创建用户失败Mysqli准备语句

Question

我想创建一个简单的PHP脚本来创建和分配给SQL用户的属性。查询工作正常，如果没有参数使用，但失败，否则。

做工精细

$conn = new mysqli('127.0.0.1', 'root', 'pass'); 
$sql = "CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'"; 
$stmt = $conn->prepare($sql); 
$stmt->execute(); 

两个用户名和密码?

$conn = new mysqli('127.0.0.1', 'root', 'pass'); 
$sql = "CREATE USER '?'@'localhost' IDENTIFIED BY '?'"; 
$stmt = $conn->prepare($sql); 
$uname = "carn"; 
$pass = "pass"; 
$stmt->bind_param('ss', $uname, $pass); 
$stmt->execute(); 

两个用户名和密码都在语法?

$conn = new mysqli('127.0.0.1', 'root', 'pass'); 
$sql = 'CREATE USER "?"@"localhost" IDENTIFIED BY "?"'; 
$stmt = $conn->prepare($sql); 
$uname = "carn"; 
$pass = "pass"; 
$stmt->bind_param('ss', $uname, $pass); 
$stmt->execute(); 

错误，请检查文档

$conn = new mysqli('127.0.0.1', 'root', 'pass'); 
$sql = "CREATE USER ?@'localhost' IDENTIFIED BY ?"; 
$stmt = $conn->prepare($sql); 
$uname = "carn"; 
$pass = "pass"; 
$stmt->bind_param('ss', $uname, $pass); 
$stmt->execute(); 

错误语法，检查文件

$conn = new mysqli('127.0.0.1', 'root', 'pass'); 
$sql = "CREATE USER `?`@'localhost' IDENTIFIED BY `?`"; 
$stmt = $conn->prepare($sql); 
$uname = "carn"; 
$pass = "pass"; 
$stmt->bind_param('ss', $uname, $pass); 
$stmt->execute(); 

我不知道在哪里可以从这里走。这可能是我使用引号的一个问题，我在这里看到两个相关的问题，但没有一个回答正确。

Answer 1

使用预处理语句，您只能使用有限的查询子集。创建用户不包括在内。

您可以尝试INSERT到mysql.user表，像

INSERT INTO `mysql`.`user` (Host,User,Password)VALUES(?,?,password(?)); 

此外，随着创建的用户动态，你正在做的事情错

Answer 2

不要把周围的?，bind_param单引号（）将搞定此事。

但是，还有另一个问题是您不能在MySQL中使用CREATE USER语句的占位符。请参阅How to write "create user ?" with MySQL prepared statement。