Hi i am writing a log on page for a web application. What i want it to do is take a user name and password as input pass these to a cgi file using the 'post' method, then using dbi compare the username and passwords to the contents of a mysql table which in which all usernames and passwords are stored.

I am having a problem recieving the username and password, i think my html form is fine, and that the problem is in my cgi file.

This is the code that i am using to recieve the username and password from the html form

$query_string = $ENV{'QUERY_STRING'};
$first = split(/&/, $query_string);
($u_name, $pass) = split(/=/, $first);
Another area where there might be a problem is my select statement

$sth = $dbh->prepare(q{SELECT table1.name, table1.address, usertable.password from table1, usertable where table1.name = usertable.user_name and user.user_name = ?});

The desired output here is the name, address and password of the user with the username passed in by the form.

I am not sure if the "?" is right in the select statement? I am also unsure about the value $u_name in the brackets, when i enter a sample username in the place of the "?" in the select statement, the result will not print out unless i remove the $u_name from the brackets in the line below.

I would appreciate any help or suggestions, as i have spent many hours working on this and have run out of ideas