Remove friend script

Question

I have implemented a friend system on the project I am working on, but now I am trying to add a "remove friend" function and not having the same luck.

If friends are accepted the value is 1, if pending it's 0.

I am getting no error messages, but when I check in my database it's removing the record of the friend relationship.

The function

function unfriend(str)
    {
        $("#Hint").html('Cancelling friendship..');
        $.ajax({
            type: "POST",
            url: "parsers/friend_remove.php",
            data: "type=uf&the_id=" +str,
            success: function(msg){
                $("#Hint").html(msg); 
            }
        });

<div onclick="unfriend('<?php echo $fetch_invites->id; ?>');" style="cursor:pointer"> 
        <input type="button" value="Remove as Friend">
      </div>

The "friend_remove" php file.

    <?php
include '../core/init.php';

$logged_id = $_POST['uid'];
$friend_id = $_POST['fid'];

$exist = mysql_query("SELECT 1 FROM friends WHERE `user_id`='{$logged_id}' AND `friend_id`='{$friend_id}'");
$exist = mysql_num_rows($exist);

if($exist > 0)
{
    echo 'Friend request already sent!';
}else{  
    $remove = "DELETE FROM `friends` WHERE user_id='$logged_id' AND friend_id='$friend_id' OR user_id='$logged_id' AND friend_id='$logged_id'";
    mysql_query($remove) or die(mysql_error());

    echo "<input type='button' value='Friend removed'>";
}
?>

possible duplicate of [required WHERE AND clause in addition to multiple OR's](http://stackoverflow.com/questions/11673038/required-where-and-clause-in-addition-to-multiple-ors) — JJJ, Aug 18 '13 at 13:16
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 18 '13 at 13:16
As the first post says.. I am getting no error messages, but when I check in my database it's removing the record of the friend relationship. — user2571547, Aug 18 '13 at 13:17

score 1 · Answer 1 · answered Aug 18 '13 at 13:26

1

First your $_POST index of friend id is not same to the ajax parameter you post. so it should be $_POST['the_id'] not $_POST['fid'] . And you should wrap your sql as mentioned on by Patric Collins

answered Aug 18 '13 at 13:26

Raphael Kingazi

32
2

score 0 · Answer 2 · answered Aug 18 '13 at 13:15

0

It looks like

$remove = "DELETE FROM `friends` WHERE user_id='$logged_id' AND friend_id='$friend_id' OR user_id='$logged_id' AND friend_id='$logged_id'"

will never match anything in your table (unless I misunderstand how operator precedence in SQL works). Try this:

$remove = "DELETE FROM `friends` WHERE (user_id='$logged_id' AND friend_id='$friend_id') OR (user_id='$logged_id' AND friend_id='$logged_id')"

EDIT: Assuming that you meant "not removing the record from the database" in your question.

answered Aug 18 '13 at 13:15

Patrick Collins

10,306
5
30
69

Thanks for your answer, but it still didn't work :( friend relationship is intact in database. – user2571547 Aug 18 '13 at 13:19
`$remove = "DELETE FROM 'friends' WHERE (user_id='$logged_id' AND friend_id='$friend_id') OR (user_id='$friend_id' AND friend_id='$logged_id')";`? the second part of where not clear for me what would you check? – Aug 18 '13 at 13:22
there are 2 wheres as the request could be sent by user or friend, so the users info could be both in user and friend rows. – user2571547 Aug 18 '13 at 13:42

score 0 · Answer 3 · answered Aug 18 '13 at 13:27

$remove = "DELETE FROM 'friends' WHERE (user_id='$logged_id' AND friend_id='$friend_id') OR (user_id='$friend_id' AND friend_id='$logged_id')";

If you just want to remove both relation (user->friend, friend->user)

Remove friend script

3 Answers3