<?phpob_start();$host="localhost"; // Host name $username=""; // mysqli us

1. <?php
2. ob_start();
3. $host="localhost"; // Host name
4. $username=""; // mysqli username
5. $password=""; // mysqli password
6. $db_name="test"; // Database name
7. $tbl_name="members"; // Table name
8.  
9. // Connect to server and select databse.
10. mysqli_connect("$host", "$username", "$password", "$db_name")or die("cannot connect");
11.  
12. // Define $myusername and $mypassword
13. $myusername=$_POST['myusername'];
14. $mypassword=$_POST['mypassword'];
15.  
16. // To protect mysqli injection (more detail about mysqli injection)
17. $myusername = stripslashes($myusername);
18. $mypassword = stripslashes($mypassword);
19. $myusername = mysqli_real_escape_string($myusername);
20. $mypassword = mysqli_real_escape_string($mypassword);
21.  
22. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
23. $result=mysqli_query($sql);
24.  
25. // mysqli_num_row is counting table row
26. $count=mysqli_num_rows($result);
27. // If result matched $myusername and $mypassword, table row must be 1 row
28.  
29. if($count==0){
30. // Register $myusername, $mypassword and redirect to file "login_success.php"
31. session_register("myusername");
32. session_register("mypassword");
33. header("location:login_success.php");
34. }
35. else {
36. echo "Wrong Username or Password";
37. }
38.  
39. ob_end_flush();
40. ?>