Matthew1980 - 10:26 pm on Dec 27, 2011 (gmt 0)
Hi there TheKG,
In the structure of the DB have you got the field 'Password' setup as a strightforward varchar() or text() field or are you using some sort of algorithm (Sha1()/md5()/password()) to encrypt the data? if you are, then the query you build up from the provided data needs to reflect this.
And as jecasc correctly notes; the if statement is missing it's else braces.
What I would recommend at the very least is that you echo the populated sql string to screen, copy it and then paste it into your preferred MySql client to see that the populated string actually gives the results that you expect, else you won't progress very far.
And this point raises a good point for building the query OUTSIDE the mysqli_query() function, as this will does and can, improve debugging attempts for you further down the line.
The only other thing that bothers me about this, is the use of $_SESSION's here and how you're populating it on successful login, you're defining it, but not assigning it anything for later use? Maybe you just want the script to function before you concentrate on the aesthetics, but, if you don't assign it, you could end up with undefined index error's - admittedly, you would need to have error_reporting() on to catch 'em, but I thought as I would note it for you.
Have fun with your project,