"; }*/ if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[runshop_name]) ) { // Contains invalid characters. $errmsg = "Please use only letters and numbers in the name"; } // BEGIN ERROR MESSAGE CHECK if(!$errmsg){ $name = mysql_real_escape_string(trim($_POST[runshop_name])); $name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name))); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_real_escape_string(trim($_POST[runshop_address])); $address_two = mysql_real_escape_string(trim($_POST[runshop_address_two])); $city = mysql_real_escape_string(trim($_POST[runshop_city])); $state = mysql_real_escape_string($_POST[runshop_state]); $state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state))); $zip = mysql_real_escape_string(trim($_POST[runshop_zip])); $phone = mysql_real_escape_string(trim($_POST[runshop_phone])); $fax = mysql_real_escape_string(trim($_POST[runshop_fax])); $email = mysql_real_escape_string(trim($_POST[runshop_email])); $website = mysql_real_escape_string(trim($_POST[runshop_website])); $cart = mysql_real_escape_string(trim($_POST[runshop_cart])); $contact = mysql_real_escape_string($_POST[runshop_contact]); if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[runshop_contact_names])); } /* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/ $diagnostics = mysql_real_escape_string($_POST[runshop_diagnostics]); $shoes = mysql_real_escape_string($_POST[runshop_shoes]); $swimgear = mysql_real_escape_string($_POST[runshop_swimgear]); $wetsuits = mysql_real_escape_string($_POST[runshop_wetsuits]); $socks = mysql_real_escape_string($_POST[runshop_socks]); $apparel_run = mysql_real_escape_string($_POST[runshop_apparel_run]); $apparel_tri = mysql_real_escape_string($_POST[runshop_apparel_tri]); $hours = mysql_real_escape_string(trim($_POST[runshop_hours])); $classes = mysql_real_escape_string(substr(trim($_POST[runshop_classes]), 0, 4096)); $info = mysql_real_escape_string(substr(trim($_POST[runshop_info]), 0, 4096)); $directions = mysql_real_escape_string(substr(trim($_POST[runshop_directions]), 0, 4096)); $submitted_by = mysql_real_escape_string($_POST[runshop_submitted_by]); $id = mysql_real_escape_string($_POST[runshop_id]); $edited_by = mysql_real_escape_string($_POST[edited_by]); $edit_timestamp = mysql_real_escape_string(time()); // BEGIN CONFIRM ENTRY CHECK if($_POST[confirm_entry] == 1){ if(isset($_POST[new_shop])){ $sql = "INSERT INTO ".$prefix."Runshops (runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparel_run,', ',$apparel_tri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)"; //echo("shop entered!"); //echo($sql); mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/add.php?confirmed=yes'); } elseif(isset($_POST[save_changes])) { $sql = "INSERT INTO ".$prefix."RunshopsEdits (runshop_id_fk, editor_user_id_fk, edit_timestamp, runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparel_run,', ',$apparel_tri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)"; mysql_query($sql) OR die(mysql_error()); header('Location: '.$site_url.'/individual.php?runshop_id='.$id.'&wiki_change=success'); } else { header('Location: '.$site_url.'/individual.php?runshop_id='.$id.'&changes=failure'); } } else { //echo("shop NOT entered."); $confirm = 1; } // END CONFIRM ENTRY CHECK } // END ERROR MESSAGE CHECK ?>