[php] Meerdere acties doorelkaar (sql, cookies)

<?
mysql_connect("****","****","****") or die("Could not connect"); 
mysql_select_db("****") or die("Could not select database"); 
 
$sql = "SELECT * FROM **** WHERE username='$user' and password='$pass'"; 
$sql_result = mysql_query($sql) or die("Could not execute the query"); 
 
$row = mysql_fetch_array($sql_result);
$db_username = $row["username"]; 
$db_password = $row["password"];

function random($length) {
   srand((double)microtime()*1000000);
   $return = "";
   $letters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
   for($i=0;$i<$length;$i++)
       $return .= $letters[rand(0,count($letters)-1)];
   return $return;
}

$session = random(99);

if (($login_username == $db_username) &amp;&amp; ($login_password == $db_password)) {
setcookie("SwinxUnitedServices",$session,time()+3600);
$update_query = "UPDATE **** SET session='$session'";
mysql($update_query);
header("Location: services_checklogin.php");
}
?>