// username and password sent from form$myusername=$_POST['login_user_name'];$

1. // username and password sent from form
2. $myusername=$_POST['login_user_name'];
3. $mypassword=$_POST['login_password'];
4.  
5. // To protect MySQL injection (more detail about MySQL injection)
6. $myusername = stripslashes($myusername);
7. $mypassword = stripslashes($mypassword);
8. $myusername = mysql_real_escape_string($myusername);
9. $mypassword = mysql_real_escape_string($mypassword);
10.  
11. $sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassword'";
12. $result=mysql_query($sql);
13.  
14. // Mysql_num_row is counting table row
15. $count=mysql_num_rows($result);
16.  
17. // If result matched $myusername and $mypassword, table row must be 1 row
18.  
19. if($count==1){
20.  
21. // Register $myusername, $mypassword and redirect to file "login_success.php"
22. session_register("login_user_name");
23. session_register("login_password");
24. header("location:login-success.php");
25. }
26. else {
27. echo "Wrong Username or Password";
28. }
29.  
30.  
31. ?>