When asked to write a store location program in less than an hour, I developed this little utility. It uses my own MySQL class and clean() function which parses the POST/GET variables for any nastiness that might have occurred.
include('includes/class.mysql.php');
include('includes/functions.php');
clean(); // Clean up $_REQUEST for SQL injection
$mysql = new mysql();
$zip = $_REQUEST[zip];
$city = $_REQUEST[city];
$digits = strlen($zip);
//echo "Count: $digits
";
echo "\n\n";
echo "\n";
while($i<1) {
$q = ($zip) ? $mysql->query("SELECT * FROM stores WHERE zip LIKE '$zip%'") : $mysql->query("SELECT * FROM stores WHERE state = '$_REQUEST[state]' AND city LIKE '%$city%' ORDER BY zip ASC");
if(mysql_num_rows($q)) {
while($r = mysql_fetch_assoc($q)) {
echo "\t- \n";
echo "\t\t
".trim($r[chain])." \n";
echo "\t\t".trim($r[store])." \n";
echo "\t\t".trim($r[location])." \n";
echo "\t\t".trim($r[city])." \n";
echo "\t\t".trim($r[state])." \n";
echo "\t\t".trim($r[zip])." \n";
echo "\t \n";
}
$i++;
} else if (strlen($zip) > 1) {
$zip = substr($zip, 0, strlen($zip) - 1);
} else {
$i = 1;
}
}
echo " \n";
echo " \n";