$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);

$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = PASSWORD('" .$password . "')";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

if (mysql_num_rows($result) == 0) {
echo "ERROR: Incorrect username or password!";
} else {
$_SESSION['auth'] = 1;
session_start();
setcookie("username", $username, time()+(84600*30));
include("memberMain.php");
mysql_close();
}

mysql_free_result($result);
mysql_close($connection);

hey guys..
thanks if you bother..
this is a snippet of the code i am creating for a project..
and i don't understand why it always shows the "Incorrect username or password" even though what i am inputting are correct..

i'll be grateful if you could point out where i am wrong..
this is on mysql/php/xml/javascript/html/css rolled into one project..
the last for the sem...

not sure myself just guessing here, but I think this could be the problem
$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = PASSWORD('" .$password . "')";

instead

$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" .$password . "'";


just wondering about this part PASSWORD('" .$password . "')";

tnx but it didn't work..
anyway..
i'll just have to check it over...

also try switching the quotes around placing the double quote first and single quote second

like

"' . $username . '"

instead of

'" . $username . "'

Try it this way ;) :


$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'";

tnx guyz...
i appreciated your efforts..
now, all i have to do is wait...