Poscode distance script

PHP
1

Hi All,

wondered if anyone could have a look at my code, basicly this bit o code is just to test to see if it works, later I will replace where it echos out the postcodes within a max distance to pull data from a database.

the code works perfectly but I just wondered if there is a neater way to right it, or if anyone could check to see if there is any problems that may happen.


<?php


function getDistance($latitude1, $longitude1, $latitude2, $longitude2)
{
	//$earth = 6371; //km change accordingly
	$earth = 3960; //miles

	//Point 1 cords
	$latitude1 = deg2rad($latitude1);
	$longitude1= deg2rad($longitude1);

	//Point 2 cords
	$latitude2 = deg2rad($latitude2);
	$longitude2= deg2rad($longitude2);

	//Haversine Formula
	$dlongitude=$longitude2-$longitude1;
	$dlatitude=$latitude2-$latitude1;

	$sinlatitude=sin($dlatitude/2);
	$sinlongitude=sin($dlongitude/2);

	$a=($sinlatitude*$sinlatitude)+cos($latitude1)*cos($latitude2)*($sinlongitude*$sinlongitude);

	$c=2*asin(min(1,sqrt($a)));

	$d=round($earth*$c);

	return $d;
}

if($_POST)
{
	mysql_connect(localhost,"DATABASEUSERNAME","PASSWORD");
	@mysql_select_db("**********") or die( "Unable to select database");

	$firstpc = strtoupper(preg_replace("/[^a-zA-Z0-9]/","", $_POST[first]));
	
	$query = 'SELECT `latitude`, `longitude` FROM `uk_postcode_04` WHERE `postcode`="'.$firstpc.'";';
	$result = mysql_query($query);
	$first = mysql_fetch_row($result);
	
	$fulldataQ = "SELECT * FROM uk_postcode_04";
	$fulldata = mysql_query($fulldataQ);
	$miles = $_POST[miles];
	
while($row = mysql_fetch_array($fulldata)){
$check = getDistance($first[0], $first[1], $row['latitude'], $row['longitude']);
		
			if($check < $miles){
			echo $row['postcode'];
			echo "<br />";
			};
};
	

	mysql_close();
}

?>

<form action="postcode.php" method="post">
Only enter the first part of the postcode. If your postcode is CO4 3AT, just enter the CO4.<br /><br />
postcode: <input name="first" maxlength="4" /><br />
Max Distance In Miles: <input name="miles" maxlength="4" /><br />
<input type="submit" />
</form>
2

Your script could fall victim to a mysql injection, it would be better if the variables where binded to the SQL query, also mysql_*() is set to be depreciated in the next version of PHP.

It would be better, if you made use of PDO (PHP Data Objects) for the SQL side of things ([URL=“http://www.fullondesign.co.uk/coding/php/1907-pdo-php-data-objects-starter-guide.htm”]here is a starter guide I wrote a little while ago). Under PDO your code would be something like:


$host = 'localhost';
$dbname = 'my_database';
$user = 'mysql_username';
$pass = 'mysql_password';

try {
	// Call the PDO class.
	$db= new PDO('mysql:host='.$host.';dbname='.$dbname, $user, $pass);
} catch(PDOException $e) {
	// If something goes wrong, PDO throws an exception with a nice error message.
	echo $e->getMessage();
}

$query = $db->prepare('SELECT `latitude`, `longitude` FROM `uk_postcode_04` WHERE `postcode`=":POSTCODE:" LIMIT 0,1 ;');
$query->execute(array(':POSTCODE:' => strtoupper(preg_replace("/[^a-zA-Z0-9]/","", $_POST[first]))); // bind the values to the SQL.
$first = $query->fetchAll(PDO::FETCH_ASSOC);
$first = $first[0]; // select the first one

$query = $db->query('SELECT * FROM uk_postcode_04;');
$fullDatas = $query->fetchAll(PDO::FETCH_ASSOC);

foreach($fullDatas as $fullData){
$check = getDistance($first->latitude, $first->longitude, $fullData->latitude'], $fullData->longitude);
}

Other than that (without further knowledge of how much data your working with), it looks ok :slight_smile:

3

Thanks mate

  • Sent from my iPhone using Tapatalk