diff --git a/ChangeLog b/ChangeLog
index 170ff28eb..2c0ed20c2 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2002-09-04 Loīc Chapeaux  <lolo@phpheaven.net>
+    * tbl_change.php3: protect with backquotes
+
 2002-09-03 Marc Delisle  <lem9@users.sourceforge.net>
     * tbl_change.php3: drop-down for foreign keys, patch 603939,
       thanks to markus at noga.de
diff --git a/tbl_change.php3 b/tbl_change.php3
index 35d0fa1dc..3457de8a3 100755
--- a/tbl_change.php3
+++ b/tbl_change.php3
@@ -138,7 +138,7 @@ else
 // <markus@noga.de>
 // retrieve keys into foreign fields, if any
 $cfgRelation = PMA_getRelationsParam();
-$foreigners  = PMA_getForeigners($db,$table);
+$foreigners  = PMA_getForeigners($db, $table);
 
 /**
  * Displays the form
@@ -370,38 +370,37 @@ for ($i = 0; $i < $fields_cnt; $i++) {
     // selection box for foreign keys
 
     // lem9: array_key_exists() only in PHP >= 4.1.0
-    // if(array_key_exists($field,$foreigners)) {
+    // if (array_key_exists($field, $foreigners)) {
 
     if (isset($foreigners[$field])) {
-        $foreigner      =$foreigners[$field];
-        $foreign_db     =$foreigner['foreign_db'];
-        $foreign_table  =$foreigner['foreign_table'];
-        $foreign_field  =$foreigner['foreign_field'];
-        $foreign_display=PMA_getDisplayField($foreign_db,$foreign_table);
+        $foreigner       = $foreigners[$field];
+        $foreign_db      = $foreigner['foreign_db'];
+        $foreign_table   = $foreigner['foreign_table'];
+        $foreign_field   = $foreigner['foreign_field'];
+        $foreign_display = PMA_getDisplayField($foreign_db, $foreign_table);
 
-     // FIXME: not using foreign_db
-        $dispsql= "SELECT $foreign_field,$foreign_display FROM $foreign_table";
+        $dispsql = 'SELECT ' . PMA_backquote($foreign_field) . ', ' . PMA_backquote($foreign_display)
+                 . ' FROM ' . PMA_backquote($foreign_db) . '.' . PMA_backquote($foreign_table);
+        // lem9: put a LIMIT in case of big foreign table (looking for better
+        //       solution, maybe a configurable limit, or a message?)
+        $dispsql .= ' LIMIT 100';
+        $disp    = PMA_mysql_query($dispsql);
 
-     // lem9: put a LIMIT in case of big foreign table (looking for better
-     //       solution, maybe a configurable limit, or a message?)
-        $dispsql .= " LIMIT 100";
-        $disp   = PMA_mysql_query($dispsql);
-        echo '<td bgcolor="$bgcolor">' . "\n";
-        echo '    <select name="fields[' . urlencode($field) .  ']">' . "\n";
+        echo '        <td bgcolor="' . $bgcolor . '">' . "\n";
+        echo '            <select name="fields[' . urlencode($field) .  ']">' . "\n";
         while ($relrow = @PMA_mysql_fetch_array($disp)) {
-            $key  =$relrow[$foreign_field];
-            $value=$relrow[$foreign_display];
-            echo '        <option value="' . $key. '"';
+            $key   = $relrow[$foreign_field];
+            $value = $relrow[$foreign_display];
+            echo '            <option value="' . urlencode($key) . '"';
             if ($key == $data) {
-               echo ' selected="selected" ';
+               echo ' selected="selected"';
             } // end if
-            echo '>' . $key . '-' .  $value. '</option>' . "\n";
+            echo '>' . htmlspecialchars($key) . '-' .  htmlspecialchars($value) . '</option>' . "\n";
         } // end while
-        echo '    </select>' . "\n";
-        echo '</td>' . "\n";
-    } else
-
-    if (strstr($row_table_def['True_Type'], 'text')) {
+        echo '            </select>' . "\n";
+        echo '        </td>' . "\n";
+    }
+    else if (strstr($row_table_def['True_Type'], 'text')) {
         ?>
         <td bgcolor="<?php echo $bgcolor; ?>">
             <?php echo $backup_field . "\n"; ?>
