Ahhhh...What do I do?

[buzzt]

This is really bugging me...I have a place where people can add their company name to my database. I also send them an activation link (with the company name in the link) in order to cut down on fraudulent submissions. My problem is everything works fine until someone has a company with an amperstand in the name (A & B). The activation page does not find the entry in the database even though it is there.

I have tried using different combinations of str_replace() and htmlspecialchars() on both the 'activation' page and the 'insertdata' page, but nothing works. The activation page only sees up until the amperstand (A) instead of (A & B). What do I do?

 

[inlandpac]

well,

One very simple way to do this is to change your form method from GET to POST. This will solve the problem right away and you won't have to manipulate your strings at all.

Chad. ICQ: 54380631

 

[buzzt]

Actually, it is set to post.

 

[inlandpac]

Here you go.

in insert.php,

Change:
$mesg = ....activate.php?company=" . $company . "&sessionid=" . $dealer_session . "&exp=" . $date2 . "\r\n\n";

To:
$mesg = ....activate.php?company=" . urlencode($company) . "&sessionid=" . urlencode($dealer_session) . "&exp=" . $date2 . "\r\n\n";

You must url encode these because they may contain characters that can be construed as part of a query string name->value pair.

Chad. ICQ: 54380631

 

[buzzt]

You da man! Thanks a lot.