YA: Simple Login WC

<?php
// Post in response to a Yahoo Answer's Question
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password){
    // Good job on the informative error messages.
    $connect = mysql_connect("127.0.0.1","root","") or die ("Couldnt Connect to Database");
    mysql_select_db("login", $connect) or die ("Couldnt find database");
    // Prevent MySQL Injection Attacks, Google it.
    $username = mysql_real_escape_string( $username );
    $password = mysql_real_escape_string( $password );

    $query = mysql_query("SELECT username FROM users WHERE username='$username' AND password='$password' LIMIT 1");
    // The query only needs to return the username, because that is the only information you need. Returning additional information uses
    // additional resources. Also, the query can check for the password combination, saving you time and effort. LIMIT 1 simply tells MySQL to
    // stop looking once it finds the one result it needs. Speed and resources.
    if($query && mysql_num_rows($query) === 1){ // Checks for a successful query and that the number of rows returned is equal to 1.
        $_SESSION['username'] = mysql_fetch_object($query)->username;
        echo "Login successful. <a href='membersarea.php'>Click here to enter the member area</a>";
    } else {
        // Never tell the user that the username is correct but the password is incorrect. People can then brute force attack a particular username.
        // A simple combination error will usually let people know that there is a problem with their password.
        echo 'Incorrect Username/Password Combination. <a href="' . $_SERVER['HTTP_REFERER'] . '">Click Here To Return</a>.';
    }
    mysql_close( $connect ); // Good Idea to close the connections.
}else{
    die('Please enter a username and password. <a href="' . $_SERVER['HTTP_REFERER'] . '">Click Here To Return</a>.');
}
?>