(Only other check on $_POST['username'] is to make sure it isn't empty which it is after trim on a white space only name) The problem here is that it is left to default which allows single quote marks which are used in the sql query. Turning on magic quotes might fix it but yo...