D: MySQL! Why do you do this to me?

[Deospeon]

 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test'' at line 1

 

When test is a user.

 

Login.php >

<?php
session_start();
include "./global.php";
?>
<html>
    <head>
        <title>Login - Fantasy Core Forums</title>
    </head>
    <style type="text/css">
        body{
            background-color:#373737;
            color:#FAFAFA;
            font-family:Tahoma, Geneva, sans-serif;
            font-size:10pt;
            margin-top:0px;
        }
        #holder{
            background-color:#000;
            width:71%;
            color:#A5A5A5;
            font-family:"Trebuchet MS", Arial, Helvetica, sans-serif;
            border:solid 1px #000;
            padding-bottom: 10px;
            padding-left: 10px;
            padding-right: 10px;
            padding-top: 10px;
            text-align:left;
        }    
        #userinfo{
            width:99%;
            font-family:"Trebuchet MS", Arial, Helvetica, sans-serif;
            font-size:10px;
            color:#333;
            background-color:#F6F6F6;
            border: 1px solid #333;
            text-align:left;
            padding: 3px;
            padding-right: 3px;
        }
a {
    font-size: 10px;
    text-decoration: none;
}
a:link {
    text-decoration: none;
}
a:visited {
    text-decoration: none;
}
a:hover {
    text-decoration: none;
}
a:active {
    text-decoration: none;
}
        
    </style>
    <body>
        <center>
        <?php include "./header.php" ?>     
        <div id="holder">
        <div id="userinfo">
<?

if($_SESSION['uid']){
    echo "Sorry, You are already logged in. Please <a href=\"logout.php\">Logout<\a> or go to the <a href=\"index.php\">Index</a>.\a";
}else {

    if(!$_POST['submit']){
    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"0\">\n";
    echo "<form method=\"post\" action=\"./login.php\">\n";
    echo "<tr><td><font color=\"#4A4A4A\"><b>Username:</b></font></tr></td><tr><td><input type=\"text\" name=\"username\"></td></tr>\n";
    echo "<tr><td><font color=\"#4A4A4A\"><b>Password:</b></font></tr></td><tr><td><input type=\"password\" name=\"password\"></tr></td>\n";
    echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td><tr></form>\n";
    }else {
        $user = mss($_POST['username']);
        $pass = $_POST['password'];
        
            if($user && $pass){
                $query = "SELECT id FROM `users` WHERE `username`'".$user."'";
                $res = mysql_query($query) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $query2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($query2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){
                        $row = mysql_fetch_assoc($res2);
                        $_SESSION['uid'] = $row['id'];
                            echo "You have successfully Logged in as ".$user;
                    }else {
                        echo "The Username or Password You have Entered is Incorrect.\n";
                    }
                }else {
                    echo "The Username that You have entered does not exist.\n";
                }
            }else {
                echo "Please Fill in all fields correctly.\n";
            }
    }
}
?>
</div>
</div>
</center>
</body>
</html>

 

and

global.php >

<?php
$con = mysql_connect("localhost","username","password") or die(mysql_error());
$db = mysql_select_db("database",$con);

function mss($value){
    return mysql_real_escape_string(trim(strip_tags($value)));
}

?>

 

Please inspect this code, and tell me about any errors.

P.S If There is anything more you'd like to know about, please tell me.

 

[Deospeon]

My Problem has been solved. I can now successfully log in.