<?
session_start();
db_connect();
$username=$_POST['username'];
$password=$_POST['password'];
$settings_query = mysql_query("SELECT * FROM guestbook_settings WHERE setting_id='2'='$username' AND setting_id='3'='$password'") or die(mysql_error());
while ($row = mysql_fetch_assoc($settings_query))
{
$settings[$row['setting_id']] = $settings[$row['setting_name']] = $row['setting_value'];
}
mysql_real_escape_string($username);
mysql_real_escape_string($password);
if (mysql_num_rows($settings_query)== 0){
//Login Details = incorrect?
session_destroy();
echo 'Login failed because of the following error returned:<br>
<b>You entered in a wrong username/password</b>';
} else {
echo 'Hey! your like logged in man!';
}
?>
There are two = signs. Doesn't make much sense
WHERE setting_id='2'='$username' -> WHERE setting_is equals 2 equals username
even worse: WHERE setting_id='2'='$username' AND setting_id='3'='$password'
WHERE setting equals 2 equals username equals 3 equals password, that can never be fulfilled.
I'm not sure how you want to build the result data variable(s) so you should probably study this page for a while and play around until you figure out what you want to use.