You are going to want to single quote those variables and get rid of extra ; at the end. So it’s a little hard to tell but I have a full quote, then single quote then full quote at the end. Also if you are going to add … for marking or other reason, you’ll want to comment them out with //.
<?php
if ($user!=null And $pass!=null){
//.....
$sql = "SELECT `idl` FROM `login` WHERE username = '" . $user . "' AND password = '" . $pass . "'";
//.....
}
?>