/**
* clean data
*/
function clean(&$data)
{
foreach ($data as $key => $post) {
if (is_array($post)) {
clean($post);
} else {
$clean[$key] = strip_tags(clean_sql($post));
}
}
$data = $clean;
}
if (!($connection = @mysql_connect(DB_HOST . ":" . DB_PORT, DB_USER, DB_PW))) {
display_error();
}
// if database can not be selected, then show error
if (!mysql_select_db('winestore', $connection)) {
display_error();
}
// get all required inputs from the form
$region = clean_sql($_GET, "region", 4, $connection);
$startyear = clean_sql($_GET, "startyear", 4, $connection);
$mincost = clean_sql($_GET, "mincost", 50, $connection);
$maxcost = clean_sql($_GET, "maxcost", 50, $connection);
$wine = clean_sql($_GET, "wine", 50, $connection);
$winery = clean_sql($_GET, "winery", 100, $connection);
$endyear = clean_sql($_GET, "endyear", 4, $connection);
$stocknum = clean_sql($_GET, "stocknum", 5, $connection);
$errordisplay = '';
/* perform some basic validations to ensure that at least some records will be
returned to the user */
// validation 1 - start year must be after the end year
if ($startyear > $endyear) {
$errordisplay .= "Start year must be same as or before the end year";
$errordisplay .= "<br/>";
}
// make sure the stock number is a valid number if it has been supplied
if ($stocknum != '') {
if (!is_numeric($stocknum)) {
$errordisplay .= "The value entered for minimum stock is not valid";
$errordisplay .= "<br/>";
}
}
