login problems

[dazz_club]

Hi,Im trying to set up a simple login problem but my script keeps informing me that i have the wrong username or password.Here is my hml form

<form method="post" action="login.php">	<ul class="form">		<li>Please enter your name: <input type="text" name="username" id="username"></li>		<li>Please enter reference password: <input type="password" name="password" id="password"></li>		<li><input type="submit"  name="submit" value="submit"   title="submit" ></li>	</ul>	</form>

and here is the code for the logn script

<?phpsession_start();require_once 'includes/connection.php';// check that the form is submittedif(isset($_POST['submit'])){	// validate username	if(isset($_POST['username']) && !empty($_POST['username']))	{		// use the built in mysql real escape string function to protect agains SQL Injection		$username = mysqli_real_escape_string($connection, $_POST['username']);	}	else	{		// username does not validate, define an error		$errors[] = 'You have forgotton to include your username.';	}	// we apply the same for the password field.	if(isset($_POST['password']) && !empty($_POST['password']))	{		$password = md5($_POST['password']);	}	else	{		$errors[] = 'Password not provided';	}	// chekc that no errors have been set, if so display them	if(isset($errors) && is_array($errors))	{		echo 'Errors: <ul><li>' . implode('</li><li>', $errors) . '</li></ul>';	}	// no errors are set so we'll continue	else	{		$sql= " SELECT * FROM members WHERE username = '$username' AND password = '$password' ";		$result = mysqli_query($connection, $sql) or die('Query Error:<br />Query: <tt>'.$sql.'</tt><br />Error: ' . mysqli_error($connection));		// check that the query return only ONE result		if(mysqli_num_rows($result) == 1)		{			$_SESSION['is_logged_in'] = true;			// get result set from the query and assign it to the 'user' session.			$row = mysqli_fetch_assoc($result);			$_SESSION['user'] = $row;			// redirect to the login_success.php			header('Location: login_success.php');			exit;		}		// query failed, display error		echo "Wrong Username or Password";	}}// for was not submitted, display errorelse{	echo 'Please use the login form for logging in';}?>

Here is what the members table looks like

CREATE TABLE `members` (  `id` int(4) NOT NULL auto_increment,  `username` varchar(65) collate utf8_unicode_ci NOT NULL,  `password` varchar(65) collate utf8_unicode_ci NOT NULL,  PRIMARY KEY  (`id`)) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=5;

and this is what the username and password is

INSERT INTO `members` (`id`, `username`, `password`) VALUES (1, 'darren', 'darren');

if anyone can shed any light it would be great.kind regardsDazzclub

[justsomeguy]

Print the return value from mysqli_num_rows($result) to see what it is, that's what you're testing to see if they entered the wrong username or password. It might be 2.