What database engine?
Php is usually used with MySQL, not SQL Server.
If it is SQL Server, we're at minimum going to need to see the table structure.
If it's MySQL, you're more likely to get good help over at the MySQL forums - http://forums.mysql.com/
No offence, but your code is vulnerable to SQL injection and has serious security flaws (storing password plain text, passing passwords plain text among others). i would strongly suggest if this is for a paying client, consult a security professional and get some assistance.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
We walk in the dark places no others will enter
We stand on the bridge and no one may pass