should work

var/www/findFriend.php

@@ -19,7 +19,7 @@
                 echo "Find Friends:\n\n";
                 $sql_select = "SELECT count(username)";
                 $sql_from = "FROM contacts";
-                $sql_where = "WHERE username = input";
+                $sql_where = "WHERE username = '".$_POST['friend']."'";
                 $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                 if(($db_connection->query($sql_statement)) == 0)
                    echo "username doesn't exist";
@@ -27,18 +27,18 @@
                 {
                     $sql_select = "SELECT count(username)";
                     $sql_from = "FROM friendList";
-                    $sql_where = "WHERE username = input and friend = ".$_SESSION["loggedInUser"]."";
+                    $sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                     $sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
                     if(($db_connection->query($sql_statement)) == 0)
                     {
-                        $sql_statement = "UPDATE friendList SET confirm = true WHERE username = input and friend = ".$_SESSION["loggedInUser"]."";
+                        $sql_statement = "UPDATE friendList SET confirm = true WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
                         $db_connection->query($sql_statement);
-                        $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, true)";
+                        $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', true)";
                         $db_connection->query($sql_statement);
                     }
                     else
                     {
-                        $sql_statement = "INSERT INTO friendList VALUES (".$_SESSION["loggedInUser"].", input, false)";
+                        $sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', false)";
                         $db_connection->query($sql_statement);
                     }
                 }
@@ -50,6 +50,12 @@
                 echo "Exception: ".$e->getMessage().PHP_EOL;
             }
         ?>
+        
+        <form action="" method="post">
+                Username&colon; <input type="text" name="friend" placeholder="Friend Username"><br />
+                <br />
+                <input type="submit" class="button">
+        </form>
     </body>
 </html>
 <?php