I have my members database table on phpmyadmin online. "members" table has 4 fields (id, username, password, and rights). For rights, there are only two options and that is (admin or user).

I am messing up after "$count = mysql_num_rows ($result);" I tried the below code. It did not work.


$host = "localhost";

$username = "myusername";

$password = "mypwd";

$db_name = "mydb";

$tbl_name = "members";

mysql_connect ($host, $username, $password) or die ("can't connect");

mysql_select_db($db_name) or die (mysql_error ());

$myusername = $_POST ['myusername'];

$mypassword = $_POST ['mypassword'];

$rights = $_POST ['rights'];

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'" rights='$rights'";

$result = mysql_query($sql);

$count = mysql_num_rows ($result);

if($count==1 and $rights='admin') {





elseif ($count==1 and $rights='user') {





else {

echo "Wrong Username or Password";



Admins needs to be directed to admin.php and

users needs to be directed to user.php else

it should say wrong username or password.

Need some help.


You have double quote after $mypassword which will technically end the sql statement;

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername'

and password='$mypassword' and rights='$rights'";

