Posted by Curt Zirzow on 01/14/06 09:21

Bear (pun intened) with me on this one i havn't read the whole
thread, so you may get a repeat answer.

On Fri, Jan 13, 2006 at 10:55:00AM -0600, Jay Blanchard wrote:
> I am having a problem with a an ampersand sign. I have a list of things on a
> page, in which one category is 'Oil & Gas'. I store it in the database as
> 'Oil & Gas'. When the category is clicked the query string shows just an
> ampersand, i.e.

The database should really hold text/plain, not text/html.

If you take the string 'Oil & Gas' out side of the context of
html that & is a rather strange sequence of characters.

> "Filter=Process&FilterKey=Oil%20&%20Gas&Order=Application&Direction=ASC&comm
> ents=" and therefore just shows as an '&' and the query only sees 'Oil'.

You forgot to urlencode() each value that is passed. And say you
did urlencode the data you would have:

Filter=Process&FilterKey=Oil+%26+Gas

Now the $_GET['FilterKey'] is 'Oil & Gas'

If you do a search on the db for this value with something like:

$cat = mysql_real_escape_string($_GET['FilterKey']);
$sql = "select * from table where cat = '$cat'";

You will come back with 0 results since you really have in that cat
field 'Oil & Gas'.

>
> I guess that I am too tired to deal with this or the answer would come to
> mind immediately. Can someone drop kick me in the right direction? Thanks!

Remember:

characters only have meaning in the context they are used

If I want to use 'Oil & Gas' in:

html: i need to html_entity_docode()/htmlentities() it
sql: i need to ensure it is escaped *_escape_string();
url: i need to urlencode() it.
plain/text: just an echo/print
store on a main frame: ASCII2EBCDIC() it


Curt.
--
cat .signature: No such file or directory

[Back to original message]