There are two issues in your query...
$uname is string. You must quote it.
- You are using
==. You are mixing
Update your query...
$result=mysql_query("select user.fname,password.pwd from
user.uid=password.uid and user.fname='$uname'");
you also need to use mysqli_* or PDO; mysql_* functions are
deprecated. On top of that, you have SQL injection vulnerability, so
please do not use this code in production!