I didn't look into your problem, but I want to mention one thing that stands out to me.
--- Frank Tudor <[EMAIL PROTECTED]> wrote: > $query="SELECT payment FROM payment WHERE > dln='".$_POST["dln"]."' = payment.dln='".$_POST["dln"]."' and > users.password='".$_POST["password"]."'"; Never, ever build an SQL query using data directly from the client. You place yourself at the mercy of every user of your site and their creative potential. This code constitutes a security vulnerability. Filter all data, assign it to another variable (so you know it has been filtered), and then build your query using the filtered data: $clean['dln'] = ''; if ($_POST['dln'] looks like a valid value) { $clean['dln'] = $_POST['dln']; } $sql = "... {$clean['dln']} ..."; Something similar to that anyway. Hope that helps. Chris ===== My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php