Very good. Allthough, I think it's much easier to check user and pass at the same time:SELECT * FROM users where uersname='$username' AND password = $pass'Plus it's more secure because you don't let hackers now that the uersname exisits you just display uersname and/or password doesn't exist I don't understand the while in conjunction with mysql_fetch_assoc, doesn't work the same without the while?