您的字符串连接混乱了，它应该是:(进一步简化)

You string concatenation is messed up, it should be: (further simplified)

$selDoc="SELECT * FROM documents WHERE 'U".$_SESSION['userId']."' IN (senderID,receiver_id) ORDER BY id DESC";

当上面的语句被解析后，它将看起来像这样:

when the statement above is parsed, it will then look like this:

SELECT * 
FROM   documents 
WHERE  'UXX' IN (senderID,receiver_id)  // where XX is the userID
ORDER  BY id DESC

作为附带说明，如果值( s)是 SQL Injection ，则该查询容易受到攻击)的变量来自外部.请查看下面的文章，以了解如何防止它.通过使用PreparedStatements，您可以避免在值周围使用单引号.

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• 如何在PHP中防止SQL注入?