You can use the SQL Syntax for Prepared Statements:
SET @sql := CONCAT('
CREATE TABLE `',REPLACE(@schema,'`','``'),'`.`',REPLACE(@new,'`','``'),'`
LIKE `',REPLACE(@schema,'`','``'),'`.`',REPLACE(@old,'`','``'),'`
');
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
I have taken the liberty of quoting the identifiers and calling REPLACE()
to escape any quotes contained therein, in order to protect against SQL injection.