mysql_select_db('webappdb');
admin page again and take a look at its underlying source code:
$user = $_POST['user']; # unsanitized
$pass = $_POST['pass']; # unsanitized
$query="select * from users where name = '$user' and password = '$pass' ";
$queryN = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($queryN) == 1)
{ $resultN = mysql_fetch_assoc($queryN);
$_SESSION['user'] = $_POST['user'];
header("location:admin.php");
echo "<br /><h1>Wrong Username or Password</h1>";
echo '<META HTTP-EQUIV="Refresh" CONTENT="2;URL=admin.php">';