should work

2019-12-04 17:44:55 -05:00
parent 65d723189c
commit e866ae84bf
1 changed files with 11 additions and 5 deletions
--- a/var/www/findFriend.php
+++ b/var/www/findFriend.php
@@ -19,7 +19,7 @@
                echo "Find Friends:\n\n";
                $sql_select = "SELECT count(username)";
                $sql_from = "FROM contacts";
-                $sql_where = "WHERE username = input";
+                $sql_where = "WHERE username = '".$_POST['friend']."'";
                $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                if(($db_connection->query($sql_statement)) == 0)
                   echo "username doesn't exist";
@@ -27,18 +27,18 @@
                {
                    $sql_select = "SELECT count(username)";
                    $sql_from = "FROM friendList";
-                    $sql_where = "WHERE username = input and friend = ".$_SESSION["loggedInUser"]."";
+                    $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                    $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                    if(($db_connection->query($sql_statement)) == 0)
                    {
-                        $sql_statement = "UPDATE friendList SET confirm = true WHERE username = input and friend = ".$_SESSION["loggedInUser"]."";
+                        $sql_statement = "UPDATE friendList SET confirm = true WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                        $db_connection->query($sql_statement);
-                        $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, true)";
+                        $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', true)";
                        $db_connection->query($sql_statement);
                    }
                    else
                    {
-                        $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, false)";
+                        $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', false)";
                        $db_connection->query($sql_statement);
                    }
                }
@@ -50,6 +50,12 @@
                echo "Exception: ".$e->getMessage().PHP_EOL;
            }
        ?>
        <form action="" method="post">
                Username&colon; <input type="text" name="friend" placeholder="Friend Username"><br />
                <br />
                <input type="submit" class="button">
        </form>
    </body>
 </html>
 <?php