// hash password
$password = $this->hash($password);
- if ($this->db->query("SELECT id FROM users WHERE username = ? AND password = ?",
+ if ($this->db->query("SELECT id FROM users WHERE username='?' AND password='?'",
$username, $password)->count()>0)
return true;
else