-1

I have a link: http://www.adress.com/Article.aspx?ID=262839&R=R1

After using mysql_real_escape_string on it, it changes to http://www.adress.com/Article.aspx?ID=262839

So it removes everything from the &-char: "&R=R1".

Why? And how can I fix this?

--- EDIT Thanks for the answers. I will look in to the PDO.

And of course you were right, the problem is not caused by mysql_real_escape_string. The data is lost in my jquery ajax request.

$('.share').live('click', function(event) {
        var thesharelink = $(this);
        var thehref = $(this).attr('href');
        $(this).hide();
        $.ajax({
            url: 'edit.php',
            type: 'POST',
            data: 'thehref=' + thehref,
            error: function(){
                $(thesharelink).replaceWith("Could not share");
            },
            contentType: 'application/x-www-form-urlencoded;charset=UTF-8',
            success: function(result1) {
                $('body').append(result1);
                $(thesharelink).replaceWith(msg);
            }
        });
});

So once the data arrives to the php-file, it is lost. It seems like adding escape fixes the problem. Although I welcome any suggestions for improvement.

Thomas
  • 33
  • 4
  • Are you sure ? its working for me – safarov Mar 24 '12 at 18:02
  • Please provide an example that reproduces the error. – Gumbo Mar 24 '12 at 18:02
  • 1
    What version of PHP are you using? Also, can you post some actual code? It's unlikely `mysql_real_escape_string` is the cause of this. – pjumble Mar 24 '12 at 18:03
  • `mysql_real_escape_string` does not do that, probably you've got some extra string manipulation function(s) applied to the string? Or, your varchar field is 44-symbols-length, e.g. varchar(44)... which would be odd – Nemoden Mar 24 '12 at 18:03
  • 2
    please, stop using the 10+ year old API and learn about prepared statements with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). – tereško Mar 24 '12 at 18:06
  • Thanks for the helpful answers! Have much to learn. So my error is somewhere in my Jquery ajax request, and it seems like adding escape fixes the problem. – Thomas Mar 24 '12 at 19:06

2 Answers2

1

I suggest you switch to PDO, and utilize prepared statements. Example usage (borrowed from PHP PDO prepared statements):

/* Execute a prepared statement by passing an array of values */
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');

$sth->execute(array(150, 'red'));

$red = $sth->fetchAll();
Community
  • 1
  • 1
Jon Skarpeteig
  • 4,118
  • 7
  • 34
  • 53
0

So it removes everything from the &-char

It is not.

how can I fix this?

Find the real cause for the & character removal.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345