Untitled

<?php
include('template.php');
if   (isset($_POST['username']) and isset($_POST['password']))
{
  $name = $_POST['username'];
  $pwd = $_POST['password'];
  /*$name = $mysqli->real_escape_string($_POST['username']);
  $pwd = $mysqli->real_escape_string($_POST['password']);*/
  $query = <<<END
   SELECT username, userpassword, userid FROM Users
      WHERE username = '{$name}'
      AND userPassword = '{$pwd}'
END;
  $result = $conn->query($query);
  if ($result->rowCount() > 0) {
      $row = $result->fetchObject();
      $_SESSION["username"] = $row->username;
      $_SESSION["userId"] = $row->userid;
      header("Location:index.php");
  }else
{
      echo "Wrong username or password. Try again";
  }
}
$content = <<<END
<form action="login.php" method="post">
<input type="text" name="username" placeholder="username">
<input type="password" name="password" placeholder="password">
<input type="submit" value="Login">
</form>
END;
echo $navigation;
echo $content;
?>