I want to create an activity feed system and my feeds (statuses) and friends are in different tables in my database. How do I connect them so that the logged in user can only receive feeds from their friends.
<?php
$sql = "
SELECT * FROM status WHERE author='(friend of logged-in user)' AND type='a'
**UNION**
SELECT * FROM friends WHERE user1='$user' AND accepted='1' OR user2='$user' AND accepted='1'
";
$query = mysqli_query($database, $sql);
$statusnumrows = mysqli_num_rows($query);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$user1 = $row["user1"];
$user2 = $row["user2"];
$accepted = $row["accepted"];
$statusid = $row["id"];
$account_name = $row["account_name"];
$author = $row["author"];
$postdate = $row["postdate"];
$postdate = strftime("%b %d, %Y %I:%M %p");
$data = $row["data"];
$data = nl2br($data);
$data = str_replace("&","&",$data);
$data = stripslashes($data);
$statusDeleteButton = '';
if($author == $log_username || $account_name == $log_username ){
$statusDeleteButton = '<span id="sdb_'.$statusid.'"><a href="#" onclick="return false;" onmousedown="deleteStatus(\''.$statusid.'\',\'status_'.$statusid.'\');" title="DELETE THIS STATUS AND ITS REPLIES">delete status</a></span> ';
}
$feedlist .= '<div id="status_'.$statusid.'" class="flipwrapper pin">
<div class="picture">
<header class="img-btm">
'.$postdate.'</b><br />
20 <a href="#">cmts</a> 255 <a href="#">likes</a> '.$statusDeleteButton.'
</header>
<a href="status_frame.php?id='.$statusid.'"><img id="bound" src="'.$data.'"/></a></div></div>';
}
?>
You definitely don't want a UNION here, but a subquery, more or less like this:
SELECT * FROM status
WHERE author in (
SELECT whateverfieldshouldmapfromfriendstoauthor FROM friends
WHERE user1='$user' AND accepted='1' OR user2='$user' AND accepted='1'
) AND type='a'
And some general tips:
$user variable is provided by the request, you are). The best way to avoid SQL injection problems is by using parameterized queries.