Multiple ANDS in a PHP mysql query?

Question

I'm attempting to use multiple ANDs in this query below, and it messes up the password every time when I attempt to use my login feature. code below.

// this is my problem, right here
    $result = mysql_query("SELECT username, password, FirstName FROM members 
                            WHERE username='$myusername' 
                              AND password='$mypassword' 
                              AND  FirstName = '$firstname'");

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
$_SESSION['firstname'] = $firstname;

EDIT:

SQL Query:

Table Name: members

username | password | FirstName | LastName 
johndoe    deers       John        Doe

PHPMyAdmin tells me it returned zero rows when I run it there.

Answer 1

If I understand correctly the problem, you should check that you type the case of the username, password and FirstName correctly (meaning the values which you check in the database).

If you want to make it case insensitive you should use LIKE.

Also if this comment is right

// If result matched $myusername and $mypassword, table row must be 1 row

This means that you shouldn't even check for FirstName in first place?

Also if you can give sample data, this would help a lot!

Answer 2

A) Don't store the password in memory at all

B) Hash the password

C) There's no reason to filter where FirstName = anything if you're already filtering by username and password. Are you asking the user for their username, password and FIRST NAME when they log in? Where are you getting that variable from? Are usernames not unique or something?