Just wondering how many of you actually use any type of secure coding when doing form processing. I'm guilty of not doing it all the time myself, but I'm trying to get into the habit of doing so. For example, I don't want someone else modifying a form to auto-post values to my handler, so I would use: <? if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { // This is a safe POST } elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) { die("Illegal access. Your IP has been logged.\n"); } ?> That's one method.... any other thoughts on that part? Then, once the data is there, I try to remember to use addslashes(), htmlspecialchars(), and other functions (as well as some I've written myself over the years) to handle the data properly and securely when inserting it into a database or processing it on anything more than a bare, basic level. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107