Untitled

function validTable($table){
        global $db;
        $dbh = $this->connect();
        $sql = $dbh->prepare('SHOW TABLES
FROM `'.$db->db_name.'`
WHERE
    `Tables_in_'.$db->db_name.'` LIKE 'prefix_%'');
        $sql->execute();
        $return = false;
        foreach($sql->fetchAll(PDO::FETCH_ASSOC) as $row){
            if($table === $row['Tables_in_'.$db->db_name]){
                $return = $row['Tables_in_'.$db->db_name];
                break;
            }
        }
        return $return;
    }

$tableName = 'prefix_tableName' //potentially compromised table name
$validTable = validTable($tableName);
if($validTable !== false){
    $sql = $dbh->prepare('SELECT * FROM '.$validTable);
    //do other stuff
} else {
    //error
}