$username = stripslashes($_POST['username']);$password = stripslashes($_POST['

1. $username = stripslashes($_POST['username']);
2. $password = stripslashes($_POST['password']);
3.  
4. $query1 = "SELECT * FROM user where username = '$username'";
5. $result1 = mysqli_query($conn, $query1);
6.  
7. $query2 = "SELECT * FROM user WHERE password = '$password'";
8. $result2 = mysqli_query($conn, $query2);
9.  
10. if(!($result || $result2)) {
11.         echo "query failed";
12. }
13. if(mysqli_num_rows($result1 && $result2) <= 2) {
14.         header ("Location: mainpage.html");
15. } else {
16.         echo "wrong username or password";
17. }