Create database with PDO bindParam

Question

<?php
    $login = 'root'; 
    $password = 'root'; 
    $dsn = "mysql:host=localhost";
    $dbb = 'account';
    $opt = array(
    // any occurring errors wil be thrown as PDOException
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    // an SQL command to execute when connecting
    PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
    );

    // Making a new PDO conenction.
    $conn = new PDO($dsn, $login, $password,$opt);

    $db = $conn->prepare( "CREATE SCHEMA IF NOT EXISTS `?` "); 
    $db->bindParam(1, $dbb);
    $db->execute();          

    ?> 

it's working properly but it making a database with name 'account' with single quotes does anyone know how to removie the single quotes. I try many things but it doesn't remove.

Answer 1

This is working:

<?php
$login = 'root';
$password = 'root';
$dsn = "mysql:host=localhost"; 
$dbb = 'account';
$opt = array(
// any occurring errors wil be thrown as PDOException
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// an SQL command to execute when connecting
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
);

// Making a new PDO conenction.
$conn = new PDO($dsn, $login, $password,$opt);

$db = $conn->prepare( "CREATE SCHEMA IF NOT EXISTS $dbb "); 
$db->execute();          

?> 

i guess you can't prepare the database using bindParam

Answer 2

According to http://www.php.net/manual/en/book.pdo.php you are supposed to whitelist things like table, column and database names.

Try;

$db = $conn->prepare( "CREATE SCHEMA IF NOT EXISTS " . $dbb); 
$db->execute();