[ad_1]
<?php
session_start();
include "connect.php";
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$output = '';
$output2 = '';
$output3 = '';
if(isset($_POST['search']))
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search);
$query = mysqli_query($db, "SELECT * FROM Users WHERE name LIKE '%$search%'") or die ("Could not search");
$count = mysqli_num_rows($query);
if($count == 0)
$output = "There was no search results!";
else
while ($row = mysqli_fetch_array($query))
$name = $row ['name'];
$location = $row ['location'];
$gender = $row ['gender'];
$date_of_birth = $row ['date_of_birth'];
$picture = $row['url'];
$output .='<form action="header.php" method="post"><div class="row"><div class="col-sm-3">'.$name.'<br>'.$location.'<br>'.$gender.'<br>'.$date_of_birth.'</div>';
$output2 = '<div class="col-sm-3"><img src="http://stackoverflow.com/upload/".$picture.'"width="180" height="144" /></div></div>';
$output3 = '<input id="add_friend" name= "addfriend" type="submit" value="Add As Friend" /></form>';
if(isset($_POST['addfriend']))
$user_from = $_SESSION['username'];
$user_to = $_POST['search'];
if (!($stmt = $db->prepare("INSERT INTO `friends_request` (`user_to`, `user_from`) VALUES (?, ?)")))
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
if (!$stmt->bind_param('ss', $user_to, $user_from))
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
if (!$stmt->execute())
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
echo $stmt;
?>[ad_2]
لینک منبع
