Can anyone make me this?

[aznjay]

[code]
$blah2 = $_POST['user'];
$blah = $_POST['pass'];
$something=date("F j, Y");

$result = mysql_query("SELECT * FROM users WHERE username = '" . $blah2 . "' AND password = '" . $blah . "'");

$co = 0;while($r = mysql_fetch_array($result))
{
$co ++;
$item_name = $r["item_name"];
$item_id = $r["item_id"];
}
if($co != 0)
{
print "error you dumbass, wrong password and or username!";
} else
{

echo "$item_name";

}
[/code]

Okay what I'm trying to do is to check if there is user in the database but it seem to be not work...so yeah can anyone make me a new script or fix this one?

[btherl]

[code=php:0]$user = $_POST['user'];
$pass = $_POST['pass'];
$something=date("F j, Y");

$user = mysql_real_escape_string(urldecode($user));
$pass = mysql_real_escape_string(urldecode($pass));

$result = mysql_query("SELECT * FROM users WHERE username = '" . $user . "' AND password = '" . $pass . "'") or die(mysql_error());

$co = 0;
while($r = mysql_fetch_array($result))
{
$co ++;
$db_user = $r['username'];
$db_pass = $r['password'];
}
if($co != 0)
{
print "error you dumbass, wrong password and or username!";
} else
{

echo "$db_user password correct";

}[/code]


Hope that helps :)