[SOLVED] simple mysql check help

[quickstopman]

hey guys

im working on a friend system for my site

im trying to make it so if the user has already added the friend

he/she can't add him/her again.

but the problem is the code i made checks the friendID against the the same user id

which makes it always come up as

"You have already added Username!"

even if you haven't added them

here is the code

<?
ob_start();
session_start();
include("config.php");

if (isset($_SESSION['userid'])) {
$userid = $_GET['id'];
$sql = mysql_query("SELECT * FROM users WHERE userid = '{$userid}'") or die(mysql_error());
$r=mysql_fetch_array($sql);
$friendID = $r['userid'];
$name = $r['knickname'];
$id = $_SESSION['userid'];
$submit = $_POST['submit'];

if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$errors = array();
if ($submit) {
        $user = $name;
        $query = "SELECT friendID FROM friends WHERE friendID = '{$r['userid']}'";
        $result = @mysql_query($query);
        $num = @mysql_num_rows($result);
       
        if ($num> 0) {
            echo '<font color="red">You have already added '. $r['knickname'] .' as your friend.</font>';
           $errors[] = "1";
        } else {
$addfriend = mysql_query("INSERT INTO friends (friendID, name, userid) VALUES ('$friendID', '$name', '$id')") or die(mysql_error());
echo "You have added ". $name ." as your friend!";
}
} else {
echo "Are you sure you want to add ". $name ." as your friend";
?>
<form method="post">
<input type="submit" name="submit" value="Add Friend">
<input type="submit" name="cancle" value="Cancel">
</form>
<?
}
} else {
header ("Location:index.php");
}
} else {
header ("index.php?action=login&message=login");
}
?>

can anyone help me

thanks

[per1os]

You are going about it all wrong.

 

You need to check a combination of the friendid vs the userid.  So basically you need the input of friend to add, and the user who wants to add. Pull all records from the friend database where the friendid = new friendid and userid = to the current userid. If that record exists than the friend exists. But you have to check a combination of the 2 rows not one or the other. That is where the flaw is in your code.

[Psycho]

That's because your query is only looking to see if ANY record has the userID (using GET) listed as the friendID. So, if I have that person added a friend, you will get that message when you try to add them as your friend. Instead you need to look for records with the userID as the friendID AND the userID is the user's ID (using SESSION).

 

Something like:

 

SELECT friendID
FROM friends
WHERE friendID = '{$r['userid']}'
   AND userid = '$id'

[quickstopman]

thanks guys

it worked

[chillininvt]

I am looking at this section of the code.

if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$errors = array();
if ($submit) {
        $user = $name;
        $query = "SELECT friendID FROM friends WHERE friendID = '{$r['userid']}'";
        $result = @mysql_query($query);
        $num = @mysql_num_rows($result);
       
        if ($num> 0) {
            echo '<font color="red">You have already added '. $r['knickname'] .' as your friend.</font>';
           $errors[] = "1";
        } else {

 

My question is when you select $query = "SELECT friendID FROM friends WHERE friendID = '{$r['userid']}'"; It doesnt seem logical to look in a table called friedID to check if this user has been added to there profile. The users table prolly has a column called on the users table that links to the friends table. Let me see the structure of the tables.  And I will let you know its prolly really simple.