$query = "SELECT * FROM `user` WHERE username='$username' and password='$passwor

1. $query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
2. $stmt = $connection->prepare('SELECT  * FROM user where username=? and password=?');
3. $stmt->bind_param('ss', $username,$password);
4. $stmt->execute();
5. $result = $stmt->get_result();
6. $count = $result->num_rows;