i am trying to do the following, but is giving an error, what would be the correct way of writing the statement;
$sql="SELECT * FROM $tbl_name WHERE $db_usercol= '".$_POST['myusername']"' and $db_passcol= '"(md5($_POST['mypassword']))"'";
$result=mysql_query($sql);
mysql_real_escape_string() is a good practice.
$sql = "SELECT *
FROM $tbl_name
WHERE $db_usercol= '" . mysql_real_escape_string($_POST['myusername']) .
"' AND $db_passcol= '" . (md5($_POST['mypassword'])) . "'";
also, you forgot the concatenation symbol, ..