Quote:
$res= mysqli_query($link, "select * from lib_registration where username='$_POST[username]' && password= '$_POST[password]' ");
Wherever you got that code from, you should delete it, block the site, and forget everything you read there.
That code is vulnerable to
SQL Injection[
^]. Within five minutes of making your site accessible to the public, your database will be stolen or vandalized.
PHP: SQL Injection - Manual[
^]
PHP: Prepared statements and stored procedures - Manual[
^]
The code is also storing users' passwords in the database in plain text, which is absolutely the wrong thing to do. That's particularly heinous, since PHP provides built-in functions to help you do the right thing with passwords.
Secure Password Authentication Explained Simply[
^]
PHP: password_hash[
^]
PHP: password_verify[
^]
And, as you've discovered, the code doesn't even handle basic database error checking correctly.
Given the severe security vulnerabilities in this small sample of the code, anything you've learned from that site is likely to be dangerously wrong.