<?PHP if (!$_POST){ header('Location: '.$site_url); } /* FIELD NAMES: runshop_id runshop_name runshop_name_tag runshop_address runshop_address_two runshop_city runshop_state runshop_state_tag runshop_zip runshop_phone runshop_fax runshop_email runshop_website runshop_cart runshop_contact runshop_contact_names runshop_diagnostics runshop_shoes runshop_socks runshop_apparel_run runshop_apparel_tri runshop_swimgear runshop_wetsuits runshop_hours runshop_classes runshop_info runshop_directions runshop_submitted_by runshop_valid runshop_shopper_tags */ /* Need to ltrim and rtrim commas before insertion */ //Insert into database $errmsg = NULL; //Check for blank fields if ((!$_POST[name])) $errmsg = $errmsg.'Shop name, '; if (!$_POST[city]) $errmsg = $errmsg.'City, '; if (!$_POST[state]) $errmsg = $errmsg.'State, '; if (!$_POST[address]) $errmsg = $errmsg.'Address, '; if (!$_POST[phone]) $errmsg = $errmsg.'Phone, '; if (!$_POST[email]) $errmsg = $errmsg.'Email, '; if (!$_POST[hours]) $errmsg = $errmsg.'Shop hours, '; if ($_POST[contact] == 1 && !$_POST[contact_names]) $errmsg = $errmsg.'Contact names, '; if (strlen($_POST[classes]) < 4) $errmsg = $errmsg.'Runs & classes, '; if (strlen($_POST[info]) < 4) $errmsg = $errmsg.'Shop info, '; if (strlen($_POST[directions]) < 4) $errmsg = $errmsg.'Directions, '; if (isset($errmsg)) { $errmsg = 'The following fields cannot be left blank: '.$errmsg; $errmsg = rtrim($errmsg, ', '); } $start_url = "(http(s)?\:\/\/)?"; // start url $dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end $last_part = "([\w_-]{2,})"; // last part doesn't contain a dot $user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~ $end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension $qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b) $qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d) $bkmrk = "(#[\w_-]+)?"; // bookmark $exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i"; if( !preg_match($exp, $_POST[website]) && $_POST[website] != "") { // Contains invalid characters. $errmsg = $errmsg."Invalid Web Address<br />"; } if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[name]) ) { // Contains invalid characters. $errmsg = "Please use only letters and numbers in the name"; } if(!$errmsg){ $name = mysql_real_escape_string(trim($_POST[name])); $name_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $name))); if(strlen($nametag) > 12){ //Shorten it $name_tag = substr($nametag, 0, 12); } $address = mysql_real_escape_string(trim($_POST[address])); $address_two = mysql_real_escape_string(trim($_POST[address_two])); $city = mysql_real_escape_string(trim($_POST[city])); $state = mysql_real_escape_string($_POST[state]); $state_tag = mysql_real_escape_string(strtolower(str_replace(" ","", $state))); $zip = mysql_real_escape_string(trim($_POST[zip])); $phone = mysql_real_escape_string(trim($_POST[phone])); $fax = mysql_real_escape_string(trim($_POST[fax])); $email = mysql_real_escape_string(trim($_POST[email])); $website = mysql_real_escape_string(trim($_POST[website])); $cart = mysql_real_escape_string(trim($_POST[cart])); $contact = mysql_real_escape_string($_POST[contact]); if ( $contact == 0 ){ $contact_names = NULL; }else{ $contact_names = mysql_real_escape_string(trim($_POST[contact_names])); } /* Need to ltrim and rtrim commas before insertion --> or ltrim/rtrim before implosion*/ $diagnostics = mysql_real_escape_string($_POST[diagnostics]); $shoes = mysql_real_escape_string($_POST[shoes]); $socks = mysql_real_escape_string($_POST[socks]); $apparelrun = mysql_real_escape_string($_POST[apparel_run]); $appareltri = mysql_real_escape_string($_POST[apparel_tri]); $swimgear = mysql_real_escape_string($_POST[swimgear]); $wetsuits = mysql_real_escape_string($_POST[wetsuits]); $hours = mysql_real_escape_string(trim($_POST[hours])); $classes = mysql_real_escape_string(nl2br(substr(trim($_POST[classes]), 0, 4096))); $info = mysql_real_escape_string(nl2br(substr(trim($_POST[info]), 0, 4096))); $directions = mysql_real_escape_string(nl2br(substr(trim($_POST[directions]), 0, 4096))); $submitted_by = mysql_real_escape_string($_POST[submitted_by]); if($_POST[confirm1] == 1){ $sql = "INSERT INTO ".$prefix."Runshops (runshop_name, runshop_name_tag, runshop_address, runshop_address_two, runshop_city, runshop_state, runshop_state_tag, runshop_zip, runshop_phone, runshop_fax, runshop_email, runshop_website, runshop_cart, runshop_contact, runshop_contact_names, runshop_diagnostics, runshop_shoes, runshop_socks, runshop_apparel_run, runshop_apparel_tri, runshop_swimgear, runshop_wetsuits, runshop_hours, runshop_classes, runshop_info, runshop_directions, runshop_submitted_by, runshop_valid) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$phone', '$fax', '$email', '$website', '$cart', $contact, '$contact_names', ',$diagnostics,', ',$shoes,', ',$socks,', ',$apparelrun,', ',$appareltri,', ',$swimgear,', ',$wetsuits,', '$hours', '$classes', '$info', '$directions', $submitted_by, 0)"; //echo("shop entered!"); //echo($sql); //exit(); mysql_query($sql) OR die(mysql_error()); //exit(); }else{ //echo("shop NOT entered."); $confirm = 1; } } ?>