<?php
//CONNECT TO DATABASE
$db_host="localhost";
$db_username="root";
$db_pass="";
$db_name="admin";
@mysql_connect("$db_host","$db_username","$db_pass","$db_name")
or die ("not connect");
@mysql_select_db("$db_name") or die ("no database");
echo "succesful connection";
//THEN I CHECK THE VALUES FROM MY FORM
if($_SERVER ['REQUEST_METHOD']=='POST'){
$username=$_POST['username'];
$password=$_POST['password'];
$username=htmlspecialchars($username);
$password=htmlspecialchars($password);
//SEARCH INTO MY DATABASE TABLE
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
$result=mysql_query($SQL);
//BASED ON MY RESULTS I GIVE TO SESSION VARIABLE A VALUE 1 OR "" AND REDIRECT TO INDEX.PHP
if($result){
$num_rows=mysql_num_rows($result);
if($num_rows>0){
session_start();
$_SESSION['check']="1";
header ("Location:index.php");
}
else{
session_start();
$_SESSION['check']="";
header ("Location:index.php");
}
}
}
?>
I think you have issue in your sql query. So try this
$SQL="SELECT * FROM members WHERE `username`='".$username."' AND `password`='".$password."' ";
Issue :
1) You are using direct $username
without single quote so if username is string it will not work
2) check that special character you are using after WHERE