On Sunday 09 April 2006 22:45, Matt Warden wrote: > <table> > <tr> > <td bgcolor="#<?php echo (empty($_GET['color']) ? '339933' : > $_GET['color']); ?>"> > > This will give you the default color of #339933, unless there is a > query string variable named 'color': It might be worth mentioning that this will open you up to a cross-site scripting vulnerability, where a attacker could read and change the cookies from your domain, or create fake login forms under your URL. It is always safer to check whether the data passed into your script has the format you are expecting. Something like this might work: <table> <tr> <td bgcolor="#<?php echo ((strlen($_GET['color'])==6) ? $_GET['color'] : '339933' ); ?>"> Although i haven't tested it. You probably know all this anyway, but I thought it worth pointing out for those who don't. Richard.