I have a form on say page1.php that submits to page2.php which further submits the data into a mysql database. Now, the form on page1 has a textbox where users can submit long post-like bits of information. But, I want all of the line breaks and tabs and such to be preserved, but when I use the <*pre*> tag, no matter what tag it's within (such as a div with a specified width via CSS), it still runs off the side of the page. Now, I try to make it so that on page2 there is a specified width on the pre tag (such as <*pre width='80'>) which is claimed to limit the text, but when submitted to the database mysql gives me an error :shiftyr:. I've racked my brain and I can't think of a solution, what can I do to keep the text from running off the side of the page?

I have a form on say page1.php that submits to page2.php which further submits the data into a mysql database. Now, the form on page1 has a textbox where users can submit long post-like bits of information. But, I want all of the line breaks and tabs and such to be preserved, but when I use the <*pre*> tag, no matter what tag it's within (such as a div with a specified width via CSS), it still runs off the side of the page. Now, I try to make it so that on page2 there is a specified width on the pre tag (such as <*pre width='80'>) which is claimed to limit the text, but when submitted to the database mysql gives me an error :shiftyr:. I've racked my brain and I can't think of a solution, what can I do to keep the text from running off the side of the page?

If I could see the code, I may be able to help.

Its not really a matter of being able to change the code, but your wish is my command:

Here is the snippet of the form code:
case 'newthread':
if (isset($_COOKIE["uname"])) //uname1
{
$una = ($_COOKIE["uname"]);
$find = mysql_query("SELECT name FROM users WHERE nameencrypt='$una'") or die(mysql_error());
$found = mysql_fetch_array($find,MYSQL_ASSOC);
$name2 = $found['name'];

$findlevel = mysql_query("SELECT level FROM users WHERE name='$name2") or die(mysql_error());
$userlvl = mysql_fetch_array($findlevel,MYSQL_ASSOC);
if ($userlvl['level'] > 2){
echo "<div class='newthread'>Write a Thread<br><a href='?' class='smallfont'>back</a><br><br><form action='?d=dothread' method ='post'>";
echo "Title: <br><input type='text' name='title'><br> Message:<br>";
echo "<textarea name='body' rows='20' cols='50'></textarea><br>";
echo "<br>Select the forum you would like to submit thread to: <br><select name='where'>
<option value='1' selected='selected'> Members Forum
<option value='2'> Staff Forum
</select><br>";
echo "<br><input type='submit'></form></div>";

And the processing:
case 'dothread':

$una = ($_COOKIE["uname"]);
$find = mysql_query("SELECT * FROM users WHERE nameencrypt='$una'") or die(mysql_error());
$found = mysql_fetch_array($find,MYSQL_ASSOC);
$nameman = $found['name'];
$level = $found['level'];

$title = htmlspecialchars($_POST['title']);
$where = ($_POST['where']);
// This filters out any unwanted tags
$body = htmlspecialchars($_POST['body']);
// This adds the <pre> tags to preserve the spacing and line breaks
$body = "<pre>" . $_POST['body'] . "</pre>";
if (strlen($title) > 4 && strlen($body) > 5){
mysql_query("INSERT INTO Forum (title, poster, body, level) VALUES ('" . $title . "','" . $nameman . "', '" . $body . "', '" . $where . "')") or die(mysql_error());
echo "Thread created. <br> <a href='?f=" . $where . "'> Continue </a>";}

And the code that shows the inserted information:
$threadid = $threaded['id'];
$geen = $threaded['poster'];
$una = $_COOKIE['uname'];
$find = mysql_query("SELECT * FROM users WHERE nameencrypt='$una'") or die(mysql_error());
$found = mysql_fetch_array($find,MYSQL_ASSOC);
$nameman = $found['name'];
$level2 = $found['level'];

// Doing all the thread info selecting
$moo = mysql_query("SELECT * FROM users WHERE name = '$geen'") or die(mysql_error());
$userdetails = mysql_fetch_array($moo,MYSQL_ASSOC);
echo "<div class='threadcontainer'><div class='namebox'><b><a href='members.php?u=" . $userdetails['id'] . "'>" . $threaded['poster'] . "</a>" . "</b><br><div class='smallfont'><i>" . $userdetails['rank'] . "</i></div><br>" . $userdetails['char1'] . "</div>";
echo "<div class='threadspace'><b>" . $threaded['title'] . "</b><div class='alignright4'><form action='?d=newreply' method='post'><input type='hidden' name='thethreadid' value=" . $_REQUEST['t'] ."><input type='submit' value='Reply'></form></div>";
echo "<hr class='threadhr'><br>";
// and here is where the <*pre> stuff is displayed:
echo $threaded['body'] . "</div><div>";

And here is what it looks like:
http://pyrom.net/temp/errors.jpg

$una = ($_COOKIE["uname"]);
$find = mysql_query("SELECT name FROM users WHERE nameencrypt='$una'") or die(mysql_error());


There's a potential security hole in that code. If the user modifies his cookie so his uname is "'; DROP DATABASE;" then he will have just deleted your entire database (assuming the user account associated with the DB has the DROP privilege).

Allright, thanks for the tip. How would I prevent this, and are there any other commands someone could initiate that could cause harm to the database via this 'hole'? Mind, I need to keep the code the same... possibly inserting code at the top of each page that checks the data of the cookie to make sure it doesnt contain any harmful commands, as well as within any form that deals with the database?

Here's a small input cleanup function I wrote. It's probably not 100% bullet-proof, but I haven't had any problems with it. It also cleans up HTML input to prevent cross site scripting attacks. (for example, replace <script> with &lt;script&gt;)

function clean_input($string)
{
if(get_magic_quotes_gpc())
$string = stripslashes($string);
return htmlentities(mysql_real_escape_string($string));
}

Okay, got it. Thanks ^_^.

On to the present problem- preserving spacing but keeping a defined width?
The following code doesnt work:

div.threadspace pre
{
width: 600px;
}

Maybe a table?

Generally you can try "max-width: 600px" I believe, but I think it might be a css2 specification.

That, or specify it like:

width: 600px;
overflow: hidden;


or some such.

-Neo

To my knowledge, overflow just cuts it off, I want to actually be able to see the text. But, I'll try max width now...

edit:
Nope :/. (Late response, got a little sidetracked)

Okay, I found the answer. It's not through CSS, but through PHP. When displaying the information, it is within <p> tags, but the variable that holds the data is put through the php function "nl2br()", which replaces all the newlines with <br>'s but stays within the desired width.

you might also want to insert linebreaks to long lines, sorry but i dont have example code of how to do this.