Need a little help with error handling...

I have a script that takes a form input, which is a person's ZIP code. The php then runs the first query, which gets the latitude and longitude coordinates from the DB based on the ZIP. What I need to do is have some sort of error handling function that returns an error message if the ZIP code being searched for is not in the database, or if the person enters something besides a ZIP code, etc...

All I need is for it to say the ZIP code you entered is not a valid ZIP code, and then a "Try Again" link...


<?

if($_POST['submit'])

{

$dbh=mysql_connect ("localhost", "orlandoi_gmap", "gmap") or die ('I cannot connect to the database because: ' . mysql_error());

mysql_select_db ("orlandoi_gmap");

$InputtedZIP = ($_POST['InputtedZIP']);


$inputCoords = mysql_query("Select LAT, LNG from coord_db where ZIP = $InputtedZIP") or die(mysql_error());

while($row = mysql_fetch_array($inputCoords))



{



?>



<tr>



<td><font color=#000000 face="arial">Map has been generated showing all ZIP Codes containing a Festiva Owner within a 50 mile radius of the ZIP code <?php echo $InputtedZIP;?></td>

Take a look at:
[http://us3.php.net/mysql_num_rows]

Good luck;

Cool, I used the mysql_num_rows and a if...else to create an error handler in case someone puts in a nonexistant ZIP Code.

The error message only works, however, when a number is entered. If you enter text, it returns the error msg:

Unknown column '*****' in 'where clause'

where ***** is the inputted text... I'd like to set an error message for this condition as well, any thoughts?

You need to validate what is going into the query! You're leaving a HUGE sql injection opportunity!

$inputCoords = mysql_query("Select LAT, LNG from coord_db where ZIP = '".$InputtedZIP."'") or die(mysql_error());