SQL

<?php

if(isset($_GET['Login'])){
//Getusername
$user=$_GET['username'];

                    //Getpassword
                    $pass=$_GET['password'];
                    $pass=md5($pass);

                    //Checkthedatabase
                    $query="SELECT * FROM `users` WHEREuser='$user' AND password='$pass';";

                    "SELECT * FROM `users` WHERE user='$admin' or '1'='1' AND password='$pass';";
                    "SELECT * FROM `users` WHERE user='$user' or '1'='1' AND password='$pass';";

                    admin' or '1'='1
                    
                    $result=mysql_query($query)ordie('<pre>'.mysql_error().'</pre>');

                    if($result&&mysql_num_rows($result)==1){
                                            //Getusersdetails
                                            $avatar=mysql_result($result,0,"avatar");

                                            //Loginsuccessful
                                            echo"<p>Welcome to the password protected area{$user}</p>";
                                            echo"<imgsrc="{$avatar}"/>";
                                                        }
                    else{
                                            //Loginfailed
                                            echo"<pre><br/>Username and /or  password incorrect.</pre>";
                        }

                    mysql_close();

}