website/queries/friendship.php

@@ -1,24 +1,30 @@
 <?php
+require("connect.php");
 
 function selectAllFriends($db, $userID) {
-    return $db->query("
+    $stmt = $db->prepare("
         SELECT
-        `user`.`username`,
+            `username`,
-        `user`.`profilepicture`,
+            IFNULL(
-        `user`.`onlinestatus`,
+                `profilepicture`,
-        `user`.`role`
+                'img/notbad.png'
+            ) AS profilepicture,
+            `onlinestatus`,
+            `role`
         FROM
             `user`
         INNER JOIN
             `friendship`
         WHERE
-        `friendship`.`user1ID` = $userID AND
+            (`friendship`.`user1ID` = :userID AND
             `friendship`.`user2ID` = `user`.`userID` OR 
-        `friendship`.`user2ID` = $userID AND
+            `friendship`.`user2ID` = :userID AND
-        `friendship`.`user1ID` = `user`.`userID`"
+            `friendship`.`user1ID` = `user`.`userID`) AND
-    );
+            `role` != 5 AND
+            `status` = 1
+    ");
+
+    $stmt->bindParam(':userID', $userID, PDO::PARAM_INT);
+    $stmt->execute();
+    return $stmt;
 }
-
-
-
-?>