My question is pretty specific, but I think it will help in my overall understanding of security and SQL injection. I am running a local webpage with a simple form for the purpose seeing how SQL injection works first hand, by doing it to my own database and webpage. I keep changing the way my php file validates a user so I can see the differences. I am a beginner and the php file is very simple on purpose. My current php code is:

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$conn = mysql_connect('localhost', 'root', 'password');
mysql_select_db(test1);
$query = "SELECT username, password FROM users WHERE username = '$username'";
$result = mysql_query($query) or die("Query failed: " . mysql_error());
$arr = mysql_fetch_array($result);
if($arr['username'] == $username && $arr['password'] == $password && strlen($username) > 0){
 header('Location:index.php');
}else{
 header('Location:login.html');
}
?>

I have no idea if this is a good or bad way of validating. I just want to know an example of how to inject it because I can’t figure this one out. MySQL_query() only allows 1 statement so I can’t chain together statements, and I don’t know what else to do to it. I have changed the file so I can do

‘ or 1=1; —

types of injection, but obviously that one will not work here. So just curious. Thanks.