pg_prepare question

Hi,
   I know I should be using pg_prepare/pg_execute to make my PHP -
postgres code more secure.  But I am wondering just what I can put in
for parameters:  Here is a brief checklist:

     1.  values for inserted columns            OK
     2.  names of inserted columns              ????
     3.  names of tables                        ????
     4.  A whole select list e.g. "fu, bar"     NOT OK

My application is a bit more complex than the ones shown in the books
and manuals.  My data comes in as a large number of individual tables
which are sort of related (worldwide mortality statistics) but which
have widely differing table structures.  So I am always creating
temporary tables to handle data input and output, and these tables have
variable column structure.

Thanks in advance
Mary