<?phpinclude ('connect.php'); // username and password sent from form$

1. <?php
2.  
3. include ('connect.php');
4.  
5. // username and password sent from form
6. $email = $_REQUEST['email'];
7. $password = $_REQUEST['password'];
8.  
9. // To protect MySQL injection (more detail about MySQL injection)
10. $email = stripslashes($email);
11. $password = stripslashes($password);
12. $email = mysql_real_escape_string($email);
13. $password = mysql_real_escape_string($password);
14.  
15. $sql="SELECT * FROM members WHERE username='$email' and password='$password'";
16. $result=mysql_query($sql);
17.  
18. // Mysql_num_row is counting table row
19. $count=mysql_num_rows($result);
20.  
21. // If result matched $myusername and $mypassword, table row must be 1 row
22.  
23. if($count>0){
24.  
25. // Register $myusername, $mypassword and redirect to file "login_success.php"
26. session_start("myemail");
27. session_start("mypassword");
28. header("location:accounts.php");
29. }
30. else {
31. echo "Wrong Username or Password";
32. }
33. ?>