Ok. Let me take a step back here and explain what I am trying to accomplish. I have been doing tutorial after tutorial trying to come up with a semi-secure login script for my website. I found bits and pieces that I liked from multiple sources. I believe I have everything working so far minue the registration code, which is what I have been posting about. I did remove some code from it, but I will now post it in its entirety. I really do appreciate the help. Thanks. [code]<? require_once($_SERVER['DOCUMENT_ROOT'].'/db_connect.php'); //SEE IF ALREADY LOGGED IN if($_SESSION['logged_in'] == 1) { //REDIRECT TO HOMEPAGE header('Location: http://' . $_SERVER['HTTP_HOST'] . ''); } else { if(isset($HTTP_POST_VARS['submit'])) { //BEGIN CHECKING USERNAME... if(!$_POST['username']) die('Alert: username field was blank.'); //array of invalid characters $junk = array('.', ',', '/', '`', ';', '[', ']', '-', '_', '*', '&', '^', '%', '$', '#', '@', '!', '~', '+', '(', ')', '|', '{', '}', '<', '>', '?', ':', '"', '='); //starting lenght of username $len = strlen($_POST['username']); //replace invalid characters $_POST['username'] = str_replace($junk, '', $_POST['username']); $test = $_POST['username']; //if lenghts are different ($len smaller), invalid characters found, so prompt error. if(strlen($test) != $len) { die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the underscore (_).'); } //Check if username already exists... $q2 = mysql_query("SELECT * FROM `members` WHERE `username` = '".$_POST['username']."'"); $q3 = mysql_fetch_object($q2); if($q3->username == $_POST['username']) { die('<BR><BR>Sorry, but the username "'.$q3->username.'" is taken, please choose another.'); } //PASSWORD if(!$_POST['password']) { die('Error: Password field was blank'); } if(!$_POST['verify_password']) { die('Error: Verify Password field was blank.'); } if($_POST['password'] != $_POST['verify_password']) { die('Error: The passwords do not match.'); } if(strlen($_POST['password']) < 6 ) { die('Error: Your password is too short. Must be 6 or more characters in length.'); } //ADD NEW MEMBER $insert ="INSERT INTO `members` (username, user_password, user_email) VALUES ('".$_POST['username']."', '".md5($_POST['password'])."', '".$_POST['email']."')"; $insert2 = mysql_query($insert); if(!$insert2) die(mysql_error()); echo('Registration Successful, Welcome new member! You can now login to your new account. <a href=\login.php\>Login</a>"'); } else { ?> <table> <form name="signup" action="<? $_SERVER['PHP_SELF']; ?>" method="POST"> <tr> <td>Username: <BR> (only A-Z, 0-9 and _ Allowed)<BR></td> <td><input type="text" id ="username" name="username" value="" maxlength="30"> <BR></td> </tr> <tr> <td>Password:</td> <td><input type="password" id="password" name="password" value="" maxlength="30"><BR> (minimum 6 characters)</td> </tr> <tr> <td>Verify Pass:</td> <td><input type="password" id="verify_password" name="verify_password" value="" maxlength="30"><BR> </td> </tr> <tr> <td>Email:</td> <td><input type="text" id="email" name="email" value="" size="30"><br></td> </tr> <tr> <td>Click to Complete Signup:</td> <td><input type="submit" id="submit" name="submit" value="submit"></td> </tr> </form> </table> <? } //end not logged in } //end submit not pressed ?> [/code]