The code handles SQL injection automatically.
<?php
if (isset($_POST["SubmitButtonLogin"]) || isset($_POST["SubmitButtonLogin_x"])) {
if ($Authenticate->hasAccess()) {
// login success code
} else {
// login failure code
}
}
?>
I'm not sure what you mean by username check.