What is the PASSWORD supposed to do in your version as I assumed what I put would work, what about changing where PASSWORD is put
$q = sprintf("SELECT * FROM `dbUsers` "WHERE `username`='%s' AND
`password`=PASSWORD('%s')) LIMIT 1;--",mysql_real_escape_string($_POST["username"]),
Please remember to wrap any code you have in forum tags:-
[CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]
If you can't think outside the box, you will be trapped forever with no escape...