login

<?php
session_start();
$user=$_POST['uname'];
$_SESSION['username']=$user;
$con=mysql_connect("localhost","root","");
mysql_select_db("airline")or die("Db error");


$username=$_POST['uname'];
$password=$_POST['ptxt'];


$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


$query = mysql_query("select * from user where password='$password' AND name='$username'");

if( $username == 1 && $password == 1);
header("Location:/user.php");
?>

plz help me ? :(