>>11 Interesting. I guess I should give it more serious consideration.

htmlspecialchars: Ah, so that's the one I want. Yeah, another consideration is that if/when I allow uploads, it has to ensure that those filenames are clean. I don't want to "accidentally" run sha1sum bleh.jpg;cat /etc/passwd or something equally insidious. I think I can cover that, though.

Path Info: Ah, cool. Thanks for the tip. That'll be a bit tougher to perfect, but it's nice.

Next page button? Etto, I'll hack one up for you... it'll be broken, but will have the basic functionality.

Magic quotes: I'll learn about that.

Thanks for your help, everyone. I'll try and fix these nasty bits sometime today.