"; $errmsg = rtrim($errmsg, ", "); } if (!is_numeric($_POST[membership])) $errmsg = $errmsg."Membership must be a number ONLY
"; $start_url = "(http(s)?\:\/\/)?"; // start url $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~ $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b) $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d) $bkmrk = "(#[\w_-]+)?"; // bookmark $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i"; if( !preg_match($exp, $_POST[website]) ) { // Contains invalid characters. $errmsg = $errmsg."Invalid Web Address
"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) { // Contains invalid characters. $errmsg = $errmsg."Please use only letters and numbers in the name
"; } if(!$errmsg){ $name = trim($_POST[name]); $name_tag = strtolower(str_replace(" ","", $name)); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_escape_string(trim($_POST[address])); if (isset($_POST['address_two'])) { $address_two = mysql_escape_string(trim($_POST[address_two])); } else { $address_two = NULL; } $city = mysql_escape_string(trim($_POST[city])); $state = $_POST[state]; $state_tag = strtolower(str_replace(" ","", $state)); $zip = mysql_escape_string(trim($_POST[zip])); $email = mysql_escape_string(trim($_POST[email])); $website = mysql_escape_string(trim($_POST[website])); $president = mysql_escape_string(trim($_POST[president])); $dues = mysql_escape_string(trim($_POST[dues])); $membership = mysql_escape_string(trim($_POST[membership])); $board = $_POST[board]; if ( $board == 0 ){ $board_names = NULL; }else{ $board_names = mysql_escape_string(trim($_POST[board_names])); } $info = mysql_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096))); $sponsors = mysql_escape_string(nl2br(substr(trim($_POST[sponsors]), 0, 4096))); $discounts = mysql_escape_string(nl2br(substr(trim($_POST[discounts]), 0, 4096))); $directions = mysql_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096))); $workouts = mysql_escape_string(nl2br(substr(trim($_POST[workouts]), 0, 4096))); $meetings = mysql_escape_string(nl2br(substr(trim($_POST[meetings]), 0, 4096))); $submitted_by = $_POST[submitted_by]; if($_POST[confirm1] == 1){ $sql = "INSERT INTO ".$prefix."Triclubs (triclub_name, triclub_name_tag, triclub_address, triclub_address_two, triclub_city, triclub_state, triclub_state_tag, triclub_zip, triclub_email, triclub_website, triclub_president, triclub_board, triclub_board_names, triclub_membership, triclub_dues, triclub_info, triclub_sponsors, triclub_discounts, triclub_directions, triclub_workouts, triclub_meetings, triclub_submitted_by, triclub_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$email', '$website', '$president', $board, '$board_names', '$membership', '$dues', '$info', '$sponsors', '$discounts', '$directions', '$workouts', '$meetings', '$submitted_by', 0)"; //echo("shop entered!"); //echo($sql); mysql_query($sql) OR die(mysql_error()); //exit(); }else{ //echo("shop NOT entered."); $confirm = 1; } } //}else{ // $errmsg = 'Incorrect key.'; //} ?>