0

what is this. can't do this again and again and again.. lol 

if (!isset($_GET['hash'])) {
  //we give the value of the starting row to 0 because nothing was found in URL
  $hash = 'Teen' . ' ' . chr(38) . ' ' .  'Young Adult';
//otherwise we take the value from the URL
} else {
 //if (strpos($_GET['hash'], '&') !== false) {
$regex = "~[ ]\K&~";
$hash = preg_replace($regex, chr(38), $_GET['hash']);
//$hash = preg_replace('/&/', chr(38) ,$_GET['hash']);
//$hash  = str_replace("&", chr(38), $_GET['hash']);
echo $hash;
//$hash =
//}
}

//// --- etc etc

$DBH = new PDO($hostDb, $user, $password);

$WTH = $DBH -> prepare( "SELECT asin FROM asin WHERE active=1 AND node = :hash LIMIT $startrow, 10" );
$WTH->bindParam(':hash', $hash, PDO::PARAM_STR);
$WTH->setFetchMode(PDO::FETCH_ASSOC);
$WTH -> execute();

foreach($wea as $item)
{
echo '<td>';
echo '<a href="'.$_SERVER['PHP_SELF'].'?hash='.$item["node"].'">' . $item["node"] . '</a>';
echo '</td>';
echo '<td>';
echo $item["c"];
echo '</td>';
echo '</tr>';
}
echo '</td></tr></table>';
echo '</td></tr></table>';

If this is run, the echo says Only Teen??? and not Teen & Young Adult? Help? Obviously mysql will not take &. Any solutions?

Marc B
  • 356,200
  • 43
  • 426
  • 500
Michael Kearney
  • 1
  • 3
  • mysql will take any character(s) you feed it, if you write your query [appropriately](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Marc B Jul 08 '16 at 20:46
  • and note that `chr(38)` **IS** `&`. your regex (if it was working properly) would be doing effectively NOTHING, because you're just replacing `&` with `&`. – Marc B Jul 08 '16 at 20:49
  • I ended up changing it with a another php to and. – Michael Kearney Jul 09 '16 at 00:43

0 Answers0