Insert select MySQL with prepared statements

Question

I am wondering if I need to do this.

To make it more secure, all the things inserted into database is selected from another table with specific clause that is posted

Answer 1

You dont need to bind the values from your other table. You just need to prepare those for the values that the user provides. You can safely use the existing values.

$stmt = $mysqli->prepare ("INSERT into table_one (col_1, col_2, col_3)
        SELECT valuea, valueb, valuec FROM ANOTHERtable WHERE id = ?");
$stmt >bind_param ("i", $identity);
$stmt->execute();