skip to Main Content
$sql = "INSERT into x (y,z,t) 
VALUES ((SELECT userID FROM users WHERE username ='".$usersql."'),"
."'"."(SELECT itemID from items WHERE category ='".$category."'),"
."'".$amountdays."')";

Thank you for your time.

2

Answers


  1. A little bit of formatting will go a long way:

    $sql = "INSERT into x 
      (
        y,
        z,
        t
      ) VALUES (
        (SELECT userID FROM users WHERE username = ?),
        (SELECT itemID from items WHERE category = ?),
        ?
      );
    ";
    
    Login or Signup to reply.
  2. You should use PDO or mysqli with prepared statements. Then you can define variables for your values and set them after the query. That makes it more readable and you prevent sql injections in your code.

    https://www.php.net/manual/de/pdo.prepared-statements.php

    $stmt = $dbh->prepare("INSERT into x (y,z,t) 
    VALUES (
        SELECT userID FROM users WHERE username = :username, 
        SELECT itemID FROM items WHERE category = :category, 
        :amountdays
    )";
    
    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':category', $category);
    $stmt->bindParam(':amountdays', $amountdays);
    

    Something like that.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search