So, your code isn’t what’s shown here, but uses variables read from the database? And what you have works if you provide an actual password, or if the password field is left out entirely, but not if the password field is blank? What if the password field is false or null in you call?