显示好友请求

I have been working on making a social-network similar to facebook to use on my home server. However, i have come across a problem with displaying friend requests in the notifications tab of the user profile.

<?php
    //Check for notifications script
    $Request = "Requests";
    $Pending = "Pending";
    $nCheck = mysqli_query($Connect,"SELECT * FROM friends WHERE rTo = '$Uname' AND Status = '$Pending'");
    $nNum = mysqli_num_rows($nCheck);
    if($nNum != 0){
        if($nNum === 1){
            $Request = "Request";
        }
        else
        {
            $Request = "Requests";
        }
        echo"<p style=\"font-family: Tahoma; margin-left: 20px;\">You Have <b>$nNum</b> Friend $Request</p><hr />";
        while($row = mysqli_fetch_assoc($nCheck)){
            $dbFrom = $row['rFrom'];
            $dbId = $row['id'];
            $dbStatus = $row['Status'];
            for($i = 0; $i < 1; $i++){
                echo"<p style=\"font-family: Tahoma; margin-left: 20px;\">$dbFrom wants to be your friend <form action=\"\" method=\"POST\"><input type=\"submit\" name=\"A\" value=\"Accept\"></form> <form action=\"\" method=\"POST\"><input type=\"submit\" name=\"D\" value=\"Decline\"></form></p>";
            }
        }
    }
    else
    {
        echo "<p style=\"font-family: Tahoma; margin-left: 20px;\">You Have <b>0</b> Friend $Request</p>";
    }
    ?>

And then this is the form for the Accept / Decline:

<?php
    //Accept/Decline Friend Request Script
    $Accepted = @$_POST['A'];
    $Declined = @$_POST['D'];
    $A = "Accepted";
    $D = "Declined";
    if($Accepted){
        $addFriend = mysqli_query($Connect,"UPDATE friends SET Status = '$A' WHERE rTo = '$Uname' AND rFrom = '$dbFrom'");
        header("Location: Notification.php");
    }
    else if($Declined){
        $addFriend = mysqli_query($Connect,"UPDATE friends SET Status = '$D' WHERE rTo = '$Uname' AND rFrom = '$dbFrom'");
        header("Location: Notification.php");
    }
    ?>

The problem is that if more than one notification is present, the last notification will be the one that is accepted or declined. Please help, much appreciated.

also try using this

$A = "Accepted";
$D = "Declined";
if($Accepted){
    $addFriend = mysqli_query($Connect,"UPDATE friends SET Status = '$A' WHERE  id='$dbId' AND rFrom = '$dbFrom'");
    header("Location: Notification.php");
}
else if($Declined){
    $addFriend = mysqli_query($Connect,"UPDATE friends SET Status = '$D' WHERE  id='$dbId' AND rFrom = '$dbFrom'");
    header("Location: Notification.php");
}

If both code sample exists in one file, that would explain your problem. You update your friends table:

$addFriend = mysqli_query($Connect,"UPDATE friends SET Status = '$A' WHERE rTo = '$Uname' AND rFrom = '$dbFrom'");

if the $dbFrom value comes from:

while($row = mysqli_fetch_assoc($nCheck)){
 $dbFrom = $row['rFrom'];

that means you just update the last row. I would suggest you to post your $dbForm too with those 2 forms.

PS: and start using PDO.

  • Make use of Prepared Statements. You are not secured against SQL Injections (More information: How can I prevent SQL injection in PHP?).
  • Don't use strings to set a status. Use a numeric value to define a status. That makes it a lot easier to handle.
  • Make use of single quotes ' to avoid having to escape all the double quotes " for HTML in your source code. There are alternative ways for string concatenation which are often recommended in coding guidelines.
  • Inline CSS formating is deprecated. Use an external CSS stylesheet instead.
  • Don't get the entire dataset from your database when you're not in need of the complete dataset. Always only fetch the data you require. Using * is not recommended. E.g. you are not in need of $row['Status'] and $row['id'] but still save it in a variable for no reason.
  • Don't use the @ operator. Validate your POST-data instead.
  • Your for-loop doesn't make any sense. It won't ever have more than one run-through.
  • To solve your current major problem, I would assign IDs to friend-requests in order to uniquely identify what friend-request the system is currently dealing with.
  • Also, don't use the usernames in queries but the userID. Otherwise, you will face issues in terms of the topic database normalization.
  • There is no need to use header() to return to your notifications.php. You can easily proceed with building the notifications.php-view after validating the POST-data and updating your friend-requests accordingly.