Login script help

[Stephen68]

Ok I am trying out PDO and was wondering if I am going about it the right way, as well as another question about page checking.

My login code is as follows

 

<?php
session_start();
//Get username and pass from form

$host = "host";
$db = "db";
$user = "user";
$pass = "pass";

try {
    $dbh = new PDO('mysql:host=$host;dbname=$db', $user, $pass);
    
//Make the prepared statment
$stmt = $dbh->prepare("SELECT user,pass FROM members WHERE user = ? AND pwd = ?");
     
 if ($stmt->excute(array($POST['user'],$_POST['pwd']))) {
	 //There is a user
	 $row = $stmt->fetch()
	 $_SESSION['user'] = $row['user'];			 
	 $client = md5($_SERVER['HTTP_USER_AGENT']);

       header("Location: index.php");

        }else {
		 header("Location: error.php");
        }		 

} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}


?>

 

Is this right or close to it? or am I way off base on this. The other question I would like to ask is checking at the top

of each page. What I was thinking on doing was just checking to see if the username session was set the the user agent

session matched. I'm not sure how good that would be, should I set the password to a session and then check the two

against what I have in the db on each page?

 

Any help would be great and thanks for taking the time to look at this for me.

 

Stephen