"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) { // Contains invalid characters. $errmsg = "Please use only letters and numbers in the name"; } if(!$errmsg){ $name = mysql_real_escape_string(trim($_POST[name])); $name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name))); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_real_escape_string(trim($_POST[address])); $address_two = mysql_real_escape_string(trim($_POST[address_two])); $city = mysql_real_escape_string(trim($_POST[city])); $state = mysql_real_escape_string($_POST[state]); $state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state))); $zip = mysql_real_escape_string(trim($_POST[zip])); $phone = mysql_real_escape_string(trim($_POST[phone])); $fax = mysql_real_escape_string(trim($_POST[fax])); $email = mysql_real_escape_string(trim($_POST[email])); $website = mysql_real_escape_string(trim($_POST[website])); $cart = mysql_real_escape_string(trim($_POST[cart])); $contact = mysql_real_escape_string($_POST[contact]); if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[contact_names])); } /* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/ $diagnostics = mysql_real_escape_string($_POST[diagnostics]); $shoes = mysql_real_escape_string($_POST[shoes]); $socks = mysql_real_escape_string($_POST[socks]); $apparelrun = mysql_real_escape_string($_POST[apparel_run]); $appareltri = mysql_real_escape_string($_POST[apparel_tri]); $swimgear = mysql_real_escape_string($_POST[swimgear]); $wetsuits = mysql_real_escape_string($_POST[wetsuits]); $hours = mysql_real_escape_string(trim($_POST[hours])); $classes = mysql_real_escape_string(nl2br(substr(trim($_POST[classes]), 0, 4096))); $info = mysql_real_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096))); $directions = mysql_real_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096))); $submitted_by = mysql_real_escape_string($_POST[submitted_by]); if($_POST[confirm1] == 1){ $sql = "INSERT INTO ".$prefix."Runshops (runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparelrun,', ',$appareltri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)"; //echo("shop entered!"); //echo($sql); //exit(); mysql_query($sql) OR die(mysql_error()); //exit(); }else{ //echo("shop NOT entered."); $confirm = 1; } } ?>