Ampersand in database record will not work

[frshjb373]

I'm trying to query a database where some of the values in the record have an ampersand (AT&T) and I get no results. However, if I change the records to "ATT" it works just fine. How do I get the ampersand to query correctly? Any help is much appreciated.

 

Thank you!

[requinix]

Post code.

[xenophobia]

If you are outputing the value from database to your HTML document, use htmlentities().

 

$result = mysql_fetch_row($qry);

echo htmlentities($result['col_name']);

 

=)

[frshjb373]

After looking at it more, I think it's a Javascript issue. Here's the Javascript and PHP...

 

Javascript:

function reload(form)
{
var val=form.cat.options[form.cat.options.selectedIndex].value;
self.location='sell-iphone.php?cat=' + val ;
}

 

PHP:

<?php
@$cat=$_GET['cat']; // Use this line or below line if register_global is off
if(strlen($cat) < 0){ // to check if $cat is numeric data or not.
echo "Data Error";
exit;
}
?>

[requinix]

Yep, that would be it. Imagine what the URL looks like:

sell-iphone.php?cat=AT&T

so $_GET["cat"] = "AT" and $_GET["T"] = something.

 

Does the form have more than the "cat"? If not then just make the form action=sell-iphone.php and method=get then you can

<select ... onchange="this.form.submit();">

 

Otherwise encodeURIComponent can escape the val and make it safe for the URL.