PHP MySQL Login Dashboard

php-mysql-login.php

//////   Login.php

<?php

session_start();

if($_SERVER["REQUEST_METHOD"] == "POST")
{

//if(isset($_POST['username'])){

$username=htmlspecialchars($_POST['username'],ENT_QUOTES,"UTF-8");
//}
//if(isset($_POST['password']))
//{


$password=htmlspecialchars($_POST['password'],ENT_QUOTES,"UTF-8");
//}

//connect to database

$con=mysqli_connect("localhost","root","xxx","dashboard") or die();


//execute query

$query ="SELECT username, password from `login` where username='$username' and password='$password'";

$result=mysqli_query($query);

while($row = mysqli_fetch_array($result))
{
	if($_POST['username']==$row['username'] && $_POST['password']==$row['password'])
	{
		$_SESSION['username']=$username;
		header("Location:dashboard.php");
	}
	else 
	{
		echo "You got credentials wrong";
	}
}


}


?>
<form method="post" action="<?php htmlspecialchars("PHP_SELF", ENT_QUOTES,"UTF-8"); ?>">

<label>Username :</label><input type="text" name="username"></br>
<label>Password:</label><input type="password" name="password"></br>
<br/>
<input type="submit" value="submit"></br>
</form>	






////////                dashboard.php

<?php

session_start();

echo "Welcome ". $_SESSION['username'];

?>

<a href="logout.php">Logout</a>




////////////            logout.php

<?php

session_destroy();

header("Location:login.php");

?>