<?phpsession_start();include ('connection.php');$myusername=$_POST['us

1. <?php
2. session_start();
3.  
4. include ('connection.php');
5.  
6. $myusername=$_POST['username'];
7. $mypassword=$_POST['pass'];
8.  
9. // To protect MySQL injection (more detail about MySQL injection)
10. $myusername = stripslashes($myusername);
11. $mypassword = stripslashes($mypassword);
12. $myusername = mysql_real_escape_string($myusername);
13. $mypassword = mysql_real_escape_string($mypassword);
14.  
15. $sql="SELECT * FROM register WHERE username='$myusername' and password='$mypassword'";
16. $result=mysql_query($sql);
17.  
18. // Mysql_num_row is counting table row
19. $count=mysql_num_rows($result);
20. // If result matched $myusername and $mypassword, table row must be 1 row
21.  
22. if($count==1){
23. // Register $myusername, $mypassword and redirect to file "login_success.php"
24. $_SESSION["myusername"] = $myusername;
25. $_SESSION["mypassword"] = $mypassword;
26.  
27. header("location:char.php");
28. }
29. else {
30. header("Location:login_fail.html");
31. }
32.  
33. ?>