you've got a dot missing just before $username

Hi!

Add "." between username='" and $username.

Should be:

WHERE username='".$username."'

Hey Topr8 & Psychopsia,
i manage to solve the problem.
Really thanks for your help :)

But now i bump into this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM stars WHERE username=''AND password = SHA1 ('')' at line 1

i did some editing so the latest code is as follow:

<?php
session_start ();
$HOST = 'localhost';
$USERNAME = 'root';
$PASSWORD = '';
$DB = 'c203';
$username = $_POST['username'];
$password = $_POST['password'];

$link = mysqli_connect ($HOST,$USERNAME,$PASSWORD,$DB)or die(mysqli_connect_error());
$sql = "SELECT id,username, FROM stars WHERE username='".$username."'AND password = SHA1 ('".$password."')";
$result = mysqli_query($link,$sql) or die (mysqli_error($link));

if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_array($result);
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$msg = '<p><i>You are logged in as '.$SESSION['username'].'<br/><a href="index.php">Home</p>';

}else {
$msg = '<p class ="error"> Sorry, you must enter a valid username and password to log in. <a href ="login.html">Back</a></p>';
}

?>

I cant get the meaning where its wrong....

You're missing a space before your "and".

..... name='".$username."' AND <-- like this.

In the future, when you get mySQL errors, echo the select statements to the screen, they become very obvious.

Remove comma between 'username' and FROM

Like:

id, username FROM

Rocknbil : How to do the echo-ing you said?

Psychopsia & Rocknbil : Thanks alot for both your help :)

$sql = "SELECT id,username FROM stars WHERE username='".$username."' AND password = SHA1 ('".$password."')";
//echo $sql; // Uncomment the previous if you have problems

Ok, tks alot Rocknbil :)