$stmt = $mysqli -> prepare('SELECT username FROM users_table WHERE username = ?'

1. $stmt = $mysqli -> prepare('SELECT username FROM users_table WHERE username = ?');
2. $stmt -> bind_param("s",$username);
3. $stmt -> execute();
4. $stmt -> bind_result($result);
5. $stmt -> fetch();
6. if ($result==NULL)
7. {
8.     $error = "User " . $username . " does not exist!";
9.     include 'form.html.php';
10. }
11. else
12. {
13.     $stmt = $mysqli -> prepare('SELECT username FROM users_table WHERE username = ? AND password=MD5(?)');
14.     $stmt -> bind_param("ss",$username,$password);
15.     $stmt -> execute();
16.     $stmt -> bind_result($result);
17.     $stmt -> fetch();
18.        
19.     if ($result==NULL)
20.     {
21.         $error = "Password for user " . $username . " is incorrect!";
22.         include 'form.html.php';
23.     }
24.     else
25.     {
26.         echo "Welcome " . $result . "!!";
27.     }
28. }