diff --git a/var/www/findFriend.php b/var/www/findFriend.php index bc4ddd0..be98b3b 100644 --- a/var/www/findFriend.php +++ b/var/www/findFriend.php @@ -19,7 +19,7 @@ echo "Find Friends:\n\n"; $sql_select = "SELECT count(username)"; $sql_from = "FROM contacts"; - $sql_where = "WHERE username = input"; + $sql_where = "WHERE username = '".$_POST['friend']."'"; $sql_statement = $sql_select." ".$sql_from." ".$sql_where.""; if(($db_connection->query($sql_statement)) == 0) echo "username doesn't exist"; @@ -27,18 +27,18 @@ { $sql_select = "SELECT count(username)"; $sql_from = "FROM friendList"; - $sql_where = "WHERE username = input and friend = ".$_SESSION["loggedInUser"].""; + $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'"; $sql_statement = $sql_select." ".$sql_from." ".$sql_where.""; if(($db_connection->query($sql_statement)) == 0) { - $sql_statement = "UPDATE friendList SET confirm = true WHERE username = input and friend = ".$_SESSION["loggedInUser"].""; + $sql_statement = "UPDATE friendList SET confirm = true WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'"; $db_connection->query($sql_statement); - $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, true)"; + $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', true)"; $db_connection->query($sql_statement); } else { - $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, false)"; + $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', false)"; $db_connection->query($sql_statement); } } @@ -50,6 +50,12 @@ echo "Exception: ".$e->getMessage().PHP_EOL; } ?> + +
+ Username:
+
+ +