ok i was going to come back to this later BUT i cought someone snooping around my members area of the website im building so have had to tighten up security (membersarea not open yer!) so i have this upload script where user types in there data and uploads for the profile...but how can i make it nice and secure??

first i will just say on my form i display users data via this method

Code:
PHP Code:
<?php $qProfile "SELECT * FROM users WHERE id='$id'  ";
$rsProfile mysql_query($qProfile);
$row mysql_fetch_array($rsProfile);
extract($row);
$dob = ($dob);
$about_me = ($about_me);
$events = ($events);
$first_name = ($first_name);
$last_name = ($last_name);?><title>Update Image</title>
<? 
?>
<form id="FormName" action="include/updated.php" method="post" name="FormName">
<table width="523" border="0" align="center" cellpadding="0" cellspacing="2">
<tr><td width="150"><div align="right">
<label for="dob">Gender</label>
</div>
</td>
<td colspan="2"><select class="input" id="gender" name="gender"> 
<option value="Male" <?php if($gender == 'Male') echo 'selected'?>>Male</option>
<option value="Female"  <?php if($gender == 'Female') echo 'selected'?>>Female</option>
</select></td>
</tr>
<tr><td width="150"><div align="right">
<label for="about_me">About me</label>
</div>
</td>
<td colspan="2">
<textarea class="input" id="about_me" name="about_me" rows="4" cols="40"><?php echo $about_me ?></textarea></td>
</tr>
<tr><td width="150"><div align="right">
<label for="events">My events and pb's</label>
</div>
</td>
<td colspan="2">
<input class="input" id="events" name="events" type="text" size="25" value="<?php echo $events ?>" maxlength="255"></td>
</tr>
<tr><td width="150"><div align="right">
<label for="first_name">First name</label>
</div>
</td>
<td colspan="2">
<input class="input" id="first_name" name="first_name" type="text" size="25" value="<?php echo $first_name ?>" maxlength="255"></td>
</tr>
<tr><td width="150"><div align="right">
<label for="last_name">Last name</label>
</div>
</td>
<td colspan="2">
<input class="input" id="last_name" name="last_name" type="text" size="25" value="<?php echo $last_name ?>" maxlength="255"></td>
</tr>
<tr>
        </select>
     
        
    </p></td>
</tr>
<tr>
<td width="150"></td>
<td width="112"><input name="submitButtonName" type="submit" class="submit-btn" value="">
<input type="hidden" name="id" value="<?php echo $id ?>"></td>
<td width="253">&nbsp;</td>
</tr>
</table>
</form>

best check this is safe lol you never know

now the upload part

Code:
PHP Code:
<?php $id $_POST['id'];
$about_me $_POST['about_me'];
$events $_POST['events'];
$first_name $_POST['first_name'];
$last_name $_POST['last_name'];
$gender $_POST['gender'];
$birthyear $_POST['birthyear'];
$birthmonth $_POST['birthmonth'];
$birthday $_POST['birthday'];
$dob $birthday.'-'.$birthmonth.'-'.$birthyear;
 

$update "UPDATE users SET dob='$dob', about_me = '$about_me', events = '$events', first_name = '$first_name', gender = '$gender', last_name = '$last_name' WHERE id='$id' ";
$rsUpdate mysql_query($update);
if (
$rsUpdate)
{
echo 
"Update successful.";

?>

so can it be secured??