diff --git a/var/www/findFriend.php b/var/www/findFriend.php index dba6aae..0957dc3 100644 --- a/var/www/findFriend.php +++ b/var/www/findFriend.php @@ -17,40 +17,43 @@ try{ echo '
';
                 echo "Find Friends:\n\n";
-                $sql_select = "SELECT username";
-                $sql_from = "FROM contacts";
-                $sql_where = "WHERE username = '".$_POST['friend']."'";
-                $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
-                $result = $db_connection->query($sql_statement);
-                if(mysqli_num_rows($result) == 0)
-                   echo "username doesn't exist";
-                else
+                if($_POST['friend'] != '')
                 {
-                    $sql_select = "SELECT friend";
-                    $sql_from = "FROM friendList";
-                    $sql_where = "WHERE username = '".$_SESSION["loggedInUser"]."' and friend = '".$_POST['friend']."'";
+                    $sql_select = "SELECT username";
+                    $sql_from = "FROM contacts";
+                    $sql_where = "WHERE username = '".$_POST['friend']."'";
                     $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                     $result = $db_connection->query($sql_statement);
-                    if(mysqli_num_rows($result) == 1)
-                        echo "you already sent a request";
+                    if(mysqli_num_rows($result) == 0)
+                       echo "username doesn't exist";
                     else
                     {
-                        $sql_select = "SELECT username";
+                        $sql_select = "SELECT friend";
                         $sql_from = "FROM friendList";
-                        $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
+                        $sql_where = "WHERE username = '".$_SESSION["loggedInUser"]."' and friend = '".$_POST['friend']."'";
                         $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                         $result = $db_connection->query($sql_statement);
                         if(mysqli_num_rows($result) == 1)
-                        {
-                            $sql_statement = "UPDATE friendList SET confirm = 'true' WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
-                            $db_connection->query($sql_statement);
-                            $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'true')";
-                            $db_connection->query($sql_statement);
-                        }
+                            echo "you already sent a request";
                         else
                         {
-                            $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'false')";
-                            $db_connection->query($sql_statement);
+                            $sql_select = "SELECT username";
+                            $sql_from = "FROM friendList";
+                            $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
+                            $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
+                            $result = $db_connection->query($sql_statement);
+                            if(mysqli_num_rows($result) == 1)
+                            {
+                                $sql_statement = "UPDATE friendList SET confirm = 'true' WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
+                                $db_connection->query($sql_statement);
+                                $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'true')";
+                                $db_connection->query($sql_statement);
+                            }
+                            else
+                            {
+                                $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', 'false')";
+                                $db_connection->query($sql_statement);
+                            }
                         }
                     }
                 }