Użyj Ampersand w ciągu zapytania

They need to be percent-encoded:

> encodeURIComponent('&')
"%26"
So in your case, the URL would look like:

http://www.mysite.com?candy_name=M%26M
Gleaming Goat