A small, general extra:
When building a site/page, add the following:
error_reporting( E_ALL );
...and fix every error, warning or notice. You cannot imagine how many so-called notices are actually full-blown script errors. Fix them all.
On your public-facing scripts, allow zero errors to show.
On your specific question, far better to store encrypted (md5 is a typical one) and test for password equality to the retrieved value
SELECT `md5` from `db` WHERE `name`='username'
name in the DB at all?
2 if yes, test md5(password)=mysql_md5 (in PHP)
Thus, break it down into small steps and, if you have errors, test one step at a time. Try to resist the urge to cram it all into one huge algorithm.