$username
=
escape
(
$username
)
;
$password
=
escape
(
$password
)
;
$query
=
$db
->
execute
(
"SELECT id,username FROM users WHERE username=
$username
AND password=
$password
"
)