';
echo "Find Friends:\n\n";
if($_POST['friend'] != '')
{
$sql_select = "SELECT username";
$sql_from = "FROM contacts";
$sql_where = "WHERE username = '".$_POST['friend']."'";
$sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
$num = 0;
foreach($db_connection->query($sql_statement) as $row)
$num = 1;
if($num == 0)
echo "username doesn't exist";
else
{
$sql_select = "SELECT friend";
$sql_from = "FROM friendList";
$sql_where = "WHERE username = '".$_SESSION["loggedInUser"]."' and friend = '".$_POST['friend']."'";
$sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
$num = 0;
foreach($db_connection->query($sql_statement) as $row)
$num = 1;
if($num == 1)
echo "you already sent a request";
else
{
$sql_select = "SELECT username";
$sql_from = "FROM friendList";
$sql_where = "WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
$sql_statement = $sql_select." ".$sql_from." ".$sql_where."";
$num = 0;
foreach($db_connection->query($sql_statement) as $row)
$num = 1;
if($num == 1)
{
$sql_statement = "UPDATE friendList SET confirm = true WHERE username = '".$_POST['friend']."' and friend = '".$_SESSION["loggedInUser"]."'";
$db_connection->query($sql_statement);
$sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', true)";
$db_connection->query($sql_statement);
echo "Friend request confirmed! You are both friends with each other now.";
}
else
{
$sql_statement = "INSERT INTO friendList VALUES ('".$_SESSION["loggedInUser"]."', '".$_POST['friend']."', false)";
$db_connection->query($sql_statement);
echo "Friend request sent to $_POST[\'friend\']";
}
}
}
}
echo '';
}catch(PDOException $e){
echo "PDOException: ".$e->getMessage().PHP_EOL;
}catch(Exception $e){
echo "Exception: ".$e->getMessage().PHP_EOL;
}
?>