prepare statement-What is the problem here

DELIMITER $$

CREATE  PROCEDURE `Insert1`(IN NAME VARCHAR(100),IN valuees VARCHAR(100))   
BEGIN   
  SET @r = CONCAT('Insert into', NAME,'(name)','VALUES',valuees);   
  PREPARE smpt FROM @r;   
  EXECUTE smpt;   
  DEALLOCATE PREPARE smpt;   
END$$

DELIMITER ;

it is successfully compiling... but when i execute gives me problem...

**CALL I开发者_StackOverflow中文版nsert1('rishi','duyuu')**

Error Code : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUESduyuu' at line 1

There are multiple problems, first see what query has the CONCAT function produced. You will notice that it's not a valid query - 'Insert intorishi(name)VALUESduyuu'. Next, see the documentation on PREPARE/EXECUTE and use a placeholder for the value. The string would need to be put into quotes and escaped if you want to produce a raw query string. So try something like this:

 SET @r = CONCAT('INSERT INTO ', NAME, ' (name) VALUES (?)');
 SET @v = valuees;
 PREPARE smpt FROM @r;
 EXECUTE smpt USING @v;

Btw, instead of asking a number of small questions here, maybe you should ask a more high level question, explain what you have tried, what failed, etc. It's easier to help you with high level issues, but if you are doing something the wrong way and ask small technical questions how to fix it so that it works the wrong way, it won't help you much.

Add spaces to the concatenation:

CONCAT('Insert into ', NAME,'(name)',' VALUES ',valuees);