Niteshade

Re: Anti-sql injection function get_magic_quotes_gpc(); See what it does if enabled.

Re: Stop Cache Which version of internet exploder are you testing with?

Re: Basic Security Mesuares Is it an internal problem? Are you sure you don't have admins that are editing user stats?

Re: Stop Cache Something like this should work:   Header( "Last-Modified: " . gmdate( "D, j M Y H:i:s" ) . " GMT" ); Header( "Expires: " . gmdate( "D, j M Y H:i:s", time() ) . " GMT" ); Header( "cache-Control: no-store, no-cache, must-revalidate" ); // HTTP/1.1 Header( "cache-Control: post-check=0, pre-check=0", FALSE ); Header( "Pragma: no-cache" ); // HTTP/1.0   I didn't have a chance to test it however, but give it a try and let us know.

I see a lot of posts here concerned about sql injection. For the most part you will only fall victim to a sql injection if you allow it to happen. Any input that comes from a client needs to be considered untrusted and tested. This is a simple little function that I have used in a number of my scripts and seems to work well.   function cleaninput($data){ if(get_magic_quotes_gpc()) { $r = mysql_real_escape_string(trim(stripslashes($data))); } else { $r = mysql_real_escape_string(trim($data)); } return $r; }   To use just make a function call: $input = cleaninput($_POST['user_input']); $input = cleaninput($_GET['user_input'])); or this might work: foreach($_POST as $key=>cleaninput($val)) { ... } I forget where this came from, somewhere on the web but its worth adding to your code library.

Re: Help with count Not sure if this is what you mean but: $sql = mysql_query("SELECT COUNT(*) AS count FROM <table> WHERE field='$val'");   That what you are looking for?

Re: Phaos Game Engine The game looks good specially the kallen modded one, but it has serious balance issues in the battle system. If you seriously intend on running this as a live game, you will need to spend a lot of time working out the problems in the code.