Here&#039s what you can do: Have them specify their UserName either in an input field or captured from a session. If it&#039s in an input field, have the action of the form go back to newpassword.asp and use the following code in a case select.<BR><BR>sql = "SELECT * FROM Passwords WHERE (UserID=&#039" & Request("UserName")<BR>sql = sql & "&#039) AND (Password = &#039" & Request("Old Password") & "&#039);"<BR>Set RS = Conn.Execute(sql)<BR><BR>IF Not RS.EOF THEN<BR>IF RS("ChangePassword") = -1 THEN<BR>If Request("New Password") = Request("Confirm Password") Then<BR>sql= "UPDATE Passwords SET "<BR>sql = sql & "Password=" & CheckString(Request("New Password"), ", ")<BR>sql = sql & "MaintDate=#" & Date() & "# "<BR>sql= sql & "WHERE (UserID=&#039" & Request("UserName") & "&#039);"<BR>Conn.Execute(sql)<BR><BR>If Request("From") &#060;&#062; "" Then Response.Redirect Request("From")<BR>&#039If Session("LoggedIn") = "Yes" THEN Response.redirect "./menu.asp"<BR>Response.redirect "/"<BR><BR>ELSE<BR> MSG="New Password is Not Confirmed"<BR>END IF<BR><BR>ELSE<BR> MSG="This Password Cannot Be Changed"<BR>END IF<BR><BR>ELSE<BR> MSG="Username or Old Password is Incorrect"<BR>END IF<BR><BR>Hope it helps