I am rewriting this mysql deprecated code to PDO but before then, I need to sort out one issue.

This code was used for login authentication by passing a username and password via a form inputs.Now i also wants to
add another inputs like security Code as per code below






$sql=mysql_query("select * from members where security='$sec'");
if($row=mysql_num_rows($sql)==0){
echo "<font color=red>Security Code is incorrect</font>";
}



The problem is that security code check is skipped during authentication. I think the problem might be from
my if statement. Any help will be appreciated.





<?php

include("db_deprecated.php");

$uname=mysql_real_escape_string($_POST["uname"]);
$pass=mysql_real_escape_string($_POST["pass"]);
$sec=mysql_real_escape_string($_POST["sec"]);



$sql=mysql_query("select * from members where username='$uname'");
if($row=mysql_num_rows($sql)==0){
echo "<font color=red>The Username is incorrect</font>";
}else{

$sql=mysql_query("select * from members where password='$pass'");
if($row=mysql_num_rows($sql)==0){
echo "<font color=red>The Password is in correct</font>";

}else{

$sql=mysql_query("select * from members where usernameu='$uname' and password='$pass'");
$row=mysql_fetch_array($sql);

//print login successful

}

}

?>