Ampersands in text fields are screwing around with display of field data

Question

I have a customer mangement system that I have programmed in php and mysql. A company uses it to log their customer details for marketing and orders. There are various fields on my form, one of them being Business Name.

The fields are imported into an emailer to send to the customers quotes etc. The field contents are pulled in from the database and stored in various strings. Business name for example is stored in $name.

The problem I have found is if the business enters a business name such as Joe Blogs & Sons what ends being imported into the email system is Joe Blogs and that is it, anything after the ampersand is cut off, including the ampersand. If they use Joe Blogs and Sons this works fine and when the email goes out it says Dear, Joe Blogs and Sons , but if someone enters & it just ends up as Dear, Joe Blogs.

Would I be correct in saying something like str_replace or preg_replace is the way to go with this or a way to escape the &'s ? .

Answer 1

Use either htmlentities() or htmlspecialchars() to encode special HTML entities for injection into an HTML context. Please note that these functions are not sufficient for any other context. Example:

Good:

<p><?php echo htmlspecialchars($foo); ?></p>

Bad:

<a href="<?php echo htmlspecialchars($bar); ?>">Click me!</a>

Answer 2

It depends what you mean by "imported into an emailer".

I'd imagine you just need to convert the &'s into &'s - probably best just to use htmlentities around each variable (assuming they don't hold HTML that needs parsed) as part of your "string cleaning" process.

Answer 3

try to convert & into &. there are various php functions for that.choose one that suits you