cheers for the advice with the boolean and else if code, it makes it cleaner and when programming i like it to be clean and tidy - nice one!

as for the sql injection, I've been using eregi to filter out unwanted characters, realised its obsolute and not in the process of checking and replacing with preg. It seems to be sound but as with pascal, theres so much I odn't know it woudl be easy to make a silly mistake.