$strSQL = "SELECT * FROM member WHERE Username = '".mysql_real_escape_string($_POST['txtUsername'])."'
and Password = '".mysql_real_escape_string($_POST['txtPassword'])."'";
Code
$strSQL = "SELECT * FROM member WHERE UserID = '".$_SESSION['UserID']."' ";
พอผม เอา 2 โค้ดบนนี้มารวมกันเป็น Code
$strSQL = "SELECT * FROM member WHERE Username = '".mysql_real_escape_string($_POST['txtUsername'])."'
and Password = '".mysql_real_escape_string($_POST['txtPassword'])."'";
$strSQL = "SELECT * FROM member WHERE UserID = '".$_SESSION['UserID']."' ";