Ampersand problem

[bad_gui]

I'm modifying someone else code.  It's a journal article DB that grabs descriptive info from a public database and

inserts it into a mysql DB and associates the pdf file with the entry.

 

I can upload a paper from the journal  Protein engineering, design & selection  without a problem.  I can see the

entry using the php scripts "search" and "browse" functions EXCEPT for one which is "browse by journal"

I can see the journal name listed but when I click it says "no hits"

 

I'm learning php so I'd appreciate it if someone could point me in the right direction.

 

Basically when the user sees a list of journals produced by scanning the DB a producing a list of all unique entries

in the journal column, the user can click on the journal name and get a list of all the articles from that journal.

 

When I click on the journal name I get this link in the browser:

http://192.168.1.99/librarian/index.php?action=browse&select=all&browseby=journal&journal=Protein engineering, design & selection&show=brief&orderby=journal

Here is the relevant code (I think) to produce the listing of journals:

print " <A HREF=\"index.php?action=browse&select=$_GET[select]&browseby=$_GET[browseby]&$_GET[browseby]=$paper[0]&show=brief&orderby=$_GET[browseby]\">
         $paper[0]</A> ($paper[1])<BR>";

 

 

Here is the code (I think) that actually scans the DB

if (!empty($_GET["browseby"])) {
    $browseby_string="WHERE $_GET[browseby]='".$_GET{$_GET['browseby']}."'";
    if ($_GET[browseby] == 'category') $browseby_string="WHERE category REGEXP '(^|[|])".$_GET{$_GET['browseby']}."([|]|$)'";
    $chain = "$_GET[browseby]=".$_GET{$_GET["browseby"]}."&";
    } else {
    $browseby_string='';
    $chain = '';
    }

    if (substr($_GET["select"], -4) == '.pdf') {
    $query = "SELECT * FROM library WHERE file='$_GET[select]'";
    } else {
    $query = "SELECT * FROM library $browseby_string ORDER BY $orderby_string $ordering LIMIT $from,20";
    }
    $result = @mysql_query ($query);
    $rows = @mysql_num_rows($result);
    @mysql_close($link);

 

So is the problem is that

    $browseby_string="WHERE $_GET[browseby]='".$_GET{$_GET['browseby']}."'";

 

can't recognize the string  Protein engineering, design & selection

Do I just mysql_escape_string this?

[bad_gui]

I added an echo statement to see if my guess was right

 

echo $_GET{$_GET['browseby']}

 

This produces a text string that is truncated from the & character onwards

 

 

Protein engineering, design

 

NO HITS

 

 

Any ideas?

[discomatt]

urlencode() should convert your unhappy characters to happy ones

 

urldecode() will convert them back

[bad_gui]

Sorry,  I'm just learning.

 

I tried

 

print " <A HREF=\"index.php?action=browse&select=$_GET[select]&browseby=$_GET[browseby]&$_GET[browseby]=urlencode($paper[0])&show=brief&orderby=$_GET[browseby]\">
         $paper[0]</A> ($paper[1])<BR>";

 

But this gives

 

 

urlencode(Protein engineering, design

 

NO HITS

 

 

I also tried single quotes around the 'urlencode($paper[0])' but that didn't work either.  What am I missing?

[discomatt]

...&$_GET[browseby]=".urlencode($paper[0])."&show...

[bad_gui]

Thanks!  That solved the problem.

 

I've been using the Welling & Thompson book but there is so much more to php (like nested $_GET etc).

[discomatt]

There's no replacement for human guidance

 

Most here are more than happy to help, providing you show an effort to learn