C# - SQLite

using System;
using System.Collections.Generic;
using System.Text;
using System.Data.SQLite;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            SQLiteConnection.CreateFile("failure.db");
            SQLiteConnection.CompressFile("failure.db");
            SQLiteConnection DB = new SQLiteConnection("Data source=failure.db");
            DB.Open();

            using (SQLiteCommand DBc = DB.CreateCommand())
            {
                DBc.CommandText = "CREATE TABLE 'records' (" +
                    "'id' text, " +
                    "'name' text, " +
                    "'address' text, " +
                    "'phone' text)";
                DBc.ExecuteNonQuery();
            }
            using (SQLiteCommand DBc = DB.CreateCommand())
            {
                DBc.CommandText = "INSERT INTO 'records' " +
                    "(id, name, address, phone) VALUES " +
                    "('js', 'john', 'lolwut', '92837412')";
                DBc.ExecuteNonQuery();
            }
            using (SQLiteCommand DBc = DB.CreateCommand())
            {
                DBc.CommandText = "UPDATE 'records' SET ? = ? WHERE id = ?";
                SQLiteParameter prm1 = DBc.CreateParameter();
                SQLiteParameter prm2 = DBc.CreateParameter();
                SQLiteParameter prm3 = DBc.CreateParameter();
                DBc.Parameters.Add(prm1);
                DBc.Parameters.Add(prm2);
                DBc.Parameters.Add(prm3);
                prm1.Value = "address";
                prm2.Value = "dickbutt";
                prm3.Value = "js";
                DBc.ExecuteNonQuery();
            }
            using (SQLiteCommand DBc = DB.CreateCommand())
            {
                DBc.CommandText = "SELECT * FROM 'records'";
                using (SQLiteDataReader DBr = DBc.ExecuteReader())
                {
                    DBr.Read();
                    Console.WriteLine("  ID> " + DBr.GetString(0));
                    Console.WriteLine("NAME> " + DBr.GetString(1));
                    Console.WriteLine("ADDR> " + DBr.GetString(2));
                    Console.WriteLine(" TEL> " + DBr.GetString(3));
                }
            }
            Console.Read();
        }
    }
}

It crashes when it executes the update query. Error message reads "SQLite error near "?": syntax error".
It's worth to notice that it works perfectly if I comment out prm1 and enter the column name directly into the CommandText.

What am I doing wrong?

>>4
The thing that will stop you from using a tablename as an argument to a
parameterized query is that (the) front-ends (I am familiar with) don't
allow table names to be parameterized, as you've demonstrated.

The main points of parameterization are

1) To let the driver handle the creation of syntactically correct SQL
(thereby avoiding , e.g. SQL injection attacks) and

2) To allow the driver to get the back-end to optimize the query by
developing an execution plan into which the parameters can ve inserted
at run time, avoiding repeated recompilation of the same query. It's
this that stops most backends from allowing table names, since the
optimizations depend upon the table's characteristics and contents.

If you absolutely must dynamically insert a table or column
name, the only viable method is to insert them into the query string
yourself (using a sprintf-like function). Naturally this sacrifices
the securities of parameterization, so you won't be able to safely
pass user-generated data in there. Consider rethinking your design.