I have this code for a news feed and it’s combined with a code for a “load more” function. The updates table is where the updates in the newsfeed exist. The username_poster is the username of the person posting an update into which displays in the newsfeed. $last_msg_id represents the id of the last post in the newsfeed to represent what to load next.
The problem I’m having is whenever my code calls to this script, it never loads it. The script works fine when I have the
username_poster IN
(SELECT user_id FROM scuela_following WHERE follower_id = '".$_SESSION['username']."')`
out of the code, but as soon as I add it in, it stops working. Any help would be greatly appreciated.
<?php
$last_msg_id=$_GET['last_msg_id'];
$sql=mysql_query("SELECT * FROM updates_table WHERE id < '$last_msg_id' AND username_poster IN
(SELECT user_id FROM scuela_following WHERE follower_id = '".$_SESSION['username']."')
ORDER BY id DESC LIMIT 5");
$last_msg_id="";
while($row=mysql_fetch_array($sql))
{
}
?>
In this SQL it looks like you’re looking for a “username_poster” in your subquery, when you’re only selecting “user_id.”
Alter the SQL to look for “user_id” instead of “username_poster”, or return “username_poster” instead of “user_id” in the subquery.
And as mentioned above, you should really use queries with parameters to prevent SQL injection.