prepare("select * from users where username=? and password=?"); $loginQuery->bind_param("ss", $_POST["username"], MD5($_POST["password"])); $loginQuery->execute(); $loginQuery->store_result(); if($loginQuery->num_rows > 0) { session_start(); $_SESSION["username"] = $_POST["username"]; header("Location: /index.php"); } else{ echo "wrong username and/or password"; } } ?>