Your Select statement is not returning any results.

SELECT avatar FROM Users WHERE login = 'user'

This is returning null and thus $result will be empty

What does

login = 'user'

mean?

Is it login name, a login status? Either way there is no match in the table.

Welcome aboard Yamiji, there are two things probably incorrect.

Unless you have a user with the username "user" you probably want $user, or whatever variable you have set for this user.

Second is,

echo $result;

is probably not going to output what you expect. $check is a resource, and you'll get an array from mysql_fetch_row or mysql_fetch array. Try this:

include 'config.php';
include 'connect.php';
$check = mysql_query("SELECT avatar FROM Users WHERE login = '$user'") or die(mysql_error());
if ($result = mysql_fetch_row($check)) {
echo "<p>" . $result['avatar'] . "</p>";
}
else { echo "<p>no records found for $user</p>"; }
mysql_close($con);

Of course, it will still return no records if $user is not the correct variable.

it said "no records found for "

if(!isset($_SESSION['$user']))

i want to use that user from session, because its the same as login from database, is that possible?

thanks for the help up to now^^

edit: or at least i think it is from the way i set my session:

session_start();
$_SESSION['$user'] = "set";

where $user=login

Yes it's possible, but as Frank said it depends on how you set "user". So if you have set $_SESSION['user'] (NOT $_SESSION['$user'], see below) then you can use that variable in your select.

when you quote like this,

'$user'

It does not interpolate variables. Like this,

"$user"

it does.

Session, post, get, and many user created variables are a list of key/value pairs.

$my_test = array (
'one' => 'Bob',
'two' => 'Joe',
'three' => 'Larry'
);

So
echo $my_test['two'];

Gives us Joe.

You have an uninterpolated variable as a key . . . you **can** use a variable as an array key but it will only interpolate (i.e., use the value stored in it) with double quotes, or with no quotes at all. We will still get "Joe" if we do this:

$myvar = 'two';
echo $my_test[$myvar];
echo $my_test["$myvar"];

So **if** you have properly set $_SESSION['user'], like

session_start();
$_SESSION['user'] = 'Joe'; // your value from the database

You can now do

$user = $_SESSION['user'];
$query = "SELECT avatar FROM Users WHERE login = '$user'";
$check = mysql_query($query) or die(mysql_error());

Without setting $user, the equivalent would be

"SELECT avatar FROM Users WHERE login = '" . $_SESSION['user'] . "'";

I added something there . . . and quoting is often confusing to newbies. The outer double quotes allow variables to interpolate in PHP and allows us to use single quotes on the actual mysql query without escaping. Two equivalents would be

$query = "SELECT avatar FROM Users WHERE login = \"$user\"";

$query = "SELECT avatar FROM Users WHERE login = \"" . $_SESSION['user'] . "\"";

One last thing, there is a large set of tomes here about cleansing data and making it database safe. At the very least, use mysql_real_escape_string() on all your queries:

$query = "SELECT avatar FROM Users WHERE login = '" . mysql_real_escape_string($user) . "'";

$query = "SELECT avatar FROM Users WHERE login = '" . mysql_real_escape_string($_SESSION['user']) . "'";

mysql_real_escape_string() [php.net]

thx, i decided to start from scratch, because i messed up login and register big time trying to make them work better:P i'm gonna restart my work on weekend and will post back if it works.

Still gives back the same, like $_SESSION was empty...
heres my login.php

<?php

if(!isset($_POST['login']) || !isset($_POST['password'])) header("Location: login.html");

elseif(empty($_POST['login']) || empty($_POST['password'])) header("Location: login.html");

else
{
$user = htmlentities($_POST['login']);
$pass = md5($_POST['password']);
}

include 'config.php';
include 'connect.php';

$result = mysql_query("SELECT * FROM Users WHERE login = '$user' AND password = '$pass'");

$rowCheck = mysql_num_rows($result);

if($rowCheck > 0)
{
session_start();
$_SESSION['user'] = 'set';

header("Location: checkLogin.php");
}
else
{
header("Location: loginerror.php");
}

mysql_close($con);

?>

and the code that should get my precious url from the db

<?php

include 'config.php'; 
include 'connect.php';
$user = $_SESSION['user'];
$check = mysql_query("SELECT avatar FROM Users WHERE login = '$user'") or die(mysql_error()); 
if ($result = mysql_fetch_row($check))
{ 
echo "<p>" . $result[0] . "</p>"; 
} 
else
{
echo "no records found for ";
echo $user;
} 
mysql_close($con); 
?>

there must be something i miss, or don't understand, in the meantime i will look though those tomess about safety^^

Still gives back the same, like $_SESSION was empty...
heres my login.php

<?php

if(!isset($_POST['login']) || !isset($_POST['password'])) header("Location: login.html");

elseif(empty($_POST['login']) || empty($_POST['password'])) header("Location: login.html");

else
{
$user = htmlentities($_POST['login']);
$pass = md5($_POST['password']);
}

include 'config.php';
include 'connect.php';

$result = mysql_query("SELECT * FROM Users WHERE login = '$user' AND password = '$pass'");

$rowCheck = mysql_num_rows($result);

if($rowCheck > 0)
{
session_start();
$_SESSION['user'] = 'set';

header("Location: checkLogin.php");
}
else
{
header("Location: loginerror.php");
}

mysql_close($con);

?>

and the code that should get my precious url from the db

<?php

include 'config.php'; 
include 'connect.php';
$user = $_SESSION['user'];
$check = mysql_query("SELECT avatar FROM Users WHERE login = '$user'") or die(mysql_error()); 
if ($result = mysql_fetch_row($check))
{ 
echo "<p>" . $result[0] . "</p>"; 
} 
else
{
echo "no records found for ";
echo $user;
} 
mysql_close($con); 
?>

there must be something i miss, or don't understand, in the meantime i will look though those tomess about safety^^

now i feel like an idiot, i added some other stuff and then noticed my members.php page lacked session_start();, which made session array empty ><

now it works like a charm^^

thx