You use $submit, $ data, etc etc but haven't assigned any values to them. I'm guessing that these are values from your HTML form. If os, you need to access them using the superglobals $_POST or $_GET (depending on whether your form is submitted vi GET or POST. So instead of [b]$submit[/b], you need to use [b]$_POST['submit'][/b] for example. Using form variables directly is a very, very danegrous security hole, as it allows users to inject variables which you weren't planning on into your code. For example look at this - assuming you have a checkUsernamePassword function which will validate a username and password against your user database, and $username and $password are submitted via form. [code] <?php if checkUsernamePassword($username, $password){ $loggedinOK = TRUE; } if ($loggedinOK){ //Display some sensitivie information here }else{ echo "Go away, I'm not telling you my secret."; } ?> [/code] This checks the username and password and only proceeds if they check out. Except they also introduce a vulnerability. What if I called this php script, passing in the following values - username:"me", password:"secret", loggedinOK:"1" I would fail the username and password check, but that wouldn't matter because I've manually inserted a value for the otherwise uninitialised variable $loggedinOK, which tricks the system into believing that I''ve logged in OK. Sure, I could ensure that all variables are properly initialised, but as you start to use third-party code, open source libraries etc, this gets more and more difficult to ensure. So, PHP allows you to set a config switch which tells it whether or not to automatically make form data available as global variables. This fleg is called REGISTER_GLOBALS and it is very, very bad practice to set this to true. If REGISTER_GLOBALS was turned off, then your ill-intentioned visitor couldn't force in the value of $loggedinOK. When he failed to log in, the variable would be uninitialiased and the if statement would fail, keeping him away from the sensitive data. How do you then access the username and password values in order to checkthem? As per the following example: [code] <?php if checkUsernamePassword($_POST['username'], $_POST['$password']){ $loggedinOK = TRUE; } if ($loggedinOK){ //Display some sensitivie information here }else{ echo "Go away, I'm not telling you my secret."; } ?> [/code] All of which is my way of telling you that it looks like your local server may have REGISTER_GLOBALS turned on, and your web server may have it turned off. Check your php.ini file for details. J