A Note On Security:

Take EVERYTHING said about security VERY seriously. Even using taint mode, and other cautious measures, crackers have a truck load full of tricks and can make your script do *many* things if you are not *very* careful.

If I were you, I would look around for a more secure way to do this, and if and only if you do not find a better way, then I would move forward, as making theis script secure in the current way you're doing it would be very hard for a beginner. If you decide to go on with, remember that a cracker could easily change values (param()s) passed to your script even if you're using the POST method. They could pass null bytes which might make it through your taint checking, but go through to the underlying c as everything up to the null byte (look around the web for details). This is just one example of something that you should take into consideration.

Now that I've successfully blabbered my head off, I have two words to say: be careful.