You probably shouldn’t do this. Accepting a column name as a parameter is opening yourself to SQL injection.