Hi all,

The following script works fine by allowing me to set a session variable with the users password, but i can seem to extract other information that isnt included in the $_POST.

I know usually i would use something like

while ($row = mysql_fetch_array($sql))
$user_type = $row['user_type'];

but when i do i just get a blank screen when submitting.

This is the code that works (without the bit above).

// username and password sent from form

// To protect MySQL injection (more detail about MySQL injection)
$user_email = stripslashes($user_email);
$user_password = stripslashes($user_password);
$user_email = mysql_real_escape_string($user_email);
$user_password = mysql_real_escape_string($user_password);

echo $sql="SELECT * FROM $tbl_name WHERE user_email='$user_email' and user_password='$user_password'";
///////////////////I PUT THE WHILE IN HERE////////////////////
// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1 row

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['user_email'] = $user_email;
else {
echo "Wrong Username or Password";

Am i putting it in the wrong place?

You should be using $result in the mysql_fetch_array() function, not $sql as this expects to receive the result of an SQL query.