gtrufitt Posted March 15, 2008 Share Posted March 15, 2008 Hi, I am trying to build a friends list. I have the tables: user with the columns: userid, f_name. friends with the columns: id, friendid. So far I am using the query: $friendid = $_GET['friendid']; $getfriend = "SELECT id, friendid FROM friends WHERE friendid = '$friendid'"; $fr = mysql_query($getfriend) or die(mysql_error()."<Br /><br /.".$login); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $countfr = mysql_num_rows($fr); $row = mysql_fetch_array($fr); $id = $sesid; $friendid = $row['friendid']; Where $friendid is using GET to pass the variable from a previous page. and $sesid is saved as the logged in user's ID as a session variable. How do I check to see if the users are already friends, by checking to see if both $friendid and $id are in a row? Thanks Quote Link to comment Share on other sites More sharing options...
mainewoods Posted March 15, 2008 Share Posted March 15, 2008 use the sql logical 'AND' operator $getfriend = "SELECT id, friendid FROM friends WHERE id = '$sesid' AND friendid = '$friendid'"; --one note: if id and friendid are defined as numeric type fields in your db, like integers, leave off the single quotes around the use of them in your sql statement. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 15, 2008 Share Posted March 15, 2008 i suggest always quoting values so you don't have to worry about data types. MySQL doesn't care either way. Quote Link to comment Share on other sites More sharing options...
Barand Posted March 15, 2008 Share Posted March 15, 2008 i suggest always quoting values so you don't have to worry about data types. MySQL doesn't care either way. It does care if you don't quote string variables. Quote Link to comment Share on other sites More sharing options...
gtrufitt Posted March 15, 2008 Author Share Posted March 15, 2008 Thank you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.