From e80ce3b793adee1844f826f7aa8aa41b91fd20af Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Wed, 18 Jan 2017 14:22:03 +0100
Subject: [PATCH] Improved selectAllFriends query

---
 website/queries/friendship.php | 46 +++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 20 deletions(-)

diff --git a/website/queries/friendship.php b/website/queries/friendship.php
index 45a599e..94cd123 100644
--- a/website/queries/friendship.php
+++ b/website/queries/friendship.php
@@ -1,24 +1,30 @@
 <?php
+require("connect.php");
 
 function selectAllFriends($db, $userID) {
-    return $db->query("
-    SELECT
-        `user`.`username`,
-        `user`.`profilepicture`,
-        `user`.`onlinestatus`,
-        `user`.`role`
-    FROM
-        `user`    
-    INNER JOIN
-        `friendship`
-    WHERE
-        `friendship`.`user1ID` = $userID AND
-        `friendship`.`user2ID` = `user`.`userID` OR
-        `friendship`.`user2ID` = $userID AND
-        `friendship`.`user1ID` = `user`.`userID`"
-    );
+    $stmt = $db->prepare("
+        SELECT
+            `username`,
+            IFNULL(
+                `profilepicture`,
+                'img/notbad.png'
+            ) AS profilepicture,
+            `onlinestatus`,
+            `role`
+        FROM
+            `user`
+        INNER JOIN
+            `friendship`
+        WHERE
+            (`friendship`.`user1ID` = :userID AND
+            `friendship`.`user2ID` = `user`.`userID` OR 
+            `friendship`.`user2ID` = :userID AND
+            `friendship`.`user1ID` = `user`.`userID`) AND
+            `role` != 5 AND
+            `status` = 1
+    ");
+
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->execute();
+    return $stmt;
 }
-
-
-
-?>
\ No newline at end of file