Link to home
Start Free TrialLog in
Avatar of Frank Tsao
Frank Tsao

asked on

Escaping ampersands in URL search strings

I have a search feature and I am having problems (read: going crazy) when searching for strings with ampersands (e.g. "rock & roll") and pagination.

I have used urlencode() to convert the ampersand to %26, but it still doesn't work. My URLs look like:

Page 1 | <a href="search.php?cat_id=2&sort=top&search=rock+%26+roll">2</a>

That would appear to have covered the ampersand which is now %26, but once I click on the link it is interpreted by the browser as an ampersand thus breaking the search query string variable.

Avatar of ncoo
ncoo

The browser is treating that correctly.

You will need to convert the ampersand to something else e.g. <[and]>

So in your link you would have:

<a href="search.php?cat_id=2&sort=top&search=rock+<[and]>+roll">2</a>

On search.php you would convert <[and]> back to &

$search = str_replace('<[and]>',&,$search);
Last line should have been:

$search = str_replace('<[and]>','&',$search);

Where $search=$_GET['search'];
Try using `urlencode()`for handling special characters in the URL:

Page 1 | <a href="search.php?cat_id=2&sort=top&search=<?=urlencode(rock&roll)?>">2</a>

http://www.php.net/urlencode
ASKER CERTIFIED SOLUTION
Avatar of b0lsc0tt
b0lsc0tt
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Frank Tsao

ASKER

@ncoo

I was thinking of using a different character such as <[and]> as you suggested, but was hoping for a way around using that method.

@b0lsc0tt

Hm, I'm playing around with a simple script and you may be on to something about the search script I am using being the problem.  I'm not at my work pc, but will test it out tomorrow and follow up with the results.
suggest to replace the & into @, and replace it back when retrieving the data from the next page
b0lsc0tt

Yes, the problem was the script after all. It's a case of working on a script for too long and missing something. What happened is that I have links to sort the results by top matches, alphabetically, etc which I used the urlencode() function on instead of using urlencode() on the pagination links! Although the sorting links would also need it, but that wasn't the problem. Oh, using urldecode() isn't necessary afterwords.

I knew using urlencode() had to work since I've seen other sites encode special characters.

Thanks everyone for your input.
It looks like the test worked. :)  I'm glad I could help.  Thanks for the grade, the points and the fun question.

bol

P.S.  I would not use @ in place of & or another reserved character.  The ampersat (@) is also reserved and has special use in the URL.  Although it would probably be OK in the query string part of the URL it is best to avoid using it as a substitute.
Your welcome!  I had loaded this page before your last post so that is why I said "it looks like."  Thanks for the follow up.

bol