mysql - PHP Script for Login doesn't work -

i'm trying make php login script. here's code:

<?php $mysqli = new mysqli("localhost", "root", "yespassword213", "staffcenter"); $query = $mysqli->query("select * members username = '$_post[user]' , password = '$_post[pass]'");  function signin() {      session_start();      if(!empty($_post['user'])) {          $row = $query->fetch_assoc();         if(!empty($row['username']) , !empty($row['password'])) {             $row['username']  = $_session['username'];             $row['password'] = $_session['password'];             $row['admin'] = $_session['admin'];              echo '<meta http-equiv="refresh" content="0; url=areaprivata.php" />';          }          else echo "password errata!";       }  }  if(isset($_post['submit'])) {      signin();  } ?> 

i don't know what's wrong code, maybe syntax errors don't see. can please me? tried nothing working.

looks have assignment wrong way round:

$row['username']  = $_session['username']; $row['password'] = $_session['password']; $row['admin'] = $_session['admin']; 

should be

$_session['username'] = $row['username']; $_session['password'] = $row['password']; $_session['admin'] = $row['admin']; 

as fred says, sql injection!