session help again!

hi
im trying to get sessions to work for my login page
so far ive come up with the following query:


$user_name = $_POST["user_name"];
$password = $_POST["password"];


$query = "SELECT * FROM customers WHERE $user_name='$_POST[user_name]' AND $password='$_POST[password]'";
$result = mysql_query($query, $connection) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
//if ($u_user_id == $row['user_name'] AND $u_password == $row['password']){

if($result=="1") {
$_SESSION[$user_name]=$_POST[user_name] && $_SESSION[$password]=$_POST[password]; echo "Hello $_SESSION[$user_name], you're logged in";

}
else { echo "Thou art imposter!";


but it dont even let me log anyone in at the moment.
my login page works fine wen i wasnt trying to include sessions but now ive changed it to include sessions it doesnt work
i get the error:

Unknown column 'pv22' in 'where clause'

pv22 should be the password that should be accepted

Are you sure you want to do this


$user_name = $_POST["user_name"];
$password = $_POST["password"];


$query = "SELECT * FROM customers WHERE $user_name='$_POST[user_name]' AND $password='$_POST[password]'";


becuase all that will do is return everything from customers because $user_name has been set to $user_name

so basically if the user name is set to MRMAN and password to 12341234. this is what the mysql statment will look like


$query = "SELECT * FROM customers WHERE MRMAN='MRMAM' AND 12341234='12341234'";



i think you might want to do this


$user_name = $_POST["user_name"];
$password = $_POST["password"];


$query = "SELECT * FROM customers WHERE user_name='$user_name' AND password='$password'";

lol ok thanks but it still wont let me login with correct details

try this


if(mysql_num_rows($result)=="1") {
$_SESSION[user_name]=$_POST[user_name] && $_SESSION[password]=$_POST[password];
echo "Hello $_SESSION[user_name], you're logged in";

}
else { echo "Thou art imposter!"; }

wow!!
ur a genius!! thank you so much!
it works!!