You could try:

$sql = "SELECT id FROM tblfranchiseinfo WHERE fousername = '$_SESSION[myusername]' and fopassword = '$mypassword'";

or

$myusername = $_SESSION["myusername"];
$sql = "SELECT id FROM tblfranchiseinfo WHERE fousername = '$myusername' and fopassword = '$mypassword'";

or even

$sql = "SELECT id FROM tblfranchiseinfo WHERE fousername = '".$_SESSION["myusername"]."' and fopassword = '$mypassword'";

(Oh, and I'm assuming you're taking the usual precautions against SQL injection?)

Thanks.. will take a look. This page is in an admin area on a bookmarked page where very few people will access. If you have suggestions on how to protect it from SQL injections, I'd like to review though. Thanks

If you have suggestions on how to protect it from SQL injections

even in an 'admin' area, the rules should always apply!

... 3 simple rules

1 ... Always check any value passed to the page (session, cookie, post, get, etc) before using it in mySQL - check that it is of the expected type, format and length
2 ... Always use php prepared statements
3 ... Always use Stored Procedures/Functions - never write a query in your php, only ever 'call' a stored procedure

IMO ... if you do not follow these rules at ALL times, then one day you will be hacked.

Can you point me in the direction for #3 above? I am using mysql.

stored procedures/functions are simple or complex queries that are stored on the server, typically they would expect one or more parameters, such as:

SELECT * FROM mytable where field_1 = param_1

you would 'call' the stored procedure in php much the same as a regular query, you also pass parameters in the same way (using prepared statements)

i personally learnt initially using the O'Reilly book ... 'MySQL Stored Procedure Programming' which i highly recommend.

i'm sure there are some online tutorials too - but i've not used any so i can't point to any specific one.