Help with displaying the name "O'Brien" from a database to an input box

Hi folks,

I'm using php and a mysql database. I've a page where users can edit a name. When i select to edit the name "O'Brien" the only thing that appears in the input box is "O" before i start editing it. When these names are added i have the code below featured before it writes it to the database:

  $SurName=mysql_real_escape_string($_POST['inputSurName']);

Code (markup):

I thought that would have fixed it, as it's writing "O'Brien" to the database but it's not. Below is the code from the form that displays the name in the text box:

$query = "SELECT * FROM tblpupil WHERE PupilID = $id";
	
	
	$result = mysql_query($query);
	
	
	
	while($row = mysql_fetch_array($result)) {
		echo "<form method=post action=editname2.php?id=" . $row['PupilID'] . ">";
		echo "<table border=0 cellSpacing=2 cellPadding=1 width=90%>";
		echo "<tr><td colspan=4><FONT align=left color=#808080 size=5>Edit Pupil Name</Font></td></tr>";
		
		echo "<TR><TD></td></tr><TR><TD></td></tr><TR><TD></td></tr>";
		echo "<tr><td width=50%>First Name</td>";
		echo "<td><input type=text name=editFirstName size=20 value='" . $row['FirstName'] . "'></td></tr>";
		echo "<tr><td>Surname</td>";
		echo "<td><input type=text name=editSurName size=20 value='" . $row['SurName'] . "'></td></tr>";
		echo "<tr><td colspan=2 align=center><input type=submit name=submit value=Save>  <input type=submit name=cancel value=Cancel></td></tr></table>";
		
	}

Code (markup):

Here the surname is for the pupil Stephen O'Brien is displaying just "O". Does anybody know how to fix this? Any help would be greatly appreciated.

Thanks guys!

 

its because the code line :

echo "<td><input type=text name=editSurName size=20 value='" . $row['SurName'] . "'></td></tr>";

Code (markup):

will produce html code :

<td><input type=text name=editSurName size=20 value='O' Brien'></td></tr>

Code (markup):

and the correct should :

 <td><input type=text name=editSurName size=20 value="O' Brien"></td></tr>

Code (markup):

try this :

$query = "SELECT * FROM tblpupil WHERE PupilID = $id";
	
	
	$result = mysql_query($query);
	
	
	
	while($row = mysql_fetch_array($result)) {
		echo "<form method=post action=editname2.php?id=" . $row['PupilID'] . ">";
		echo "<table border=0 cellSpacing=2 cellPadding=1 width=90%>";
		echo "<tr><td colspan=4><FONT align=left color=#808080 size=5>Edit Pupil Name</Font></td></tr>";
		
		echo "<TR><TD></td></tr><TR><TD></td></tr><TR><TD></td></tr>";
		echo "<tr><td width=50%>First Name</td>";
		echo "<td><input type=text name=editFirstName size=20 value='" . $row['FirstName'] . "'></td></tr>";
		echo "<tr><td>Surname</td>";
		[B]echo "<td><input type=text name=editSurName size=20 value=\"" . $row['SurName'] . "\"></td></tr>";[/B]
		echo "<tr><td colspan=2 align=center><input type=submit name=submit value=Save>  <input type=submit name=cancel value=Cancel></td></tr></table>";
		
	}

Code (markup):

 

echo "<td><input type=text name=editSurName size=20 value=\"$row[SurName] \"></td></tr>";

In my case i do like this check it for your need and let me know...

 

I think it is better to use htmlspecialchars() to display anything in any form control elements. In this case all HTML-specific (', ", <, >, etc) symbols will be displayed correctly.
So, try this one:
echo "<td><input type=text name=editSurName size=20 value='" . htmlspecialchars($row['SurName'], ENT_QUOTES) . "'></td></tr>";

 

Worked like a charm thank you!

 

This is better than others