I have a mysql table (users) which holds all my login info.
When the username/password is filled out, it chec ks them using this bit of php
PHP Code:
    $sql "select * from users where username = '".$user."' && password = '".$pass."' limit 1";
     
$result mysql_query($sql); 
    
$info mysql_fetch_assoc($result);
    
//Gives error if user dosen't exist
         
if ($user != $info['username']) {
             
header("location:login_fail.php?user");
        }
    
//gives error if the password is wrong
         
if (($pass != $info['password']) && ($user == $info['username'])) {
             
header("location:login_fail.php?pass");
         } else {
            
$id =  $info['id'];
              
$_SESSION['logged'] = '1';
              
$_SESSION['user'] = $user;
              
$_SESSION['id'] = $id;
            
header("location:login_success.php");
        }
mysql_close($db_connect); // Closes the connection. 
But it seems like whtever I use, I get redirected to login_success.php even when I use a phony username or even a phony password with a correct username.
whats am I doing wrong?

Thx