Sorry I left out the exact form.... It is $info = mysql_query( Select * From customer Where customer.customer LIKE 'St Mary's Hospital'); -----Original Message----- From: ma [mailto:grillen@xxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 1:56 PM To: PHP-DB Subject: Re: Select Value with 's hi think you should use ' when you create the query and " in the SQL-statement for comparison: $qry = 'SELECT * FROM customer WHERE customer.customer LIKE "'.$FF.'"'; _ma # life would be easier if i knew the source code... > Von: "Aleks @ USA.net" <Aleks.k@xxxxxxx> > Datum: Wed, 5 Nov 2003 13:52:51 -0500 > An: "'CPT John W. Holmes'" <holmes072000@xxxxxxxxxxx>, "'ma'" > <grillen@xxxxxxxxxxxxxx>, "'PHP-DB'" <php-db@xxxxxxxxxxxxx> > Betreff: RE: Select Value with 's > > Thanks John for the answer.... But... > > Now my select statement on the Result.php page errors out when The > value has the [']in it..... What the select statement looks like now > Is > > Select * > From customer > Where customer.customer LIKE 'St Mary's Hospital' > > Error message is > > Warning mysql_fetch_array(): supplied argument is not a valid MySQL > result > > > > > > -----Original Message----- > From: CPT John W. Holmes [mailto:holmes072000@xxxxxxxxxxx] > Sent: Wednesday, November 05, 2003 1:45 PM > To: Aleks @ USA.net; 'ma'; 'PHP-DB' > Subject: Re: Select Value with 's > > From: "Aleks @ USA.net" <Aleks.k@xxxxxxx> >> First I build my select list: >> >> <SELECT NAME="Cid" size="1"> >> <OPTION Selected VALUE="">All Customers</OPTION> >> >> <? >> While ($Site = mysql_fetch_array($S)) { >> $Sid = $Site["CID"]; >> $SName = htmlspecialchars($Site["Customer"]); >> echo("<option value='$SName'>$SName</options>\n"); > > Easy fix: echo("<option value=\"$SName\">$SName</options>\n"); > > Long version: > > htmlspecialchars() does not change single quotes unless you pass > ENT_QUOTES as the second parameter. What you're ending up with is a value such as: > > value='St. Mary's' > > which, HTML will interpret as a value of "St. Mary" and an unknown s' > attribute. So, > > $SName = htmlspecialchars($Site["Customer"], ENT_QUOTES); > echo("<option value='$SName'>$SName</options>\n"); > > will convert single quotes to HTML entities and not affect the value. > > The "easy fix" above works because it uses double quotes around the > value and htmlspecialchars() already changes double quotes by default. > > ---John Holmes... > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
