I'm trying to add new database user by these statements:
$insert = $db->prepare("CREATE USER ? IDENTIFIED BY ?");
$insert->bind_param('ss', $_POST['username'], $_POST['pass']);
$insert->execute();
Database gives me error:
You have an error in your SQL syntax; (...) near '? IDENTIFIED BY ?' at line 1
When I try to add new user without ?
wildcards, everything is fine:
CREATE USER john IDENTIFIED BY 'johnpassword' //this works
,
but even using CONCAT("'", ?, "'")
for submitting data doesn't help.
I read in MySQL documentation that MySQL 5.7 should support prepared statements for CREATE USER
SQL statement, but with MySQLi it doesn't seem to.