Please explain to me..

[SiKing]

Hi. Please explain to me why the hell PHP is ignoring 'AND password='$password'' in the following:

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$id=mysql_result($query,0,"id");

When signing into my site, I can log in with ANY password. I have looked at my database and the password is set at ONE password.

 

[Eric]

Hmm, not sure, but try this instead.

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); 
$id = mysql_query($query,0,"id");

 

[SiKing]

Didn't work. It must be something to do with the password check