[quote] What you currently have looks pretty secure. but if your password is apples, then someone probably already got it, that's a shitty password, try letter's and numbers, you have to remember if someone get's the apssword they can connect from your database even from another website, unless there was a firewall behind it, and even then they sometimes could. WHat I suggest, is if you haven't already create a good password. Something with letters, and numbers, starting with a letter though.[/quote] Yeah, it's just a password on a test server I have for developing, totally disconnected from the outside world, only I have physical access to it and there's not really much you can do with it even if you do get access to it ;D [quote]Also theres no need to use the htmlenties function with the mysql_real_escape_string.[/quote] Does mysql_real_escape_string escape HTML characters aswell then? [quote] However the layout of code could be better.[/quote] What do you mean?