I'm giving unique passwords to schools in our district so they can post jobs. The login table has 3 fields: username, password, and school. Once the user enters the corrrect u and p, the school name shows up hard coded into a form that will get submitted into another table (jobs). So, there is a 'school' field in both tables that will always match. I've got the jobs listing page working OK. But, I want to do another page so they can evetually go in and delete their record if they want to. Here's what I got so far:

$sql = "SELECT * FROM login WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
$X = mysql_fetch_array($result);
$num = mysql_numrows( $result );
if ( $num!= 0 ) {
$auth = true;
}
}

if (! $auth ) {

header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;

} else {

$school = "$X[school]";
$S1 = "SELECT * FROM jobs WHERE school = '$school'";
$S2 = mysql_query($S1);
while($S3 = mysql_fetch_array($S2))
{
print("$S3[title] : $S3[school]");
}

The problem I think is with the WHERE statement because when I take that out, I get all 10 entries from the jobs table printing the title field and the school field like it should. But with the above WHERE statement where I'm trying to limit it to one school only (according to the u and p submitted), I get just a blank page.
Basically, this is an attempt at session management using 2 MySQL tables so when the schoolA logs in (using the login table), they'll only see their records from another table I'm trying to associate with the login table.