Mysql_fetch_array problem

[smc]

Ello,

Okay I'm making myself a login script (which how much success, who knows?) but I am getting a parse error I can't figure out:

Here is my code to the releavent portion

[code=php:0]
// This will translate the fields into variables PHP can use
$username = $_POST['username'] ;
$password = $_POST['password'] ;

//This will now load the config login information, connect to the DB, select the DB, and then search for a matching username
$cms_root_path = './';
include($cms_root_path . 'config.php');
$conn = mysql_connect ($dblocation, $dbusername, $dbpassword)
or die ("Sorry - I got lost and couldn't find the database. Please try back later.");
$result = @mysql_select_db("$dbdatabase", $conn)
or die("Sorry - the database decided to give me trouble. Please try back after I've put it in it's place.");
//This checks to see if there are any entries in the table users where the username matches the one just entered
$execute = mysql_query("select * from users where username=$username");
// or namenotfound();
//NOTE: SQL<MODIFIER> will represent the information retrieved from the database
while($row = mysql_fetch_array($execute)){
$sqlusername = $row["username"];
$sqlpassword = $row["password"];
$sqlfirstname = $row["first_name"];
$sqllastname = $row["last_name"];
$sqlposition = $row["position"];
$sqlrank = $row["rank"];
$sqlemail = $row["email"];
}

//Now we are going to make sure the password is correct, if it isn't then our custom function will return to the error page
if ( $password != $sqlpassword ){
wrongpassword();
}
[/code]

I get

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/een/public_html/login.php on line 58

when attempting to login and it returns with my wrongpassword(); function.

Help would be greatly appreciated!

[Jessica]

Firstly, @ surpresses errors, so I think having this
$result = @mysql_select_db("$dbdatabase", $conn) or die("stuff");
won't work, as no error could trigger the die.

You also don't need quotes around a var, so just $dbdatabase.
Take out the @ and see if you get an error?

Before trying to use $execute you also need to check if it exists, if anything was returned.

[smc]

Taking the @ out had no affect, the connection seems fine it seems to have a problem with the mysql_fetch_array() function

It returns the same error

[Orio]

Try adding single quotes around the variable in your sql statement:

[code]$execute = mysql_query("select * from users where username='$username'");[/code]

If that doesn't work, change it to:
[code]$execute = mysql_query("select * from users where username='$username'") or die(mysql_error());[/code]

Orio.

[smc]

I added the quotes as Orio recommended and I no longer get the error but the script still returns "That password does not match the username" ie. my wrongpassword(); function

Any ideas?

[Orio]

Are you sure both sides are in the same "condition"? What I mean by that is- both sides are hashed/un-hashed, both sides are escaped/unescaped, trimmed or not etc'

Orio.

[smc]

Not to my knowledge, I didn't do anything special.

Here is the file itself for reference

[smc]

Ah! I noticed my problem, in the db the column is pass, not password

Thanks for your help :)

However I fear a new topic may be arising since it doesn't look like my sessions are working