$username = htmlspecialchars($_POST['username']);$password = htmlspecialchars($

1. $username = htmlspecialchars($_POST['username']);
2. $password = htmlspecialchars($_POST['password']);
3.  
4. $sql = "SELECT * FROM `db_user` WHERE Username='$username' AND Password='$password'";
5. $query = mysqli_query($db_handle, $sql) or die ("Error in query: " . mysqli_error($db_handle));
6.  
7. $user_row = mysqli_fetch_assoc($query);
8.  
9. mysqli_close($db_handle);
10.  
11.  
12. $smarty->assign("DATA", $user_row);
13. $smarty->assign("USERNAME", $username);
14. $smarty->assign("PASSWORD", $password);
15. $smarty->caching=0;
16. $smarty->display('sign_in.tpl');
17.  
18. {if $DATA.Username eq $USERNAME and $DATA.Password eq $PASSWORD}
19.  
20. GOOD
21.  
22. {else}
23.  
24. Bad
25.  
26. {/if}
27.  
28. Smarty_Variable Object (3)
29. ->value = Array (10)
30. ID => "14"
31. Username => "myuser"
32. Password => "mypass"
33. Name => "me"
34. Email => "an email"
35. Country => "Russia"
36. Activation => "1"
37. ->nocache = false
38. ->scope = "file:sign_in.tpl"