[SOLVED] _GET with ampersand

[shadowart]

I am stuck! Please go to

http://wireless.northstate.net/residential/phones.php

 

Notice that the first item listed is an AT&T phone.

Now click on "AT&T" under "View By Brand" on the right side. Why isn't it getting the data?

 

The code I am using is below. Any help would be greatly appreciated!

 

 

$query = "SELECT * FROM handsets WHERE brand=\"{$_GET['brand']}\"";
	$result = mysql_query($query) or die ("Couldn't execute query");
	while ($row = mysql_fetch_array($result)) {
		extract($row);
	echo "<tr>";
	echo "<td style='border-bottom:1px solid #B2C1C8;'><a href='showdetails.php?brand={$row['brand']}&model={$row['model']}&id={$row['id']}' title='{$row['brand']} {$row['model']}'><img src='../images/handsets/{$row['smallimage']}' width='95px' height='127px' style='border:none; float:left;' /></a></td>";
	echo "<td style='border-bottom:1px solid #B2C1C8;'><h4>$brand $model</h4>";
	echo "<p>2-year contract price*:  <span class='price'>\$$twoYearPrice</span></p>";
	echo "<p class='padTop'>*$special.</p></td>";
	echo "<td valign='bottom' style='border-bottom:1px solid #B2C1C8; padding:0 10px 20px 0;'><p><a href='showdetails.php?brand={$row['brand']}&model={$row['model']}&id={$row['id']}' title='{$row['brand']} {$row['model']}'><img src='../images/details_button.gif' width='94px' height='27px' style='border:none;' /></a></p>";
	echo "<p><a href='order.php?brand={$row['brand']}&model={$row['model']}&id={$row['id']}'><img src='../images/order_button.gif' width='94px' height='27px' style='border:none;' /></a></p></td>";
	echo "</tr>";
	}

[benphp]

This is one of many problems with using the GET method. Can't you use post instead? Use hidden fields, then use javascript to submit it. Getting around ampersands in a GET method is tricky at best.

 

In your case, I'd replace all ampersands (and other unhappy characters) with |AND| on your product page, then replace it again on your details page.

[GingerRobot]

Alternatively, you could encode the query string and then decode it after it has been retrieved.

 

If you google, you'll find examples of how to use javascript to encode the variables being sent with GET.

[kenrbnsn]

All you have to do is use urlencde() on the data when you create the link:

<?php
echo '<p><a href="order.php?brand=' . urlencode($row['brand']) . '&model=' . $row['model'] . '&id=' . $row['id']. '"><img src="../images/order_button.gif" width="94px" height="27px" style="border:none;" /></a></p></td>';
?>

 

You don't have to decode it in the receiving script, that's done automagically.

 

Ken

[haku]

Two points for Ken.

 

Javascript should definitely not be used, as it wont work if someone has it turned off. Then they leave your site because they think it doesn't work.

[shadowart]

Makes complete sense, but when I added the urlencode() to the "View By brand" links, the page came up blank when I published?

 

Not sure what happened there.

[shadowart]

The code used to create the View by brand links:

					<?php
				$query2 = "SELECT * FROM handsets GROUP BY brand";
				$result2 = mysql_query($query2) or die ("Couldn't execute query");
					while ($row2 = mysql_fetch_array($result2)) {
						extract($row2);
						echo "<p><a href='phones_by_brand.php?brand={$row2['brand']}' title='{$row2['brand']}' class='topnav'>{$row2['brand']}</a></p>";
					}
				?>

[kenrbnsn]

I don't see the call to urlencode() in that code snippet.

 

Ken

[shadowart]

My fault...pasted the wrong snippet

 

<h2>View By Brand</h2>
				<?php
				$query2 = "SELECT * FROM handsets GROUP BY brand";
				$result2 = mysql_query($query2) or die ("Couldn't execute query");
					while ($row2 = mysql_fetch_array($result2)) {
						extract($row2);
						echo '<p><a href="phones_by_brand.php?brand='. urlencode($row2['brand']) .'" title='{$row2['brand']}' class='topnav'>{$row2['brand']}</a></p>';
					}
				?>

[kenrbnsn]

Since I switched the single quotes and double quotes in my example and you didn't follow it completely, you have a syntax error. Try this:

<?php
$query2 = "SELECT * FROM handsets GROUP BY brand";
$result2 = mysql_query($query2) or die ("Couldn't execute query");
while ($row2 = mysql_fetch_assoc($result2)) {
	echo '<p><a href="phones_by_brand.php?brand='. urlencode($row2['brand']) .'"' . " title='{$row2['brand']}' class='topnav'>{$row2['brand']}</a></p>";
}
?>

 

Ken

[shadowart]

Thank you SOOOOOO much, Ken!!! That was perfect.

I really can't thank you enough.

 

David