0

I have a php code and I like to print those who are not user's friend in a list. But I just can print out all user except user himself..Any advice for this problem? Thanks for reply.

testList.php

 $name = $_POST['Username'];

 $data=mysql_query("SELECT * FROM User");       
 $dataA = mysql_query("SELECT * FROM Friends WHERE responseRequest='$name' AND  status='approved'");                                                                                                                      
 $dataB = mysql_query("SELECT * FROM Friends WHERE sentRequest='$name' AND status='approved'"); 

 while($info = mysql_fetch_array( $data )) 
 { 
     if($info['username']==$name){
       continue;
     }

     while($friend1 = mysql_fetch_array($dataA)){
           if($info['username']==$friend1['sentRequest']){
            continue;
     }
     }

     while($friend2 = mysql_fetch_array($dataB)){
           if($info['username']==$friend2['responseRequest']){
            continue;
     }
     }

 Print $info['username']."*"; 
 } 
    mysql_close();

here are the tables from mysql database:

User: User

Friends Friends

Mahmoud Gamal
  • 78,257
  • 17
  • 139
  • 164
Raphael Thomas Liewl
  • 49
  • 3
  • 9
  • Your script seems to be vulnerable to [SQL injections](https://www.owasp.org/index.php/SQL_Injection). You should have a look at [Best way to prevent SQL injection?](http://stackoverflow.com/q/60174/53114) – Gumbo Dec 02 '12 at 12:13

1 Answers1

2

You should really encrypt the passwords that are in the database, as now anyone whop sees those images has access to those accounts.

When inserting into the database, use something like:

INSERT INTO table_name (password) VALUES (SHA('$password_variable'));
Mahmoud Gamal
  • 78,257
  • 17
  • 139
  • 164
720pony
  • 36
  • 1
  • SHA is not an encryption/[cipher](http://en.wikipedia.org/wiki/Cipher), it’s a [cryptographic hash function](http://en.wikipedia.org/wiki/Cryptographic_hash_function). And plain SHA is not much better than plaintext. – Gumbo Dec 02 '12 at 12:15