$query = "SELECT * FROM `users` WHERE `username` = {$_POST['username']} AND `password` = md5({$_POST['pass']})"