gistfile1.phtml

<?php // best practice: always have <?php at the top

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="root"; // Mysql password 
$db_name="account"; // Database name 

// Connect to server and select databse.
$db = new mysqli($host, $username, $password, $db_name);

// username and password sent from form 
$email=$_POST['email']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$statement = $db->prepare('SELECT * FROM `member` WHERE `email` = ? AND `password` = ?');

$statement->bind_param('ss', $email, $password);
$statement->execute();

// Mysql_num_row is counting table row
$result = $statement->get_result();

// If result matched $username and $password, table row must be 1 row
if($result->num_rows == 0) {
	$url = '../index.php';
} elseif (!array_key_exists('prod_id', $_POST)) {
	$url = '../members/' . urlencode($email) . '/index.php';
} else {
	$url = '../members/' . urlencode($email) . '/checkout.php?id=' . urlencode($_POST['prod_id']);
}

header("Location: $url");
exit();
?>