& replacing & in iframe url link

I just moved programs from one server to another (CentOS7) using php 5.4.16, Apache 2.4.6.  Now I find urls being passed to an iframe is replacing the & with &.  I can't go through all the files and adjust just yet.  What can I do (within Apache or other) to fix this issue?

Example...
http://myurl.com/viewitems.php?part=1234456&usage=1
becomes
http://myurl.com/viewitems.php?part=1234456&usage=1

Thanks.
Gabriel7Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
That looks normal to me.  What problem is it causing you?  It should be working just fine.
Gabriel7Author Commented:
The link doesn't work when the & ends up in the link, fails to show a value ...except if I manually take the link and strip out the amp; from the link..

<DIV align="left"><IFRAME name="frame_current" id="frame_current" src="viewItemps.php?yr=current&amp;search=123454566"
frameborder="0" style="background: rgb(255, 255, 255); width: 100%; height: 100%; display: block; position: absolute;"></IFRAME></DIV>
Ray PaseurCommented:
Since we're seeing <div align= in the markup, I am guessing that you have not validated the markup yet, and so I would recommend that you validate and correct the markup before you go live with the new site.  You can find the new validator here:
http://validator.w3.org/nu/

What you're showing us with the &amp; appears to be something that got processed through the PHP function htmlspecialchars().  This functionality may also come from htmlentities().  These functions are commonly used to sanitize external input before it is sent back to the browser.  They will nullify the potentially unwanted effects of client #1 posting malicious JavaScript, and having client #2 visit the link with the malicious JavaScript.  The functions do this by converting some of the meaningful characters into character entities.  Entities will be displayed, but will not affect the operation of the browser.

You may want to look carefully at the parameter, double_encode.  When double_encode is turned off PHP will not encode existing html entities. The default is to convert everything.  The default setting is TRUE, meaning that double encoding is an expected and normal occurrence.

I tested this script in Chrome at current levels and it worked correctly.  The "bounce post" script just sends back the contents of the request variables.  You can see that I used the ampersand entity in the script (Just copied it from this question).
http://iconoun.com/demo/temp_gabriel7.php
<?php // temp_gabriel7.php
/**
 * http://www.experts-exchange.com/questions/28694645/amp-replacing-in-iframe-url-link.html
 */
error_reporting(E_ALL);

?>

<DIV align="left"><IFRAME name="frame_current" id="frame_current" src="bounce_post.php?yr=current&amp;search=123454566"
frameborder="0" style="background: rgb(255, 255, 255); width: 100%; height: 100%; display: block; position: absolute;"></IFRAME></DIV>

Open in new window

The output of the script shows this:
THANK YOU Sat, 04 Jul 2015 07:13:46 -0500
GET: array(2) {
  ["yr"]=>
  string(7) "current"
  ["search"]=>
  string(9) "123454566"
}

POST: array(0) {
}

Open in new window

The "view source" shows this, strongly suggesting that the ampersand entity was interpreted correctly.  Both of the URL arguments were presented to the bounce_post script.
<DIV align="left"><IFRAME name="frame_current" id="frame_current" src="bounce_post.php?yr=current&amp;search=123454566"
frameborder="0" style="background: rgb(255, 255, 255); width: 100%; height: 100%; display: block; position: absolute;"></IFRAME></DIV>

Open in new window

I also tested it with the ampersand character instead of the ampersand entity.  That test worked correctly, too.

If you're getting an error, please create the SSCCE that shows us the error and post it here so we can copy/paste the script, store it on our servers, and run it from the browser to see the same error you are seeing.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.