$sql = "SELECT * FROM users WHERE username=? AND password = ?";$stmt = mysqli_

1. $sql = "SELECT * FROM users WHERE username=? AND password = ?";
2. $stmt = mysqli_stmt_init($db);
3. if (!mysqli_stmt_prepare($stmt, $sql)) {
4.   header("Location: ../login.php?error=sqlerror");
5.   exit();
6. }
7. else {
8.   mysqli_stmt_bind_param($stmt, "ss", $username, $password);
9.   mysqli_stmt_execute($stmt);
10.   $result = mysqli_stmt_get_result($stmt);
11.   if ($row = mysqli_fetch_assoc($result)) {
12.  
13.       session_start();
14.       $_SESSION['userId'] = $row['idUsers'];
15.       $_SESSION['userMail'] = $row['emailUsers'];
16.  
17.       header("Location: ../index.php?login=success");
18.       exit();
19.     }