ecce

That's exactly how I did it, and every time the message popped up twice. But I'll have another look at it I think... it feels better that using URIs to send data to client.

...and that the char_identifier needs to be quoted. Sorry... my bad.

It's ugly. And it gets quite messy when you want to display a range of messages. mod_rewrite may also prevent GET from being a suitable solution. I've tried setting message info in $_SESSION. When the page is displayed, the $_SESSION is checked and if not empty the message is displayed, and the deleted from $_SESSION. However, this resulted in a very wierd behaviour. The $_SESSION flag is not deleted until the page is loaded for the second time (???). Result: the message is showed twice. I guess the zend engine tries to be clever and does some kind of out-of-order execution or something...

This is what I use: 0. Sanitise input. addslashes() or whatever you like. If someone would like HTML code as password - why not? 1. Generate a salt, with something like $salt = hash('sha256', microtime()); 2. Add salt to the chosen password. $password = $input_password.$salt; 3. Hash it. $pass_hash = hash('sha256', $password); 4. Store $pass_hash and $salt. Hashing protects you if someone dumps your user database. Don't forget the UNENCRYPTED TRANSFER of password... webmasters normally ignores the importance of buying a valid SSL certificate.

I'm looking for a nice, simple way to handle postbacks and specifically messages to the user when the postback work is done. This is my main three-step "procedure" at the moment: - Form send postback data - postback is handled before any output at the beginning of the sites scripts. - When done, header() forwards the user to the same URL, so the user ends up on the same page, but without the warning of sending post data again if the user refreshes the page. Now, I want to show a message box, like "User data saved" or "An error occured". Any suggestions on how to get the success/error messages to the user (preferably without using GET variables like file.php?success=1)?

You need to surround cart_identifier with single quotes ('). It's a CHAR i guess? $num_items = mysql_result(mysql_query("SELECT COUNT * as items FROM shopping_cart WHERE cart_identifier = '".mysql_escape_string($cart_id) .'"),0);