From: "Aleks @" <[EMAIL PROTECTED]>
> First I build my select list:
>     <SELECT NAME="Cid" size="1">
>     <OPTION Selected VALUE="">All Customers</OPTION>
> <?
>  While ($Site = mysql_fetch_array($S))
>  {
>   $Sid = $Site["CID"];
>   $SName = htmlspecialchars($Site["Customer"]);
>   echo("<option value='$SName'>$SName</options>\n");

Easy fix: echo("<option value=\"$SName\">$SName</options>\n");

Long version:

htmlspecialchars() does not change single quotes unless you pass ENT_QUOTES
as the second parameter. What you're ending up with is a value such as:

value='St. Mary's'

which, HTML will interpret as a value of "St. Mary" and an unknown s'
attribute. So,

$SName = htmlspecialchars($Site["Customer"], ENT_QUOTES);
echo("<option value='$SName'>$SName</options>\n");

will convert single quotes to HTML entities and not affect the value.

The "easy fix" above works because it uses double quotes around the value
and htmlspecialchars() already changes double quotes by default.

---John Holmes...

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to