As Ben said you can't bind table names in prepared statements. You can sanitize the table name by whitelisting.
An array of allowed table names is used to ensure only those on the whitelist can be used.
$table = "table1";//Your table name
$allowed_tables = array('table1', 'table2');//Array of allowed tables to sanatise query
if (in_array($table, $allowed_tables)) {
getTableKeys($table);
}
The SQL SHOW KEYS FROM $table
will only be queried if table1 is in list.
public function getTableKeys($table){
//OBTAIN TABLE KEYS
try {
$conn = $this->db->_pdo;
$conn->beginTransaction();
$query = $this->db->_pdo->prepare('SHOW KEYS FROM $table');
$query->execute();
$keys = $query->fetchAll(PDO::FETCH_ASSOC);
$conn->commit();
return $keys;
}catch (Exception $e) {
$conn->rollback();
echo 'Caught exception: ', $e->getMessage(), "\n";
return false;
}
}