What are the potential pitfalls of swapping the database with the table name in a MySQL query in PHP?

Swapping the database with the table name in a MySQL query in PHP can lead to SQL injection vulnerabilities if the input is not properly sanitized. To avoid this, always use prepared statements with parameterized queries to prevent malicious SQL injection attacks.

// Connect to the database
$pdo = new PDO("mysql:host=localhost;dbname=your_database", "username", "password");

// Prepare a parameterized query
$stmt = $pdo->prepare("SELECT * FROM your_table WHERE column_name = :value");

// Bind the parameter
$stmt->bindParam(':value', $input_value);

// Execute the query
$stmt->execute();

// Fetch the results
$results = $stmt->fetchAll();