At 05:58 PM 2/2/2002, Dave Stevens wrote: >$sql = "SELECT * FROM customers WHERE username=$username"; > > $result = mysql_query($sql); Why not embed the password check into the SQL?? SELECT * FROM customers WHERE username=$username AND password=$password The check the $result returned. If you have data, then the password and user name matched. Also you need to "escape" the data being passed from the user's form, so that you can limit the "bad guys" from mucking with your server. The Perl DBI has a autoquoting function, PHP should have the same thing there some where. --- Anthony Baratta President Keyboard Jockeys "Conformity is the refuge of the unimaginative."