ANSWER:

Rather than first checking to see if the username exists and then looking if the password is correct, why not do both at the same time?

$row = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE Username='$username' AND pass='$password'"));

if($row['id'])  
$_SESSION['username']=$dbusername;
header('Location: memberHome.php');

Also, it’s wise not to use * in your SELECT statement. Only select the items you actually need.

by Jako from http://stackoverflow.com/questions/10677051