php and MySQL

hey guys, i have been working on a simple form which validates if a
user is valid or not. i am a newbie and just want to deny unauthorised
access to a 'members' page. I wish to compare the password entered by
the user with that they entered into their submitted registration
form.. however i keep getting a mySQL error message 'query was empty'.
i was hope someone would know my failings! here is my code:

<?php

$connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc","my
password here");

$password=$_POST['password'];

mysql_select_db("sjcdb",$connection) or die("failed!");

$sql = mysql_query("SELECT * FROM users WHERE password = '$password'");

$result = mysql_query($sql)or die(mysql_error());

$rows = mysql_num_rows($result);

if ($rows){

        if ($password == $row[9]){

header("Location:members.html");
}
else
{
header("Location:register.html");
exit;
}
}
mysql_close();

?>
Received on Mon May 1 02:41:11 2006