why is the code below is not working?
$sql = "SELECT password, fullname, active FROM ".$mysql_table."";
$sql = $sql . "WHERE username = :username, password = :password";
$statement = $pdo->prepare($sql);
$statement->bindValue(':username', $_POST['username']);
$statement->bindValue(':password', md5($_POST['password']));
$statement->execute();