& to $amp; but htmlspecialchars doesnt seem to work

[wjh31]

in my mysql db one of the fields contains a string which typically looks like :

url=http://share.gigapan.org/gigapans0/19537/tiles/&suffix=.jpg&startHideControls=0&width=28772&height=22979&nlevels=8&cleft=0&ctop=0&cright=28772.0&cbottom=22979.0

 

but with a few numbers changed between rows. I want to change the & to & and update the entry, however when i try htmlspecialchars or str_replace it doesnt seep to work.

<?php
$val = $_GET['location'];
$con = mysql_connect("localhost","user","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("DB", $con) or die(mysql_error());
$result=mysql_query("SELECT * FROM table WHERE filters") or die(mysql_error());

while ($loop = mysql_fetch_array($result)){
echo $loop[field];
echo "<br>";
$new = htmlspecialchars( $loop[field] , $double_encode = false);
echo $new;
echo "<br>";
mysql_query("UPDATE table SET field=$new WHERE id=$loop[id]") or die(mysql_error());
}
mysql_close($con); 
?>

 

on echoing, $loop[field] comes out identical to $new and i additionally get the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://share.gigapan.org/gigapans0/19537/tiles/&suffix=.jpg&startHideControl' at line 1"

 

TIA

[bugcoder]

try this line

 

"UPDATE table SET field='$new' WHERE id=$loop[id]"

[wjh31]

try this line

 

"UPDATE table SET field='$new' WHERE id=$loop[id]"

 

Thank you, thats done it. Additionally the reason i thought the string hadnt been edied, was because the browser was displaying the & as &, had i checked the source...

 

mark as solved or something