> 9 $Account = $_POST['Account']; > 10 $Password = $_POST['Password']; This lines should check all user input to prevent sql-injection attack Read this [article](http://php.net/manual/en/filter.filters.sanitize.php)
