You have an error in your SQL syntax; check the manual that corresponds to your

1. You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Password='kdsdj'' at line 1
2.  
3. <?php
4. include 'Database.php';
5. $username=$_POST['username'];
6. $password=$_POST['password'];
7.  
8. $username=stripslashes($username);
9. $password=stripslashes($password);
10. $username=mysqli_real_escape_string($con,$username);
11. $password=mysqli_real_escape_string($con,$password);
12.  
13. $query=mysqli_query($con,"SELECT * FROM student WHERE Username='$username',Password='$password'")or die(mysqli_error($con));
14. $res=mysqli_fetch_array($query);
15. if($res['Username']==$username&&$res['Password']==$password){
16. header('location:List.php');
17. }
18. else{
19. header('location:index.php');
20. }
21.  
22. ?>