<?php session_start(); include 'config.php'; $email=$db->real_escape

1. <?php
2.     session_start();
3.     include 'config.php';
4.     $email=$db->real_escape_string($_POST['email']);
5.     $password=$db->real_escape_string(md5($_POST['password']));
6.  
7.     $query="SELECT ID_account,email,password FROM account WHERE email='$email';";
8.    
9.     $risultato=$db->query($query);
10.     if($risultato->num_rows>0){
11.         $riga=$risultato->fetch_assoc();
12.         $db_pass=$db->real_escape_string($riga['password']);
13.         if(strcmp($password,$db_pass)==0){
14.             $_SESSION['account']=$riga['ID_account'];
15.             header("Location:../home.php");
16.         }
17.         else
18.             header("Location: ../errore.php?errore=pass&&form_pass=$password&&db_pass=$db_pass");  
19.     }
20.     else
21.         header("Location: ../errore.php?errore=email");
22.  
23. ?>