';
echo "Find Friends:\n\n";
$sql_select = "SELECT count(username)";
$sql_from = "FROM contacts";
$sql_where = "WHERE username = '".$_POST['friend']."'";
$sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
if(($db_connection->query($sql_statement)) == 0)
echo "username doesn't exist";
else
{
$sql_select = "SELECT count(username)";
$sql_from = "FROM friendList";
$sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
$sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
if(($db_connection->query($sql_statement)) == 0)
{
$sql_statement = "UPDATE friendList SET confirm = true WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
$db_connection->query($sql_statement);
$sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', true)";
$db_connection->query($sql_statement);
}
else
{
$sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', false)";
$db_connection->query($sql_statement);
}
}
echo '';
}catch(PDOException $e){
echo "PDOException: ".$e->getMessage().PHP_EOL;
}catch(Exception $e){
echo "Exception: ".$e->getMessage().PHP_EOL;
}
?>