When asked to write a store location program in less than an hour, I developed this little utility. It uses my own MySQL class and clean() function which parses the POST/GET variables for any nastiness that might have occurred.

include('includes/class.mysql.php');
include('includes/functions.php');

clean(); // Clean up $_REQUEST for SQL injection
$mysql = new mysql();
$zip = $_REQUEST[zip];
$city = $_REQUEST[city];
$digits = strlen($zip);
//echo "Count: $digits
";

echo "\n\n";
echo "\n";
while($i<1) {
        $q = ($zip) ? $mysql->query("SELECT * FROM stores WHERE zip LIKE '$zip%'") : $mysql->query("SELECT * FROM stores WHERE state = '$_REQUEST[state]' AND city LIKE '%$city%' ORDER BY zip ASC");
        if(mysql_num_rows($q)) {
                while($r = mysql_fetch_assoc($q)) {
                        echo "\t\n";
                        echo "\t\t".trim($r[chain])."\n";
                        echo "\t\t".trim($r[store])."\n";
                        echo "\t\t".trim($r[location])."\n";
                        echo "\t\t".trim($r[city])."\n";
                        echo "\t\t".trim($r[state])."\n";
                        echo "\t\t".trim($r[zip])."\n";
                        echo "\t\n";
                }
                $i++;
        } else if (strlen($zip) > 1) {
                $zip = substr($zip, 0, strlen($zip) - 1);
        } else {
                $i = 1;
        }
}
echo "\n";
echo "\n";