"; $errmsg = rtrim($errmsg, ", "); } $start_url = "(http(s)?\:\/\/)?"; // start url $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~ $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b) $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d) $bkmrk = "(#[\w_-]+)?"; // bookmark $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i"; if( !preg_match($exp, $_POST[website]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Web Address
"; } if($_POST[portfolio] != "" && !preg_match($exp, $_POST[portfolio]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Portfolio Address
"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) { // Contains invalid characters. $errmsg = $errmsg."Please use only letters and numbers in the name
"; } // begin error message check if(!$errmsg){ $name = trim($_POST[name]); $name_tag = strtolower(str_replace(" ","", $name)); //if(strlen($name_tag) > 12){ //Shorten it $name_tag = substr($name_tag, 0, 12); //} // need to update a typo here in other dbs $address = mysql_escape_string(trim($_POST[address])); $full_address = $address; if (isset($_POST['address_two'])) { $address_two = mysql_escape_string(trim($_POST[address_two])); } else { $address_two = NULL; $full_address = $full_address.", ".$address_two; } $city = mysql_escape_string(trim($_POST[city])); $full_address = $full_address.", ".$city; $state = $_POST[state]; $full_address = $full_address.", ".$state; $state_tag = strtolower(str_replace(" ","", $state)); $zip = mysql_escape_string(trim($_POST[zip])); $full_address = $full_address." ".$zip; $latlng_override = $_POST[latlng_override]; if ($latlng_override == true) { $lat = $_POST[lat]; $lng = $_POST[lng]; } else { //geocode //echo ($full_address); $geocode_status = geocode($full_address); //echo (is_array($geocode_status)); if (is_array($geocode_status)) { $geocode_error = false; $lat = $geocode_status[0]; $_POST[lat] = $lat; $lng = $geocode_status[1]; $_POST[lng] = $lng; //echo ($lat.", ".$lng); } else { $geocode_error = true; $lat = 0; $_POST[lat] = $lat; $lng = 0; $_POST[lng] = $lng; $geocode_message = $geocode_status; } } $phone = trim($_POST[phone]); $fax = trim($_POST[fax]); $email = mysql_escape_string(trim($_POST[email])); $website = mysql_escape_string(trim($_POST[website])); $portfolio = mysql_escape_string(trim($_POST[portfolio])); $methods = mysql_escape_string(trim($_POST[methods])); $certifications = mysql_escape_string($_POST[certifications]); $fitbikes = mysql_escape_string($_POST[fitbikes]); $motioncapture = mysql_escape_string($_POST[motioncapture]); $brandfriendly = mysql_escape_string($_POST[brandfriendly]); $cost = mysql_escape_string(trim($_POST[cost])); $info = mysql_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096))); $directions = mysql_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096))); $submitted_by = $_POST[submitted_by]; // begin boolean check to see if we should insert the fitter into the dbase if($_POST[insert_fitter] == true){ $sql = "INSERT INTO ".$prefix."Fitters (fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$methods', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')"; //echo("shop entered!"); //echo($sql); mysql_query($sql) OR die(mysql_error()); //exit(); $insert_success = true; }else{ //echo("shop NOT entered."); $confirm_fitter = true; } // end insert check } // end error message check ?>