Bug #17491 parameter markers can’t be use to replace table names
Submitted: 16 Feb 2006 19:22 Modified: 16 Feb 2006 22:22
Reporter: [ name withheld ] Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.15-nt OS:Windows (Windows)
Assigned to: CPU Architecture:Any

[16 Feb 2006 19:22] [ name withheld ] 
Description:
On a Prepared Statements parameter markers (?) can’t  be use to replace table names. 
It generates "ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' .... "

How to repeat:
mysql> PREPARE stmt1 FROM 'select *  from ? ';
mysql> PREPARE stmt1 FROM 'delete  from ? ';
[16 Feb 2006 22:22] MySQL Verification Team 
Thank you for the bug report. Please read:

http://dev.mysql.com/doc/refman/5.0/en/sqlps.html

13.7. SQL Syntax for Prepared Statements

........................................................

PREPARE stmt_name FROM preparable_stmt 

The PREPARE statement prepares a statement and assigns it a name, stmt_name, by which to refer to the statement later. Statement names are not case sensitive. preparable_stmt is either a string literal 
...............................
enclosed within quotes, even if you intend to bind them to string values. Parameter markers can be used only where data values should appear, not for SQL keywords, identifiers, and so forth. 

Note the "not for ... identifiers."