if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {$user_log

1. if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
2.  
3. $user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]); //
4.  
5. filter everything but numbers and letters
6.  
7. $password_login = preg_replace('#[^A-Za-z0-9]#i', '',
8.  
9. $_POST["password_login"]); // filter everything but numbers and letters
10.  
11. $password_login_md5 = md5($password_login);
12.  
13. $sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND
14.  
15. password='$password_login_md5' LIMIT 1"); // query the person
16.  
17. //Check for their existance
18.  
19. $userCount = mysql_num_rows($sql); //Count the number of rows returned
20.  
21. if ($userCount == 1) {
22.  
23. while($row = mysql_fetch_array($sql)) {
24.  
25. $id = $row["id"];
26. }
27.  
28. $_SESSION["user_login"] = $user_login;
29.  
30. header("location:index.php");
31. exit();
32. } else {
33. echo 'That information is incorrect, try again';
34. exit();
35. }