mmh, i am really stuck here. the GET and POST thing distracts me from the real problem I suppose. Can someone please confirm that this is not the issue? I found some things which I think make this script vulnerable to exploitation but every ansewer I tried was not successful. maybe someone can point...