Я бы предложил вам написать хранимую процедуру:
DELIMITER $$
CREATE PROCEDURE (IN DBname varchar(255)
, IN AKey varchar(255)
, IN AValue varchar(255))
BEGIN
DECLARE query VARCHAR(1000);
-- First check the DBName against a list of allowed DBnames,
-- to prevent SQL-injection with dynamic tablenames.
DECLARE NameAllowed BOOLEAN;
SELECT 1 INTO NameAllowed WHERE DBName IN ('validDB1','validDB2');
IF (NameAllowed = 1) THEN BEGIN
-- DBName is in the whitelist, it's safe to continue.
SET query = CONCAT('INSERT INTO '
,DBName
,'.MetaData (`key`,`value`) values (?,?));
-- note the use of parameter placeholders, to prevent SQL-injection.
PREPARE stmt FROM query;
EXECUTE stmt USING Akey, AValue;
DEALLOCATE PREPARE stmt; -- clears the query and its result from the cache.
END; END IF;
END $$
DELIMITER ;