PHP PDO ACCESS 留言板-登录

<?php include "inc.php"; ?><?php ob_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><title>用户登录</title></head><body><h3>用户名登录</h3><form name="loginform" action="" method="post"><p>用户名：<input type="text" name="username" /></p><p>密&nbsp;码：<input type="password" name="pwd" /></p><p><input type="submit" name="sub" value="登录" /></p></form><?phpif($_REQUEST["sub"]=="登录"){    $UserName="";    $Pwd="";    $Err="";    $UserName = CheckInput($_REQUEST["username"]);    $Pwd = CheckInput($_REQUEST["pwd"]);    if(empty($UserName)){        //$Err=$Err."用户名不能为空！";        echo "<script>alert('用户名不能为空！');</script>";        return false;    }    if(empty($Pwd)){        echo "<script>alert('密码不能为空！');</script>";        return false;    }    $sql = "select * from Users where UserName='".$UserName."' and UserPassword='".$Pwd."'";    $rs = $conn->query($sql);    $row=$rs->fetch();    if(empty($row["UserName"])){        echo "请正确输入用户名和密码！";        return false;    }    else{        session_start();        $_SESSION['username']=$row["UserName"];        $_SESSION['purview']=$row["Purview"];        Header("Location: index.php");    }    ob_end_flush();}?></body></html>