Thanks John for the answer.... But...

Now my select statement on the Result.php page errors out when
The value has the [']in it..... What the select statement looks like now

Select *
>From customer
Where customer.customer LIKE 'St Mary's Hospital'

Error message is

Warning mysql_fetch_array(): supplied argument is not a valid MySQL result

-----Original Message-----
From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 05, 2003 1:45 PM
To: Aleks @; 'ma'; 'PHP-DB'
Subject: Re: [PHP-DB] Select Value with 's

From: "Aleks @" <[EMAIL PROTECTED]>
> First I build my select list:
>     <SELECT NAME="Cid" size="1">
>     <OPTION Selected VALUE="">All Customers</OPTION>
> <?
>  While ($Site = mysql_fetch_array($S))  {
>   $Sid = $Site["CID"];
>   $SName = htmlspecialchars($Site["Customer"]);
>   echo("<option value='$SName'>$SName</options>\n");

Easy fix: echo("<option value=\"$SName\">$SName</options>\n");

Long version:

htmlspecialchars() does not change single quotes unless you pass ENT_QUOTES
as the second parameter. What you're ending up with is a value such as:

value='St. Mary's'

which, HTML will interpret as a value of "St. Mary" and an unknown s'
attribute. So,

$SName = htmlspecialchars($Site["Customer"], ENT_QUOTES); echo("<option

will convert single quotes to HTML entities and not affect the value.

The "easy fix" above works because it uses double quotes around the value
and htmlspecialchars() already changes double quotes by default.

---John Holmes...

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to