this is a database query, taking variables from a html page can anyone see a problem;
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="query4.php" method="post">
<p>UserName: <input type="text" name="user"></p>
<p>Password: <input type="password" name="pass"></p>
<p><input type="submit" value="Login"></p>
</form>
</body>
</html>
AND
<HTML>
<BODY>
<?php
$username=$POST[user];
$password=$POST[pass];
$db = "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = RICHARD-2J7P3XV)(PORT = 1521)))(CONNECT_DATA=(SID=test)))";
$c1 = ocilogon("ADAMS","password",$db);
$stmt = ociparse($c1,"select * from sys.richard where NAMES='username' and PASSWORDS='$password'");
ociexecute($stmt,OCI_DEFAULT);
while (ocifetch($stmt)){
echo ociresult($stmt,"NAMES")."<BR>\n";
echo ociresult($stmt,"PASSWORDS");
}
ocilogoff($c1);
?>
</HTML>
