Nicely done Robert.

I've got a few questions/hints/tips,

1. What do you exactly mean by this?
"Secure against most types of web attacks."

2. I'm not sure if this is relevant for your script, but please make sure that sql injections such as "0.1,tablefield=value" can not be done.

3. Try to create all your queries on top of the page. Not certain if you are/aren't doing this yet.

4. Make your site xhtml valid, you should standardize this for every website/script/code you create. http://validator.w3.org/check?uri=ht....com%2Fblog%2F

5. Make your code that it validates whether the server posted or not, if you will not do this, I will be able to run forms from my pc into your database.

Further, keep up the good work

If you'd like to know any information about anything, you can ask me