The main thing that will need to be done is to limit the results that are returned by MySql. This will be done by determining who your friends are by using the
WHERE
clause. The question mark that is in there is a
Parameter which we will be filling in later to identify who you are.
SELECT FriendReference
FROM Connections
WHERE Friend = ?
AND Status = 1
This will then become a
subquery attached onto the queries you want via the
IN
statement
SELECT *
FROM Multiple_Image
WHERE Author = ?
OR Author IN (
SELECT FriendReference
FROM Connections
WHERE Friend = ?
AND Status = 1
)
SELECT *
FROM Posts
WHERE Author = ?
OR Author IN (
SELECT FriendReference
FROM Connections
WHERE Friend = ?
AND Status = 1
)
In your PHP code, your calls to MySql will need to be changed to use prepared statements. This will allow us to
safely add a variable into a statement.
$YourName = "devon"
$sql = $mysqli->prepare("SELECT * FROM posts WHERE Author = ? OR Author IN (SELECT FriendReferee FROM Connections WHERE Friend = ? AND Status = 1)");
$sql->bind_param("n", $YourName);
$sql->execute();
$sql->bind_result($result);
DISCLAIMER: I am not a PHP programmer, so there may be some syntax errors. You should refer to the PHP manual on Prepared Statements
PHP: mysqli::prepare - Manual[
^]