$strSQL = "SELECT * FROM user WHERE user = '".trim($_POST['txtUsername'])."'
and userpw = '".trim($_POST['txtPassword'])."'";
$objQuery = mysql_query($strSQL);
$objResult = mysql_fetch_array($objQuery);
if(!$objResult) {
header("location:login.html");
//echo "Username and Password Incorrect!";
}
else