html escaping fix

diff --git a/tables.php b/tables.php
index 1bb8de00949c8adb35cb84165c3cd6fe2cbb8215..82c24da5c0153e012ec98348889635bb8791d7b2 100644 (file)
--- a/tables.php
+++ b/tables.php
@@ -3,7 +3,7 @@
        /**
         * List tables in a database
         *
-        * $Id: tables.php,v 1.16 2003/04/21 06:36:23 chriskl Exp $
+        * $Id: tables.php,v 1.17 2003/04/23 08:18:45 chriskl Exp $
         */
 
        // Include application functions
@@ -184,7 +184,7 @@
                                        $id = (($i % 2) == 0 ? '1' : '2');
                                        echo "<tr>\n";
                                        echo "<td class=data{$id} nowrap>";
-                                       echo "<input type=checkbox name=\"show[{$attrs->f['attname']}]\"",
+                                       echo "<input type=\"checkbox\" name=\"show[", htmlspecialchars($attrs->f['attname']), "]\"",
                                                isset($_REQUEST['show'][$attrs->f['attname']]) ? ' checked' : '', "></td>";
                                        echo "<td class=data{$id} nowrap>", htmlspecialchars($attrs->f['attname']), "</td>";
                                        echo "<td class=data{$id} nowrap>", htmlspecialchars($attrs->f['type']), "</td>";