Yes. Also, change the INSERT to use parameters. It is insecure using variables to create a dynamic SQL statement. Using a variable for the table name is particularly bad, and cannot be rewritten via a prepare. For separate table, use separate queries. (Well, except when an INSERT ALL can be used.)
If possible, the INSERT and SELECT can be made into one statement: INSERT INTO ... SELECT ... WHERE This setup works excellently for multiple parameters, allowing a complex action to be executed as one. SQL works with sets of data, and that is best, where possible.