就像无法编写SELECT ? FROM ?一样，也不能将GRANT划分为准备好的查询.

Just as you cannot write SELECT ? FROM ?, neither can you divide GRANT into a prepared query.

准备的查询值只能是值.出于安全考虑，您不能传递关键字.在您的情况下，可能起作用的唯一参数是用户名，因为它是字符串.

Prepared query values can only be values. For safety reasons among many others, you cannot pass in keywords. The only parameter that might work in your case is the username, as that is a string.

PDO尝试运行:

GRANT 'select' ON 'testjoke.authors' TO 'cory':'localhost';

我希望您能明白为什么这行不通.

You can see why this won't work, I hope.