);

        $response['error'] = false;
        $response['pid'] = $test_category['pid'];
        $response['name'] = $test_category['name'];
        $response['pin'] = $test_category['pin'];
        $response['a'] = $test_category['a'];
        $response['b'] = $test_category['b'];
        $response['ho'] = $test_category['ho'];
        $response['ll'] = $test_category['ll'];
        $response['c'] = $test_category['c'];
        $response['d'] = $test_category['d'];



}else{
    $response['error'] = true;
    $response['message'] = "Required fields are missing";
}
}

echo json_encode($response);
?>

Answer 1

Something like this.

DbOperations.php:

public function gettestuser($col_name, $pin) {
    $valid_columns = array('a' => 1, 'b' => 1, 'ho' => 1, 'll' => 1, 'c' => 1, 'd' => 1);
    if (!array_key_exists($col_name, $valid_columns)) {
        throw new Exception('Bad column name');
    }

    $stmt = $this->con->prepare("SELECT * FROM test_category WHERE $col_name = 't' pin = ?");
    $stmt->bind_param("s", $pin);
    $stmt->execute();
    return $stmt->get_result()->fetch_assoc();
}

gettestuser.php:

<?php
require_once '../include/DbOperations.php';

$response = array();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (isset($_POST['reg_pin']) && isset($_POST['reg_value'])) {
        $db = new DbOperations();

        $test_category = $db->gettestuser($_POST['reg_value'], $_POST['reg_pin']);

        var_dump($test_category);

        $response['error'] = false;
        $response['pid'] = $test_category['pid'];
        $response['name'] = $test_category['name'];
        $response['pin'] = $test_category['pin'];
        $response['a'] = $test_category['a'];
        $response['b'] = $test_category['b'];
        $response['ho'] = $test_category['ho'];
        $response['ll'] = $test_category['ll'];
        $response['c'] = $test_category['c'];
        $response['d'] = $test_category['d'];
    } else {
        $response['error'] = true;
        $response['message'] = "Required fields are missing";
    }
}

echo json_encode($response);
?>