Is there any C SQLite API for quoting/escaping the name of a table?

SQLite will escape identifiers for you with the %w format in the https://www.sqlite.org/printf.html family of functions.

If a table name has invalid characters in it you can enclose the table name in double quotes, like this.

sqlite> create table "test table" (id);sqlite> insert into "test table" values (1);sqlite> select * from "test table";id----------1

Of course you should avoid using invalid characters whenever possible. It complicates development and is almost always unnecessary (IMO the only time it is necessary is when you inherit a project that is already done this way and it's too big to change).

When using SQLite prepared statements with parameters the parameter: "specifies a placeholder in the expression for a literal value that is filled in at runtime"

Before executing any SQL statement, SQLite "compiles" the SQL string into a series of opcodes that are executed by an internal Virtual Machine. The table names and column names upon which the SQL statement operates are a necessary part of the compilation process.

You can use parameters to bind "values" to prepared statements like this:

SELECT * FROM FOO WHERE name=?;

And then call sqlite3_bind_text() to bind the string gavinbeatty to the already compiled statement. However, this architecture means that you cannot use parameters like this:

SELECT * FROM ? WHERE name=?;    // Can't bind table name as a parameterSELECT * FROM FOO WHERE ?=10;    // Can't bind column name as a parameter