0

I need to retrieve all possible combinations from two columns of a database. I need to find all the rows that contain two UserID in the first or second column and reverse.

I have tried several times to create this request, even with more sql, but it doesn't work for me.

$sql = "SELECT * FROM chat WHERE UserID1='$userchatid' AND UserID2='$userid' OR UserID1='$userid' AND UserID2='$userchatid' ORDER BY id DESC";

I need the script to retrieve the people who write to you in a chat and make them stand out at the top

lucax979
  • 3
  • 4
  • You need to include `()` round the `AND` parts of the where to make the logic work. – Nigel Ren May 26 '22 at 20:45
  • 2
    Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar May 26 '22 at 20:45

0 Answers0