"; $errmsg = rtrim($errmsg, ", "); } $start_url = "(http(s)?\:\/\/)?"; // start url $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~ $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b) $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d) $bkmrk = "(#[\w_-]+)?"; // bookmark $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i"; if( !preg_match($exp, $_POST[coach_website]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Web Address
"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[coach_name]) ) { // Contains invalid characters. $errmsg = $errmsg."Please use only letters and numbers in the name
"; } if(!$errmsg){ $name = trim($_POST[coach_name]); $name_tag = strtolower(str_replace(" ","", $name)); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_escape_string(trim($_POST[coach_address])); if (isset($_POST['coach_address_two'])) { $address_two = mysql_escape_string(trim($_POST[coach_address_two])); } else { $address_two = NULL; } $city = mysql_escape_string(trim($_POST[coach_city])); $state = $_POST[coach_state]; $state_tag = strtolower(str_replace(" ","", $state)); $zip = mysql_escape_string(trim($_POST[coach_zip])); $phone = trim($_POST[coach_phone]); $fax = trim($_POST[coach_fax]); $email = mysql_escape_string(trim($_POST[coach_email])); $website = mysql_escape_string(trim($_POST[coach_website])); $certifications = $_POST[coach_certifications]; $services = $_POST[coach_services]; $degrees = $_POST[coach_degrees]; $cost = mysql_escape_string(nl2br(substr(trim($_POST[coach_cost]), 0, 4096))); $info = mysql_escape_string(nl2br(substr(trim($_POST[coach_info]), 0, 4096))); $camps = mysql_escape_string(nl2br(substr(trim($_POST[coach_camps]), 0, 4096))); $submitted_by = $_POST[coach_submitted_by]; $id = $_POST[coach_id]; $edited_by = $_POST[edited_by]; $edit_timestamp = time(); // BEGIN CONFIRM ENTRY CHECK if($_POST[insert_coach] == true){ if(isset($_POST[new_coach])){ $sql = "INSERT INTO ".$prefix."Coaches (coach_name, coach_name_tag, coach_address, coach_address_two, coach_city, coach_state, coach_state_tag, coach_zip, coach_phone, coach_fax, coach_email, coach_website, coach_certifications, coach_services, coach_degrees, coach_cost, coach_info, coach_camps, coach_submitted_by, coach_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', ',$certifications,', ',$services,', ',$degrees,', '$cost', '$info', '$camps', $submitted_by, 0)"; //echo("coach entered!"); //echo($sql); mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/add.php?confirmed=yes'); } elseif(isset($_POST[save_changes])) { $sql = "INSERT INTO ".$prefix."CoachesEdits (coach_id_fk, editor_user_id_fk, edit_timestamp, coach_name, coach_name_tag, coach_address, coach_address_two, coach_city, coach_state, coach_state_tag, coach_zip, coach_phone, coach_fax, coach_email, coach_website, coach_certifications, coach_services, coach_degrees, coach_cost, coach_info, coach_camps, coach_submitted_by, coach_valid) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', ',$certifications,', ',$services,', ',$degrees,', '$cost', '$info', '$camps', $submitted_by, 0)"; //echo $sql; //exit; mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/individual.php?coach_id='.$id.'&wiki_change=success'); } else { header('Location: '.$site_url.'/individual.php?coach_id='.$id.'&changes=failure'); } } else { //echo("coach NOT entered."); $confirm_coach = true; } // END CONFIRM ENTRY CHECK } // END ERROR MESSAGE CHECK ?>