thelist-admin at lists.evolt.org wrote: > --- Jason Handby <jasonh at pavilion.co.uk> wrote: >> Why not do >> >> SELECT password, username FROM reguser WHERE username = >> '$username' AND password = '$password' >> >> > Hi Jason, While we speak about authentification scripts : Be sure to check this article on login scripts (it's an asp example but related to SQL Injection Attacks) http://www.4guysfromrolla.com/webtech/061902-1.shtml Matthieu