$userEmail = $db->query("SELECT email FROM users WHERE email='$email'");
$userPsswd = $db->query("SELECT password FROM users WHERE email='$email'");

Can someone tell me what I've done wrong in teh two lines above? I'm getting the following errors.

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 14

PHP Warning: SQLite3::query(): Unable to prepare statement: 1, near "@hotmail": syntax error in /var/www/ET/password/accounts.php on line 15

The problem doesn't seem to be with the lines you provided, but rather with the value of the $email variable. What exactly does that variable hold?

Try adding this above the two lines, and show us exactly what it prints out.

var_dump($email); exit;

Actually, now that I think about it, seeing as you are providing what appears to be a user supplied variable there, you should be using a parameterized query, rather than injecting the value into the query string directly. That is how modern, security concious code is written.

See the SQLite3::prepare method for details and examples.