tqla Posted August 15, 2007 Share Posted August 15, 2007 I have this code that pulls info from a database and displays it. It works but it fails when it encounters the '&' sign in the database content. Is there a way to look for the '&' sign and display it correctly. <?php $selectSql = "SELECT * FROM Member". ' WHERE ID="'.addslashes($_GET['ID']).'" AND createDate="'.addslashes($_GET['createDate']).'" AND loginName="'.addslashes($_GET['loginName']).'" AND password="'.addslashes($_GET['password']).'" AND lastName="'.addslashes($_GET['lastName']).'" AND firstName="'.addslashes($_GET['firstName']).'" AND company="'.addslashes($_GET['company']).'" AND title="'.addslashes($_GET['title']).'" AND email="'.addslashes($_GET['email']).'" AND phone="'.addslashes($_GET['phone']).'" AND status="'.addslashes($_GET['status']).'" AND dayCounter="'.addslashes($_GET['dayCounter']).'" AND HowHear="'.addslashes($_GET['HowHear']).'"'; $Result = $MyDb->f_ExecuteSql($selectSql); $Resultset = $MyDb->f_GetRecord($Result); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html> <head> <title>Detailed informations</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <link href="style/style.css" rel="stylesheet" type="text/css"/> </head> <body> <BR><BR><BR><BR><BR> <div align="center"> <table> <tr><td class="tableheader" colspan=2>Detailed information</td></tr> <tr><th>ID:</th><td><div align="left"><?php echo $Resultset['ID'];?> </div></td></tr> <tr><th>CreateDate:</th><td><div align="left"><?php echo $Resultset['createDate'];?> </div></td></tr> <tr><th>LoginName:</th><td><div align="left"><?php echo $Resultset['loginName'];?> </div></td></tr> <tr><th>Password:</th><td><div align="left"><?php echo $Resultset['password'];?> </div></td></tr> <tr><th>LastName:</th><td><div align="left"><?php echo $Resultset['lastName'];?> </div></td></tr> <tr><th>FirstName:</th><td><div align="left"><?php echo $Resultset['firstName'];?> </div></td></tr> <tr><th>Company:</th><td><div align="left"><?php echo $Resultset['company'];?> </div></td></tr> <tr><th>Title:</th><td><div align="left"><?php echo $Resultset['title'];?> </div></td></tr> <tr><th>Email:</th><td><div align="left"><?php echo $Resultset['email'];?> </div></td></tr> <tr><th>Phone:</th><td><div align="left"><?php echo $Resultset['phone'];?> </div></td></tr> <tr><th>Status:</th><td><div align="left"><?php echo $Resultset['status'];?> </div></td></tr> <tr><th>HowHear:</th><td><div align="left"><?php echo $Resultset['HowHear'];?> </div></td></tr> <tr><th>Downloads:</th> <td><div align="left"> <? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/ Share on other sites More sharing options...
skyer2000 Posted August 15, 2007 Share Posted August 15, 2007 Have you tried changing all of the & signs to &? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-324995 Share on other sites More sharing options...
tqla Posted August 15, 2007 Author Share Posted August 15, 2007 Yes, but users input their own content so they will input the "&" sign and I can't do anything about that. Plus some company names have the '&' sign in their name. Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-324997 Share on other sites More sharing options...
Daniel0 Posted August 15, 2007 Share Posted August 15, 2007 You can convert &'s to &'s using htmlentities(). How exactly does the ampersands break your script? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325057 Share on other sites More sharing options...
tqla Posted August 15, 2007 Author Share Posted August 15, 2007 Thanks Daniel0. When an entry has an ampersand nothing shows up in the table. All fields are blank. When I remove the ampersand (or change it to 'and') the fields are populated correctly. Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325176 Share on other sites More sharing options...
Daniel0 Posted August 15, 2007 Share Posted August 15, 2007 Does the user data come from a form? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325178 Share on other sites More sharing options...
plutomed Posted August 15, 2007 Share Posted August 15, 2007 When you insert the data do you use get or post? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325182 Share on other sites More sharing options...
willpower Posted August 15, 2007 Share Posted August 15, 2007 you should ALWAYS validate your input before passing through a script. This wil prevent sql injection. If you do not know what tis means...google it quick as you are VERY vunerable to attacks. Because you will now read up and validate you data, you can now add $mystring= "Mills & Boon"; $mystring=str_replace("&",&",$mystring); or any other replacement method you see fit to use. Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325191 Share on other sites More sharing options...
tqla Posted August 16, 2007 Author Share Posted August 16, 2007 Does the user data come from a form? Daniel0. Yes the user data comes from a form When you insert the data do you use get or post? plutomed, I use get. Willpower. I did do validation, like numbers only, email check, you know the usual stuff. But I did not think to change the ampersand to &. So you are saying to change it on the way in. Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325282 Share on other sites More sharing options...
MadTechie Posted August 16, 2007 Share Posted August 16, 2007 personally POST would be easier in the long run, are you using urldecode ? Link to comment https://forums.phpfreaks.com/topic/65120-solved-the-darn-sign-in-my-database/#findComment-325287 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.