AStrangerWCandy

TY for the responses on both, very helpful especially with the numrow tidbit and avoiding usernames in $_SESSION

I'm trying to create a site that has logins and stores the login information in the user's session data. Basically self taught PHP from PHP for Dummies and then Learning PHP 5 from O'Reilly. Here is the code snippet from a function I've written for validating whether the information submitted in the login box exists and matches whats stored in the mysql database. Just wondering from people who know better than I if this looks like it should work (I haven't created the Tables and whatnot yet) or if I'm just headed in the wrong direction: //Query the database to make sure username/password entered are valid and matchup $sql2 = "SELECT userName FROM Users WHERE userName='$_POST[username]' AND passWord='$_POST[password]'"; $sql3 = "SELECT passWord FROM Users WHERE userName='$_POST[username]' AND passWord='$_POST[password]'"; $result1 = mysql_query($sql2); $result2 = mysql_query($sql3); $users = array('$result1' => '$result2'); //Makes sure username is valid if (! array_key_exists($_POST['username'], $users)) { $errors[] = 'Please enter a valid username and password.'; } return $errors; }