Hello,

if ((srlen(trim($passwort))>0) and (strlen(trim($username))>0))
 {
   ## *1)
   $username = mysql_escape_string($username);
   $password = mysql_escape_string($password);

$query = "SELECT USER, PASS FROM wgs_mitglieder ".
            "WHERE USER = '$username'" AND PASS = '$passwort'";

$result = mysql_query($query,$dbh);
   if(!$result or (mysql_num_rows($result) != 1))
   {
     header("Location: http://domain.tld/index.php");
   }
   else
   {
     $row = mysql_fetch_array($result);
     $username = $row['USER'];
     session_register("username");
     header("Location: /pressecenter/index.php");
   }
 }
 else
 {
   header("Location: http://domain.tld/index.php");
 }

*1) gilt für mysql_magic_quotes() === false;
      sonst vorher noch stripslashes() verwenden.

Liebe Grüße aus http://www.braunschweig.de

Tom