How do I print out friends names for each other

Question

1.00/5 (1 vote)

See more:

the problem is it print out the friends names as a numbers on this line of code
//

echo "<a href='profile?id=". $row['friend'] ."'>".$row['friend']."</a>";

What I have tried:

this is my full code which i have tried

$stmt = $conn->prepare("SELECT `friends`.*, users.username AS username FROM `friends` INNER JOIN `users` ON users.user_id = friends.user_id WHERE friends.friend = '".$_SESSION['user_id']."'
OR friends.user_id = '".$_SESSION['user_id']."'");

$stmt->execute();
$data = $stmt->fetchAll();

foreach ($data as $row) {

if ($row['friend'] == $_SESSION['user_id']) {

echo "<a href='profile?id=". $row['user_id'] ."'>".$row['username']."</a>";

}elseif ($row['user_id'] == $_SESSION['user_id']) {

echo "<a href='profile?id=". $row['friend'] ."'>".$row['friend']."</a>";
}
}

Posted 8-Oct-20 20:30pm

Elyas Omer

Add a Solution

Comments

Richard Deeming 9-Oct-20 3:24am

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

Elyas Omer 9-Oct-20 4:51am

did you mean i have to do like this WHERE friends.friend = ?
and i use varibles instead of ? in execute function

Richard Deeming 9-Oct-20 4:52am

You need to use parameters. If you concatenate data values into the query, then your database can be hacked.

Richard Deeming 9-Oct-20 3:25am

Your code is also almost certainly vulnerable to cross-site scripting (XSS):
Cross Site Scripting (XSS) | OWASP[^]

You need to ensure that any user-controlled data is properly encoded when you display it.

Richard Deeming 9-Oct-20 3:26am

As to the name being shown as a number, that's down to your data. We can't help you with that, since we don't have access to your database.

Elyas Omer 9-Oct-20 4:39am

here is my sql basic code
i have linked friends table with users table on two keys to get the username and the friend name

CREATE TABLE `friends` (
`friend_id` int(11) NOT NULL,
`user_id` int(11) NOT NULL,
`friend` int(11) NOT NULL,
`friend_status` int(11) NOT NULL DEFAULT '1'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

ALTER TABLE `friends`
ADD PRIMARY KEY (`friend_id`),
ADD KEY `user_id` (`user_id`),
ADD KEY `friend` (`friend`);

ALTER TABLE `friends`
ADD CONSTRAINT `friends_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `friends_ibfk_2` FOREIGN KEY (`friend`) REFERENCES `users` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE;

Richard Deeming 9-Oct-20 4:48am

`friend` int(11) NOT NULL

You've declared the friend column to be an integer. Why would you be surprised that the values in that column are integers?

Elyas Omer 9-Oct-20 4:59am

because i linked it user_id as a foreign key in users table .
so how do i suppose to do that

Richard Deeming 9-Oct-20 5:10am

echo "<a href='profile?id=". $row['friend'] ."'>".$row['friend']."</a>";

You're displaying the friend column. That column contains a number.

If you want to display a different column, then specify the correct column name in your echo statement.

Elyas Omer 9-Oct-20 5:41am

ok in other way i tried this

$stmt = $conn->prepare("SELECT `friends`.*, users.username AS username, users.username AS friend_name FROM `friends` INNER JOIN `users` ON users.user_id = friends.user_id OR users.user_id = friends.friend WHERE friends.friend = '".$_SESSION['user_id']."'
OR friends.user_id = '".$_SESSION['user_id']."'");

echo "".$row['friend_name']."";

i get result as i want but the problem is it print out the username with the friends names and friends id's like this
friend1 id 3
username id 3
username id 6
friend2 id 6

Sandeep Mewara 9-Oct-20 3:26am

It would help if you share the expected output you see and the intended one.

Elyas Omer 9-Oct-20 4:46am

My Friends
3
5

they are printed out as a link and id if i click it take me to the friend profile
i just need to print them out as friends names instead of friends id's

ZurdoDev 9-Oct-20 16:02pm

Sounds like you need to join to another table to get the friends name.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)