Well, here is the thing. In this script the variables may or may not exist or contain values. However this certain line is in an if statement that is only executed if $_SESSION['email'] exists. Now it could be anything, even "". It is then checked in a database to see if it matches with it's supplied password (which may also be blank). So techincally, it could be one of these two lines being executed:

$check = mysql_query("SELECT * FROM " . $prefix . "members WHERE email = '' AND pw = ''");

or

$check = mysql_query("SELECT * FROM " . $prefix . "members WHERE email = 'myemail' AND pw = 'mypassword'");

Please note that if I have the code below, I get a Parse Error with something like "Expected T VARIABLE T NUM STRING" or something like that...

$_SESSION['email'] = '';
$_SESSION['pw'] = '';
$check = mysql_query("SELECT * FROM " . $prefix . "members WHERE email = '$_SESSION['email']' AND pw = '$_SESSION['pw']'");

Do you have your table feild set as an INT?

What do you mean? The columns in the table that I'm trying to access are all types, TEXT, INT, TINYINT, TINYTEXT, etc.

Expected T VARIABLE T NUM STRING

Your query is trying to pull text from a number field form the looks of it.

Plus your making the session blank by doing this:

$_SESSION['email'] = ' ';

So it is looking for nothing in a number field.

I could be wrong, but I would like to think I am right

Probably the same issue as in this thread.
http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

$check = mysql_query("SELECT * FROM ".$prefix."members WHERE email='".$_SESSION['email']."' AND pw = '".$_SESSION['pw']."' ");

Originally posted by LordShryku
Break out of the string like you do with $prefix for your other variables too. You can leave variables in the string if they're not superglobals(like $SESSION). A good practive would be to break out of the string for all_ variables.

Just wanted to clear a possible misconception, the above isn't true. You cannot use arrays within strings without paying close attention to how you use said array but whether it's a superglobal or not does not matter. A string is a string, an array is an array. The manual page weedpacket quoted has a ton of examples but essentially it all comes down to creating a proper string in PHP, and properly using 'quotes'.

// VERY BAD
$strA = "Hello there $friends['doh'] this is a parse error";
$strB = "Hello there " . $friends[doh] . " this is a E_NOTICE error";

// GOOD
$strC = "Hello there {$friends['woohoo']} this is fine";
$strD = "Hello there $friends[woohoo] this is fine";
$strE = "Hello there " . $friends['woohoo'] . " this is fine";

So, using 'quotes' around array keys inside of strings requires special attention, and when using an array outside of a string ($strB and $strE) one should quote the array key otherwise an error of level E_NOTICE will result. So in your code you will either use {} OR con . cat . en . ation to construct the string. Read the manual for more details.

you forgot

$str = "hi hi hi {$array[index]} hi hi hi";

which is another E_NOTICE

Good point. And while we're at it let's explain why these E_NOTICE errors exist. It's because in the following case:

echo $foo[bar];

PHP first looks for a CONSTANT named bar and if it cannot find one PHP shouts an error of level E_NOTICE (undefined constant) and then attempts to use the string 'bar'. Instead of doing this we should just use the string 'bar' to begin with.