mysql prepared statements, is this possible?

function fetchbyId($tableName,$idName,$id){
        global $connection;
        $stmt = mysqli_prepare($connection, 'SELECT * FROM ? WHERE ? = ?'); 
        var_dump($stmt);
        mysqli_stmt_bind_param($stmt,'s',$tableName);
        mysqli_stmt_bind_param($stmt,'s',$idName);
        mysqli_stmt_bind_param($stmt,'开发者_如何学Ci',$id);
        $stmt = mysqli_stmt_execute($stmt);
        mysqli_stmt_bind_result($name,$id);
        $fetchArray = array();
        while($row = mysqli_stmt_fetch($stmt)){
            $fetchArray[] = $row;
        }
        return $fetchArray;
    }

can i use the place holders for table names to or is this only possible for table columns?

---

No, it only accepts values (i.e.: not columns, table names, schema names and reserved words), as they will be escaped. You can do this though:

$sql = sprintf('SELECT * FROM %s WHERE %s = ?', $tableName, $idName);
$stmt = mysqli_prepare($connection, $sql); 
mysqli_stmt_bind_param($stmt,'i',$id);

---

No, you can't. Table and column names are syntax, values are data. Syntax cannot be parameterized.

The table/column name can safely be inserted into the string directly, because they come from a proven, limited set of valid table/column names (right?). Only user-supplied values should be parameters.

function fetchbyId($tableName,$idName,$id){
    global $connection;
    $stmt = mysqli_prepare($connection, "SELECT * FROM $tableName WHERE $idName = ?"); 
    mysqli_stmt_bind_param($stmt,'i',$id);
    $stmt = mysqli_stmt_execute($stmt);
    mysqli_stmt_bind_result($name,$id);
    $fetchArray = array();
    while($row = mysqli_stmt_fetch($stmt)){
        $fetchArray[] = $row;
    }
    return $fetchArray;
}