I'm new here and trying to build some reputation up.

Here is a basic login script I programmed with lots of comments to help the people who are new to programming to understand it better.

Code:
<?php
session_start(); //start a session


//mysql connect
mysql_connect("", "", "") or die (mysql_error());


//select database
mysql_select_db("") or die (mysql_error());


//display login form
echo"
<form action='login.php' method='POST' />
Username: <input type='text' name='username' /> <br />
Password: <input type='password' name='password' /> <br />
<input type='submit' name='login' value='Login' />
</form> 
";


if (isset($_POST['login'])) { //check if the user has clicked the "Login" button


    //store user input in variables and secure them against sql injections
    $username = mysql_real_escape_string($_POST['username']);
    $password = md5($_POST['password']);


    //check if user exists in the table
    $query = mysql_query("SELECT * FROM tablename WHERE username = '$username' AND password = '$password' ") or die (mysql_error());


    if (!(mysql_num_rows($query)) {
        echo"You don't exist."; //if they dont display a error
    }else{
        //if they exist
        $_SESSION['user'] = $_POST['username']; //create a session
        header('location:home.php'); //redirect to another page
    }




}


?>
*untested but should be no errrors