I am rewriting this mysql deprecated code to PDO but before then, I need to sort out one issue.

This code was used for login authentication by passing a username and password via a form inputs.Now i also wants to
add another inputs like security Code as per code below



Code:
$sql=mysql_query("select * from members where security='$sec'");
if($row=mysql_num_rows($sql)==0){
	echo "<font color=red>Security Code is incorrect</font>";
}

The problem is that security code check is skipped during authentication. I think the problem might be from
my if statement. Any help will be appreciated.

Code:

<?php

include("db_deprecated.php");

$uname=mysql_real_escape_string($_POST["uname"]);
$pass=mysql_real_escape_string($_POST["pass"]);
$sec=mysql_real_escape_string($_POST["sec"]);



$sql=mysql_query("select * from members where username='$uname'");
if($row=mysql_num_rows($sql)==0){
	echo "<font color=red>The Username is incorrect</font>";
}else{
	
$sql=mysql_query("select * from members where password='$pass'");
if($row=mysql_num_rows($sql)==0){
	echo "<font color=red>The Password is in correct</font>";

}else{
	
$sql=mysql_query("select * from members where usernameu='$uname' and password='$pass'");
$row=mysql_fetch_array($sql);

//print login successful

}
	
}

?>