I have a search that the users can type the first part of a customer name and it will return the matching records, then when a user selects the customer name from the list it searchs for the customer info (address zip...). The problem that I am having is if the customer name has an ' in it, (Bill's Auto Transport) has the 's which kills my code.
I need to know how to fix it so that the 's and any other special charactors won't cause an error.
Here is my code for the search
Code: Select all
<?PHP
echo "
<input type=text name=search value='$_POST[search]' size=8>
<input name='create_workorder' type='submit' id='create_workorder' value='Search'>
";
?>
---------------------------------------
<?Php
echo "
<input type=hidden name=create_workorder value=1>
<select name=\"location_name\" OnChange=\"document.workorderform.submit()\"><option> </option>";
while($row = mssql_fetch_array($results)) {
echo "<option value=\"".$row[CustomerName]."\" ".(isset($_POST['location_name']) && $_POST['location_name'] == $row['CustomerName'] ? "selected=\"selected\"" : "").">".$row['CustomerName']."</option>";
}
echo "</select></td></tr>";
while ($row2 = mssql_fetch_assoc($results2))
{
echo "<tr><td>Street:</td><td><input type=text size=50 name=location_street value='$row2[Address]'></td></tr>
<tr><td> </td><td><input type=text size=40 name=location_city value='$row2[City]'> <input type=text size=5 name=location_zip value='$row2[Zip]'></td></tr>";
}
?>Also if there are is a tutorial somewhere about the general practice for input box's and how th protect against the 's or " ". That would be helpful for me because I need to setup all of my input fields that way.