once again im stumped

I have searched online and tried myself to solve this, but i cant, again im stuck!

I have the following code:

$result=mysql_query("SELECT * FROM sb_members WHERE pass = '$password' AND user = '$username'");

if(is_object($result)){
echo('Ur IN'); }else{
echo $password;}

For some reason it does not work right. I made a test acount and i can login. I believe it may be my SQL syntax, mayby something is wrong on there? or perhaps its the is_object? Can anyone show me how this can be done or give me an example or something that works???


I have also tried using user, pass instead of *. I store the Login username and pass in 2 rows called User and Pass.

to add on to this issue this is more code:


$user=$_POST['user'];
$password=$_POST['ps'];
if(empty($user) || (empty($password))){
echo('Invalid Password of Username, Please Check your Username and Password.');
}else{


//Check login Against Databse, If succesful create a cookie and redirect to admin page

include("../../include/db.php");

$password=md5($password);
$result=mysql_query("SELECT user, pass FROM sb_members WHERE pass = '$password' AND user = '$user'");
if(is_object($result)){


echo('Ur IN');
}else{
echo $password;
echo $user;
}




For some reason even when i get an invalid login, it will echo me the md5 password but not the username, its as if the username disappears!

Okie, please ignore the top, there is something wrong with the way im vlaidating it. Is there an alternative to:

if(is_object($result)){


echo('Ur IN');
}else{
}


????

Right now i have:


$usern=$_POST['user'];
$password=$_POST['ps'];
if(empty($usern) || (empty($password))){
echo('Invalid Password of Username, Please Check your Username and Password.');
}else{


//Check login Against Databse, If succesful create a cookie and redirect to admin page

include("../../include/db.php");

$password=md5($password);
$result=mysql_query("SELECT user,pass FROM `sb_members` WHERE pass = '$password' AND user = '$usern'");
if(is_object($result)){


echo('Ur IN');
}else{
}




}


Can somone help?

Try just if($result).

that validates it no matter what i type in and submit, i need to cmpare it against the info the user signed up with.

Gotcha. I thought you were just testing to see if you got a valid return. You'll need to use mysql_fetch_array() or one of the related functions in order to actually retrieve your results and validate data. Your logic flow should be basically: If there's a result (or no error), retrieve the rows and compare them to your submitted values; else print an error. You'll probably still want to eschew the is_object() call. I recommend jumping over to php.net, searching for the mysql_query() function, and browsing the functions that'll appear on the left-hand side of your screen to familiarize yourself with what's available to you. I often find useful things I hadn't known about by doing just this sort of treasure hunt.