if($username==NULL{???????????? Won't work :( Thanks.

[deadimp]

If you're looking to check for a valid POST submission (meaning the actually submitted data) then use key_exists() (it's actually array_key_exists(), but I like the shorthand). That way, it can tell the difference between no submission and a submission with a blank username.

Also, you're first checking if some random user has that name, and then if some other user, maybe the same one, has that password, then you're checking if some random user has both the name and the password. Do you see a bit of redundancy here? You can water that down to just one query to check for a valid login. I would also suggest that you compare username / password using binary (ie. "where binary `name`='...' and binary `pass`='...'") so that it's case sensitive (though I doubt the password hashes could collide due to caseless matching).

Another thing I realized as I was typing this, you're checking to see if there is only one result for those two queries, and then you use that to see if you should go on. That's bad if two or more users have the same password, because then the rows returned by the password-only match (that shouldn't be there) would be greater than one. Just use the simple statement, "if (mysql_num_rows($result))", where it means that there is a non-zero (meaning it could be negative, but not a possible return) amount of rows.