Serious programming problem

Why does my code not work when the username does not exist? When the username doesn't exist it just gives me a blank screen. No error messages, no form, no nothing. It works as intended when the username is found but the password is incorrect and when the username/password are both correct.

Also, please don't make fun of my code. I'm sensitive and I'd like to stay that way.


<?php
$num_rows = 0;
if($_SERVER['REQUEST_METHOD'] == 'POST') {
  $uname = $_POST['username'];
  $pword = $_POST['password'];


$db_handle = mysql_connect(localhost, "admin", "1admin");
$db_found = mysql_select_db("users", $db_handle);

$result = mysql_query("SELECT * FROM logininfo WHERE username = '$uname'") or die(mysql_error());
$num_rows = mysql_num_rows($result) or die(mysql_error());;
if($num_rows > 0)
  $row = mysql_fetch_array($result) or die(mysql_error());

if($num_rows == 0) {
  echo "Username not found.";
}
else if(md5($pword) != $row['password']) {
  echo "Incorrect Password.";
}
else {
  session_start();
  echo "Success.";
  $_SESSION['login'] = "1";
  $_SESSION['username'] = $uname;
  echo '<META HTTP-EQUIV="Refresh" Content="3; URL=index.php">';   
  exit; 
}
}
?>


<FORM NAME ="form1" METHOD ="POST" ACTION ="login.php">

Username: <INPUT TYPE = 'TEXT' Name ='username'  value="<?PHP print $uname;?>" maxlength="20">
Password: <INPUT TYPE = 'TEXT' Name ='password'  value="<?PHP print $pword;?>" maxlength="16">

<P>
<INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Login">


</FORM>

$num_rows = mysql_num_rows($result) or die(mysql_error());;
;;

And look up mysql_real_escape_string(), use it on everything you concatenate to a query and you won't have problems with quotes and such.

>>41
They do, it's just not as pronounced.