$menunaam = "Lazy Dog"
$resultmenus = mysqli_query($dbc,"SELECT menunaam FROM prijslijst WHERE menunaam='$menunaam'");
$row = mysqli_fetch_array($resultmenus,MYSQLI_ASSOC);
echo "<input type=\"hidden\" class=\"mnu\" name=\"mnnm\" value=".htmlspecialchars($row["menunaam"]).">";
This outputs
<input class="mnu" type="hidden" Dog="" value="Lazy" name="mnnm">
Then when i change it like this it works fine (with extra single quotation marks added):
echo "<input type=\"hidden\" class=\"mnu\" name=\"mnnm\" value='".htmlspecialchars($row["menunaam"])."'>";
Then i get a new problem. When i use a variable with the content: $menunaam= "lazy's"
<input class="mnu" type="hidden" s'="" value="lazy" name="mnnm">
Whats wrong with:
echo '<input type="hidden" class="mnu" name="mnnm" value="'.htmlspecialchars($row["menunaam"]).'">';
or better yet:
printf('<input type="hidden" class="mnu" name="mnnm" value="%s">', htmlspecialchars($row["menunaam"]));