> I disagree, you can restrict access to SELECT only
Sure, but no access is much more secure than restricted access.
> and plus
> any normal form
> on a web page has access to a DB in much more insecure ways
> (SQL injection,
What you consider insecure should not been written directly to
a database. The form is processed by a server-side executable
which should check incoming data before writing.
> and as I said, it must be a 'real-time' progress meter without
> refreshing the .php/.html page.
Of course it is not:) As Flash is not. Nothing client-side is able
to without something server-side. But it is able to connect to a
server and therefore able to load data from there. Only makes
sense with http-connections - what result in some kind of refresh -
but refreshing the whole page is not needed.
Considering Flash you should have a look at