PHP/MySQL - Special characters in URLs. How to avoid?

Question

Hey everyone,

My database contains information extracted from an external feed. In this raw text feed, the following text is used in place of special characters:

& - &
' - &39;
é - é

I extract some of this text to form URLs. For example, a URL that I construct from data containing these characters might look like this:

http://url.com/search/?brand=Franklin&Hédgson's

I use the GET variables in this URL to construct further lookups, which leads to a couple of specific problems:

1. The é and ' characters are sent back to MySQL as they appear, and so they don't trigger any results (because the characters take the full HTML form in the database text).

2. The & within the URL separates the variable, and the GET returns only Franklin, when it should return the whole string.

Are there any straightforward ways of dealing with this?

Thanks.

Answer 1

That's because a '&' within a URL starts a new GET variable. The '?' starts your query string with has 2 items in it, 'brand' = "Franklin" and undefined = "Hédgson's".

Here is a list of URL escape codes that you should use whenever any of those characters appear in your URL (inside a value, of course). So, the '&' needs to be escaped to '%26' when it is put into the string so that the GET will read it properly.

Answer 2

You should encode the brand=Franklin&Hédgson's before creating the link, if you are generating the link with php use urlencode http://php.net/manual/en/function.urlencode.php

Then you can use htmlentities to encode the query before sending it off to mysql in a query http://www.php.net/manual/en/function.htmlentities.php