ampersand in password problem - php

Question

Pretty much what it says on the title. I am trying to connect to a Microsoft SQL Server database with a password which contains an ampersand:

<?php
    $mssqlHost = "Reports.autotask.net,1433"; 
    $mssqlUser = 'NetworkROI';
    $mssqlPass = 'Rosdcpe7&Essdcscpalda'; //has been changed
    $mssqlATDB = 'TF_3745000_WH';
    $SQLConnect = mssql_connect($mssqlHost,$mssqlUser,$mssqlPass) 
        or die('Could not connect to SQL Server on '.$mssqlHost
        .' '. mssql_get_last_message());
?>

On a possibly related matter: I'm getting an “Error 101 (net::ERR_CONNECTION_RESET): Unknown error.” message when I try to connect.

How do I escape it?

Jonesy

Answer 1

You would only need to escape an ampersand in your HTTP request string if you pass it with a GET request, which you should never do because that would transmit the plaintext password in your URL. Use a POST request and HTTPS protocol when sending sensitive data.

You don't need to escape an ampersand in an SQL query. This is perfectly valid SQL:

SELECT ... FROM Accounts WHERE user = 'Jonesy' AND password = 'M&Ms are tasty'

But I also recommend learning to use query parameters:

SELECT ... FROM Accounts WHERE username = ? AND password = ?

Then you never have to ask how to escape this character or that character again. An SQL query parameter is the best way to send a dynamic value without needing to be quoted or escaped.

---

Re your updated question:

Searching for that error message leads me to many other people who use Google Chrome as their web browser, who get the error when they have changed their internet proxy settings, or screwed up their browser or network config in some other way.

So I conclude you have a network issue, it has nothing to do with your code or your password.