Description:
When running a query in the mysql monitor with the --xml command line switch, the created xml may not be well-formed.
At least in 4.1.10 and below, only the characters & (ampersand) and < (less than) are escaped in the results if present in any of the field values.

XML has three more entities that need to be escaped: 
> (greater than) has to be &gt;
" (quote) has to be &quot;
' (apostroph) has to be &apos;

Other annoying characters like ASCII 11 etc. could also be escaped to reduce problems with numerous xml parsers.
This should at least work with ISO-8859 and UTF-8.
Don't know what consequences it will have when using other character sets.
But the current version also does not seem to care about the current character set.

How to repeat:
CREATE TABLE foo (valuez VARCHAR(40));
INSERT INTO foo (valuez) VALUES ('<broken> "foo & bar" </broken>');

mysql -u root --xml -e "SELECT * FROM foo"

Suggested fix:
The xmlmeta array in client/mysql.cpp should be extended from:

static const char *xmlmeta[] = {
  "&", "&amp;",
  "<", "&lt;",
  0, 0
};

to at least

static const char *xmlmeta[] = {
  "&", "&amp;",
  "<", "&lt;",
  ">", "&lt;",
  "'", "&apos;",
  "\"", "&quot;",
  0, 0
};

Encoding ", ', and > is not a requirement for well-formed XML. See section 2.4 of the XML 1.0 (Second Edition) specification.

However, the mysql client has already been changed in 5.0 to always encode > and ".

A value like ASCII 11 cannot be included in XML, even as a numeric entity like &#xb. See section 4.2 of the XML specification.

xml header as <?xml version="1.0"?> means that use encoding=UTF8 (or UTF16) by default. MySQL does not support this requirement.

Try to run command for distribute database
mysql.exe" -e "use world; select * from country where Code='VAT'" --xml > c:\temp\0000052.xml

and open result in Chrome. You get error message
"error on line 16 at column 14: Encoding error"

This is bug - output data to a xml file in the form in which they are stored in the database. Data must be encoded in UTF8