do you need to use mysql_real_escape_string on a remember me check box? is there any way the user could change the value? I guess it wouldn't hurt to do it anyways...