userid from TABLE and turning it into SESSION

lands

Basically when a user on my site is logging in it sends username and password and comes to this page, im trying to make this page get there userid from the members table and carry it over with a session which will be user id, ive got on the index a 'echo' to show the userid and the username, the username shows fine but the userid does not... Now could anyone help me why this is not retrieving the userid or not starting the session :S HELP please

<?php
session_start();

$host=""; // Host name 
$username="lands"; // Mysql username 
$password=""; // Mysql password 
$db_name="lands"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


$sql="SELECT userid FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
while($row = mysql_fetch_array($result))
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file "login_success.php"

session_register("username");
session_register("password"); 
$_SESSION['userid']=$row['userid'];
$_SESSION['username']=$username;
header("location:login_success.php");

}
else {
echo "
<table width='100%' height='100%' border='1' bgcolor='#657383'><tr><td valign='center' align='center'>

<font size='5' color='#ffffff' face='arial'>
Incorrect Details Please <a href='LINK TO HOME'><font size='5' color='#ffffff' face='arial'>Try Again</font></a>
</font>

</td></tr></table>";
}
?>

THANKSS.....

bradgrafelman

Few things I noticed:

When posting PHP code, please use the board's [noparse]
```
..
```
[/noparse] bbcode tags as they make your code much easier to read and analyze.
This:
```
$username = stripslashes($username); 
$password = stripslashes($password); 
```
shouldn't be there. You should never have to [man]stripslashes/man incoming data; if slashes are being automatically added to such data, then you need to get the PHP directive magic_quotes_gpc disabled.
This:
```
while($row = mysql_fetch_array($result)) 
// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 
```
doesn't make much sense. The value from [man]mysql_num_rows/man isn't going to change after you've executed the SELECT query, so why are you calling it in a loop as you loop through each row in the result set?

Further more, if you're only expecting at most 1 row, why not add a 'LIMIT 1' to the end of the query?

Finally, why have a loop at all if you're only going to use 0 or 1 results? Seems rather pointless to loop one time (which isn't really a "loop" at all).
Get rid of [man]session_register/man altogether. Just use the $SESSION array itself.
Try doing a [man]print_r/man on the $_SESSION array before the redirect (so either comment out the redirect, or change it to a 'Refresh' header that waits a few seconds before redirecting). Do you see the userid value as expected?