AlexK - 6:04 pm on Dec 28, 2011 (gmt 0)
A small, general extra:
When building a site/page, add the following:
error_reporting( E_ALL );
...and fix *every* error, warning or notice. You cannot imagine how many so-called notices are actually full-blown script errors. Fix them all.
On your public-facing scripts, allow zero errors to show.
On your specific question, far better to store encrypted (md5 is a typical one) and test for password equality to the retrieved value
SELECT `md5` from `db` WHERE `name`='username'
1 is `name` in the DB at all?
2 if yes, test md5(password)=mysql_md5 (in PHP)
Thus, break it down into small steps and, if you have errors, test one step at a time. Try to resist the urge to cram it all into one huge algorithm.