I am working on an application that needs an ability to create MySQL users and schemas.
But I am having issues with running the CREATE USER statement
I would expect this statement to work but it does not:
DB::statement('CREATE USER :user@`%` IDENTIFIED WITH mysql_native_password BY :password', [
'user' => $this->username,
'password' => $this->password,
]);
Under the hood Laravel sends the entire statement to PDO without doing any processing,
so this is pretty much the same as if I would call:
$statement = $pdo->prepare('CREATE USER :user@`%` IDENTIFIED WITH mysql_native_password BY :password');
$statement->bindValue('user', $this->username, PDO::PARAM_STR);
$statement->bindValue('password', $this->password, PDO::PARAM_STR);
$statement->execute();
I did a bunch of googling and all solutions I found used string concatenation, but I would prefer to use parameter binding.
I also tried many different ways of running this statement but none worked:
CREATE USER :user@% IDENTIFIED WITH mysql_native_password BY :password
CREATE USER :user@'%' IDENTIFIED WITH mysql_native_password BY :password
CREATE USER ':user'@'%' IDENTIFIED WITH mysql_native_password BY ':password'
CREATE USER `:user`@`%` IDENTIFIED WITH mysql_native_password BY `:password`
CREATE USER :user@'%'
CREATE USER ':user'@'%'
CREATE USER `:user`@'%'
CREATE USER :user
CREATE USER ':user'
CREATE USER `:user`
CREATE USER :user -- with ['user' => $this->username . '@`%`'
What am I missing? Is it not possible to run CREATE USER with bindValues?
edit:
To add context they are all failing at prepare() except for the ones where the parameter is in a comment, since those dont consider it a parameter, just a literal.
