I have a stored procedure that allows for only the table name to be passed and returns the first two columns of the table based on ordinal value. I have put an example of this below. Since I always put the id and name in the first two columns in the table this works fine. My question though is what is the problem with doing it this way? I have read that it is wrong to pass the table name in dynamic sql and using ordinal values from the information_schema is not recommended. Could anyone elaborate on the reasons for this?

Example below:

CREATE DEFINER=`dailiesadmin`@`%` PROCEDURE `sp_ordinalpos`(in p_table varchar(45))
begin
set @t = p_table;
set @col1 = (select column_name
from information_schema.columns
where table_name = @t
and ordinal_position = 1);
set @col2 = (select column_name
from information_schema.columns
where table_name = @t
and ordinal_position = 2);
set @s = concat('select',' ',@col1,' ',',',@col2,' ','from',' ',@t);
prepare stmt from @s;
execute stmt;
deallocate prepare stmt;
end