Guys, I just managed to "hack" into one of my older authentication scripts (in ASP) by typing: x' or 1=1 -- in the user field. On the newer scripts (PHP) it didn't work. I guess it also depends on the way the SQL query is formulated... Anyone come across this before? What do you think about it? Nedret