# Poscode distance script

Hi All,

wondered if anyone could have a look at my code, basicly this bit o code is just to test to see if it works, later I will replace where it echos out the postcodes within a max distance to pull data from a database.

the code works perfectly but I just wondered if there is a neater way to right it, or if anyone could check to see if there is any problems that may happen.

``````
&lt;?php

function getDistance(\$latitude1, \$longitude1, \$latitude2, \$longitude2)
{
//\$earth = 6371; //km change accordingly
\$earth = 3960; //miles

//Point 1 cords

//Point 2 cords

//Haversine Formula
\$dlongitude=\$longitude2-\$longitude1;
\$dlatitude=\$latitude2-\$latitude1;

\$sinlatitude=sin(\$dlatitude/2);
\$sinlongitude=sin(\$dlongitude/2);

\$a=(\$sinlatitude*\$sinlatitude)+cos(\$latitude1)*cos(\$latitude2)*(\$sinlongitude*\$sinlongitude);

\$c=2*asin(min(1,sqrt(\$a)));

\$d=round(\$earth*\$c);

return \$d;
}

if(\$_POST)
{
@mysql_select_db("**********") or die( "Unable to select database");

\$firstpc = strtoupper(preg_replace("/[^a-zA-Z0-9]/","", \$_POST[first]));

\$query = 'SELECT `latitude`, `longitude` FROM `uk_postcode_04` WHERE `postcode`="'.\$firstpc.'";';
\$result = mysql_query(\$query);
\$first = mysql_fetch_row(\$result);

\$fulldataQ = "SELECT * FROM uk_postcode_04";
\$fulldata = mysql_query(\$fulldataQ);
\$miles = \$_POST[miles];

while(\$row = mysql_fetch_array(\$fulldata)){
\$check = getDistance(\$first[0], \$first[1], \$row['latitude'], \$row['longitude']);

if(\$check &lt; \$miles){
echo \$row['postcode'];
echo "&lt;br /&gt;";
};
};

mysql_close();
}

?&gt;

&lt;form action="postcode.php" method="post"&gt;
Only enter the first part of the postcode. If your postcode is CO4 3AT, just enter the CO4.&lt;br /&gt;&lt;br /&gt;
postcode: &lt;input name="first" maxlength="4" /&gt;&lt;br /&gt;
Max Distance In Miles: &lt;input name="miles" maxlength="4" /&gt;&lt;br /&gt;
&lt;input type="submit" /&gt;
&lt;/form&gt;

``````

Your script could fall victim to a mysql injection, it would be better if the variables where binded to the SQL query, also mysql_*() is set to be depreciated in the next version of PHP.

It would be better, if you made use of PDO (PHP Data Objects) for the SQL side of things ([URL=“http://www.fullondesign.co.uk/coding/php/1907-pdo-php-data-objects-starter-guide.htm”]here is a starter guide I wrote a little while ago). Under PDO your code would be something like:

``````
\$host = 'localhost';
\$dbname = 'my_database';

try {
// Call the PDO class.
\$db= new PDO('mysql:host='.\$host.';dbname='.\$dbname, \$user, \$pass);
} catch(PDOException \$e) {
// If something goes wrong, PDO throws an exception with a nice error message.
echo \$e-&gt;getMessage();
}

\$query = \$db-&gt;prepare('SELECT `latitude`, `longitude` FROM `uk_postcode_04` WHERE `postcode`=":POSTCODE:" LIMIT 0,1 ;');
\$query-&gt;execute(array(':POSTCODE:' =&gt; strtoupper(preg_replace("/[^a-zA-Z0-9]/","", \$_POST[first]))); // bind the values to the SQL.
\$first = \$query-&gt;fetchAll(PDO::FETCH_ASSOC);
\$first = \$first[0]; // select the first one

\$query = \$db-&gt;query('SELECT * FROM uk_postcode_04;');
\$fullDatas = \$query-&gt;fetchAll(PDO::FETCH_ASSOC);

foreach(\$fullDatas as \$fullData){
\$check = getDistance(\$first-&gt;latitude, \$first-&gt;longitude, \$fullData-&gt;latitude'], \$fullData-&gt;longitude);
}

``````

Other than that (without further knowledge of how much data your working with), it looks ok

Thanks mate

• Sent from my iPhone using Tapatalk