Add quotes to your variables:
"SELECT id, password FROM login WHERE id='$checkid' AND password='$checkpassword'"
^ ^ ^ ^
Sidenote: Don't use md5
, it's now insecure to use as password storage.
For password storage, either use bcrypt
or PHP's password()
function.
And see this article also
Also noted in comments by others, use mysqli_real_escape_string()
:
$checkid=mysqli_real_escape_string($link,$_POST['id']);