Prepared statement select inside values() is this right way to do it?

Question

Is this right way to right prepared statement when you have to run select stement inside value which is usually values(?)

   function permission_table($conn, $username) {
    if($stmt = $conn->prepare("INSERT INTO perm (user_id) VALUES(SELECT id FROM users WHERE username = ?)")) {
            $stmt->bind_param("s", $username);
            $stmt->execute();
}
}

The question sounds like you are receiving an error. Could you please add that? Likely just `SELECT id FROM users WHERE username = ?` should suffice. — user3783243, Sep 13 '20 at 06:26

score 0 · Answer 1 · answered Sep 13 '20 at 06:27

I would just directly use an INSERT INTO ... SELECT here, without the VALUES clause:

INSERT INTO perm (user_id)
SELECT id FROM users WHERE username = ?;

Your updated PHP code:

$sql = "INSERT INTO perm (user_id) SELECT id FROM users WHERE username = ?";
if ($stmt = $conn->prepare(sql)) {
    $stmt->bind_param("s", $username);
    $stmt->execute();
}

Prepared statement select inside values() is this right way to do it?

1 Answers1