Hi,
I'm trying to create a tiny admin section for my site. What I do is have the user login using a form, and on the next page:

PHP Code:
username $_POST["username"];
password $_POST["password"];


$dbh=mysql_connect("localhost""mendhakuser""mendhakpassword") or die ('I cannot connect to the database because: ' mysql_error());
mysql_select_db("mendhakdatabase"); 

$loginquery "SELECT * FROM adminsection WHERE username = '$username' AND password = '$password'";

$loginresult mysql_query($loginquery); 
My first question is: After I get $loginresult, if I just check for the number of rows returned in $loginresult, and the answer is 1, then the user is validated... else he is not. Is this the proper method?

My second question is: How do I create a session variable and check it on every page, and how do I end it?

Thanks.