you are doing the right thing

yeah its standard to have an HTML form posting data to a PHP processor page

If you are new to php and want to see an example of inserting/editing/deleting data in a mysql database and creating tables/databases then please send me a Personal Message from my profile page, and ill send you a link to a simple news management system i made. (the whole thing is under 15 pages of code, nicely formatted, no superflous stuff)

If your storing passwords in a database its always best to encrypt them in sha-1 or atleast md5.

Also make sure your validating the data from the html form, just incase.

It's possible that the server is secure but someone can still exploit a bug in your code which could display user passwords. It's always better to be safe then sorry ^^

Read up on password sniffing . It's great if your server is secure, but if the user is on a LAN then it's still possible to get hacked.

Good rules for any database:

1.) Never pull a password out of the database. Once it is in, it stays there. You can look for it in the query, but don't pull it out.

2.) You should never know your users actual password. This means that every password is encrypted before it gets to the database. This will make it much more difficult for a sniffer to intercept it and successfully login.