Not allowing characters after Space. Mysql Insert With PHP

Question

Ok so I think this is easy but I dont know (I'm a novice to PHP and MySQL).

I have a select that is getting data from a table in the database. I am simply taking whatever options the user selects and putting it into a separate table with a php mysql insert statement.

But I am having a problem. When I hit submit, everything is submitted properly except for any select options that have spaces don't submit after the first space. For example if the option was COMPUTER REPAIR, all that would get sent is COMPUTER. I will post code if needed, and any help would be greatly appreciated. Thanks!

Ok here is my select code:

<?php
  include("./config.php");
  $query="SELECT id,name FROM category_names ORDER BY name";
  $result = mysql_query ($query);
  echo"<div style='overflow:auto;width:100%'><label>Categories (Pick three that describe your business)</label><br/><select name='select1'><option value='0'>Please Select A Category</option>";
  // printing the list box select command
  while($catinfo=mysql_fetch_array($result)){//Array or records stored in $nt


  echo "<option>$catinfo[name]</option><br/>

 ";

  }

echo"</select></div>";

  ?>

And here is my insert code ( Just to let you know its got everything not just the select!)

?php
    require("./config.php");
    $companyname = mysql_real_escape_string(addslashes(trim($_REQUEST['name'])));
    $phone = mysql_real_escape_string(addslashes($_REQUEST['phone']));
    $zipcode = mysql_real_escape_string(addslashes($_REQUEST['zipcode']));
    $city = mysql_real_escape_string(addslashes($_REQUEST['city']));
    $description = mysql_real_escape_string(addslashes($_REQUEST['description']));
    $website = mysql_real_escape_string(addslashes($_REQUEST['website']));
    $address = mysql_real_escape_string(addslashes($_REQUEST['address']));
    $other = mysql_real_escape_string(addslashes($_REQUEST['other']));
    $payment = mysql_real_escape_string(addslashes($_REQUEST['payment']));
    $products = mysql_real_escape_string(addslashes($_REQUEST['products']));
    $email = mysql_real_escape_string(addslashes($_REQUEST['email']));
    $select1 = mysql_real_escape_string(addslashes($_REQUEST['select1']));
    $select2 = mysql_real_escape_string(addslashes($_REQUEST['select2']));
    $select3 = mysql_real_escape_string(addslashes($_REQUEST['select3']));
    $save=$_POST['save'];
    if(!empty($save)){

    $sql="INSERT INTO gj (name, phone, city, zipcode, description, dateadded, website, address1, other2, payment_options, Products, email,cat1,cat2,cat3)
    VALUES
    ('$companyname','$phone','$city','$zipcode','$description',curdate(),'$website','$address','$other','$payment','$products','$email','$select1','$select2','$select3')";

    if (!mysql_query($sql,$link))
      {
      die('Error: ' . mysql_error());
      }
    echo "<br/><h2><font color='green' style='font-size:15px'>1 business         added</font></h2>";

    mysql_close($link);
}

    ?>

Answer 1

It's a common mistake that people encounter. In order to access the data stored in Database as it is Kindly follow the following format:

echo "<option>'".$catinfo[name]."'</option><br/>";

if you want value to stored in option use the following format:

echo "<option value='".$catinfo[name]."'>'".$catinfo[name]."'</option><br/>";

It will display data from database as it is. I hope it helps!

Answer 2

Place the value="$catinfo[name]" on your <option> tags so they look like this:

echo "<option value=\"".htmlspecialchars($catinfo['name'])."\">".$catinfo['name']."</option>";

Since you've omitted them, it's using whatever is in between the <option> tags by default and since there is no quotes around them, it determines the space as being the end of the value. By placing the actual value you want inserted into the database within the value attribute, you're distinctly telling it to use the full phrase between the quotes.

Also, remove the <br/> as you don't need to place breaks within a <select> element.