The main issue comes from how you've named your form elements vs. what you're expecting in PHP:
<input .. name="usersUSERSNAME" .. />
<input .. name="usersPWD" .. />
Versus:
$usersUSERSNAME = $_POST['user'];
$usersPWD = $_POST['pwd'];
You're trying to reference inputs with different names. Remember that the
$_POST
variable contains values corresponding to the names of the elements in your form. So in this case your
'user'
needs to be
'usersUSERSNAME'
and your
'pwd'
needs to be
'usersPWD'
so that they match. Or you can choose to rename the input elements instead.
That being said, obligatory comment about using variables directly within an SQL statement. Even using escape string it's still better practise to use prepared statements and bind the parameters.
PHP MySQL Prepared Statements[
^]