<?php include("config/db.php");$tbl_name="members"; // Table name// userna

1. <?php include("config/db.php");
2. $tbl_name="members"; // Table name
3.  
4. // username and password sent from form
5. $myusername=$_POST['myusername'];
6. $mypassword=$_POST['mypassword'];
7.  
8. // To protect MySQL injection (more detail about MySQL injection)
9. $myusername = stripslashes($myusername);
10. $mypassword = stripslashes($mypassword);
11. $myusername = mysql_real_escape_string($myusername);
12. $mypassword = mysql_real_escape_string($mypassword);
13.  
14. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
15. $result=mysql_query($sql);
16.  
17. // Mysql_num_row is counting table row
18. $count=mysql_num_rows($result);
19. // If result matched $myusername and $mypassword, table row must be 1 row
20.  
21. if($count==1){
22. // Register $myusername, $mypassword and redirect to file "login_success.php"
23. session_register("myusername");
24. session_register("mypassword");
25. header("location:members/index.php");
26. }
27. else {
28. echo "Wrong Username or Password";
29. }
30. ?>