Let me explain this as best as I can.
I have PHP file named funcs.php in which is exactly this PHP code:
$q = $_GET["q"];
$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
if ($row['State'] == '') {
$SchoolState = 'Unknown';
}
else if ($row['State'] == 'AL') {
$SchoolState = 'Alabama';
}
else if ($row['State'] == 'AK') {
$SchoolState = 'Alaska';
}
else if ($row['State'] == 'AZ') {
$SchoolState = 'Arizona';
}
else if ($row['State'] == 'AR') {
$SchoolState = 'Arkansas';
}
print 'This school is in';
print $SchoolState;
}
When I call in my browser:
url example => http://www.domain.com/funcs.php?q=ABRAHAM BALDWIN AGRICULTURAL COLLEGE
It normally works and returns => This school is in Alabama
But when when i call in my browser any URL which have & (&) inside, won’t work at all:
url example => http://www.domain.com/funcs.php?q=BRYANT & STRATTON BUSINESS INSTITUTE – BUFFALO
I don’t know why, but for some reasson I get no results when there is amp (&) in URL, please HELP!
You are passing two variables. Do a
var_dump($_GET);and you will see.You probably meant:
To pass values for parameters in URLs, they need the proper encoding. Also called url-encoding.
&is a special character that needs to be written as%26, space is a special character as well, can be written as+or%2b. Also called percent- or triplet-encoding.A function in PHP that does this is:
urlencodeDocs.In any case you need to properly encode as well the search term for the SQL query, otherwise you allow others to alter the SQL query and do stuff like searching more than you want and even delete your database. That’s a more serious issue than losing half a variable’s value.
See: Best way to stop SQL Injection in PHP