Welcome to WebmasterWorld, dangeh!

You might want to have a look at this forum's charter [webmasterworld.com] - it's better to post as little code as possible, isolating it to the parts that you think have trouble, so it's easier to look at - it's sort of a pain to hand-count down 25 lines.
Your problem is here - you need to remove the quote and semicolon at the end of the first line:

WHERE loginName='$_POST[fusername] ' " ;
AND password=md5('$_POST[fpassword]') " ;

Also, the correct syntax to use for referring to associative arrays inside quotes is to use braces { } and to surround the array indices with single quotes. So your first line would look like:
WHERE loginName='{$_POST['fusername']}'

well that fixed that error... now it changed to

Parse error: syntax error, unexpected T_VARIABLE.... line 19

19 $result = mysqli_query($cxn, $sql)
20 or die (Couldn't execute query. " ) ;

can you help me on that one?

The 'unexpected whatever' errors are almost always because of mismatched quotes or missing semicolons (usually on the line above the one it's squawking about). This one is because you're missing an opening quote in the die part.

I am sorry, but this is all new to me and I dont know what open quote should go there.

That's ok, it was new to each one of us at one time. Generally when you open with something you have to close it, an opening ( needs a closing one ), a [ needs a ], etc. You're missing the double-quote at the beginning of your die message:

or die ("Couldn't execute query. " ) ;

Thank you so much.. so far it is now doing what I want... I am sure I will have more questions :)

Maybe I should just pay someone to do this for me.. but what fun would that be... this is the error I am getting now if anyone can help?

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_real_escape_string() expects parameter 1 to be string, resource given in /home/netmusic/public_html/login.php on line 169

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/netmusic/public_html/login.php on line 178
Couldn't execute select query.

It seems you haven't put any input in the mysql_real_escape_string() function.

Can you post the code surrounding the line number mentioned in the code?

This is the code around it

153 /* clean data */
$cxn = mysqli_connect($host,$user,$passwd,$dbname);
155
foreach($_POST as $field => $value)
157 {
if($field!= "Button" and $field!= "do")
159 {
if($field == "password")
{
$password = strip_tags(trim($value));
}
else
165 {
$fields[]=$field;
$value = strip_tags(trim($value));
$values[] =
169 mysqli_real_escape_string($cxn,$value);
$$field = $value;
}
}
}

175 /* check whether user name already exists */
$sql = "SELECT loginName FROM Member
WHERE loginName = '$loginName'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute select query.");
$num = mysqli_num_rows($result);
if ($num > 0)
182 {
$message_new = "$loginName already used.
Select another User Name.";
include("login_form.inc");
exit();
}
/* Add new member to database */
else

take a look at the manual page
[php.net...]

you have your parameters mixed up if you were using mysql_real_escape_string

but I see in the code you posted you are using
169 mysqli_real_escape_string($cxn,$value);

which should be correct as the params are expected in that order

I am guessing the code you posted isn't what gave you an error, or you changed something and posted different code

I am slowly working out the kinks in my login page... now I get this error...

"The Login Name, 'abcde' exists, but you have not entered the correct password! Please try again."

on the registration page it emailed me the login name and password I signed up with. I know the password is right but it wont accept it.

any ideas why?

But this is so vague, it could be anything. You have to narrow it down, give us some codes, logic :)

"The Login Name, 'abcde' exists, but you have not entered the correct password! Please try again."

Then try again ;)

Post some part of the code, which you think is creating the problem. If it is a logic issue, be more specific.

[edited by: Habtom at 12:41 pm (utc) on Sep. 11, 2007]

I dont know what to post... all I could psot is the whole script. Every other error I got gave me a specific error on a specific line... this one just says what it says.. I am so new to this.. I have spent hrs looking it over, changing stuff and getting it to work through reading and peoples help.
it seems to me the data base is logging the username but not the password. I will try to post what I think

<!-- form for Member login -->
<form action="login.php" method="POST">
<p><table border="0">
<?php #30
if (isset($message))
{
echo "<tr><td style='color: red'
colspan='2' >$message <br /></td></tr>";
}
?>
<tr><td class="bold_right">Username</td>
<td><input type="text" name="fusername"
size="20" maxsize="20"></td></tr>
<tr><td class="bold_right">Password</td>
<td><input type="password" name="fpassword"
size="20" maxsize="20"></td></tr>
<input type="hidden" name="do"
value="login">
<tr><td style="text-align: center" colspan="2">
<br /><input type="submit" name="log"
value="Enter"></td></tr>
</table>
</form>

The above is from an .inc file

switch (@$_POST['do'] )
{
case "login":
$cxn = mysqli_connect($host, $user, $passwd,$dbname)
or die ( "Couldn't connect to server. ") ;

$sql = "SELECT loginName FROM member
WHERE loginName='$_POST[fusername] ' " ;
$result = mysqli_query($cxn, $sql)
or die ("Couldn't execute query.") ;
$num = mysqli_num_rows($result);
if ($num > 0) // login name was found
{
$sql = "SELECT loginName FROM member
WHERE loginName='$_POST[fusername] '
AND password=md5('$_POST[fpassword]') " ;
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysqli_query($cxn,$sql)
or die("Can't execute insert query.");
header("Location: member_page.php");
}
else // password is not correct
{
$message="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br />";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found

the above is from my login.php file

The code is checking twice for the validiy of the password, and I don't see any reason why.

Find the appropriate lines and replace them with the following lines. The md5 seems to do it for the $_POST array itself instead of the data in it. (I could be wrong though)

Give it a try by replacing it with the following lines:

$loginName = $_POST['fusername'];
$password = md5($_POST['fpassword']);
$sql = "SELECT loginName FROM member WHERE loginName='". $loginName ."' AND password = '". $password ."'" ;
$result2 = mysqli_query($cxn,$sql) or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);

Find the appropriate lines.

I am still having probs.. I switched it to what was previously posted with no luck... Will post it again and hope for the best. I still get login name exist but incorrect password error

case "login":
$cxn = mysqli_connect($host, $user, $passwd,$dbname)
or die ( "Couldn't connect to server. ") ;

$sql = "SELECT loginName FROM member
WHERE loginName='$_POST[fusername] ' " ;
$result = mysqli_query($cxn, $sql)
or die ("Couldn't execute query.") ;
$num = mysqli_num_rows($result);
if ($num > 0) // login name was found
{
$sql = "SELECT loginName FROM member
WHERE loginName='$_POST[fusername] '
AND password=md5('$_POST[fpassword]') " ;
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysqli_query($cxn,$sql)
or die("Can't execute insert query.");
header("Location: member_page.php");
}
else // password is not correct
{
$message="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br />";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message = "The Login Name you entered does not
exist! Please try again.<br />";
include("login_form.inc");
}
break;

I should add if this makes a difference.. my server is running version 4.1 of mysql and it said the syntax should be mysql
I am using mysqli... dont know if that makes a difference.
I see in the cpanel it adds the user and encrypts the password... but always tells me password is worng