Edit: Original answer was a bit off. You can have the ':' in both places.
Also, this script (if it worked the way you expected) will allow anyone to login regardless of password, because you're using COUNT() then checking how many rows are returned. The number of rows returned by a COUNT() query will be 1. Always 1. It will contain one value, which could be 0, 1, or more.
However: rowCount()
does not work on SELECT statements.
http://www.php.net/manual/en/pdostatement.rowcount.php
Example #2 Counting rows returned by a SELECT statement
For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement. Instead, use PDO::query() to issue a SELECT COUNT(*) statement with the same predicates as your intended SELECT statement, then use PDOStatement::fetchColumn() to retrieve the number of rows that will be returned. Your application can then perform the correct action.
You'll want to give the count an alias, fetch it, and use it.
http://www.php.net/manual/en/pdostatement.fetchcolumn.php
$sql= "SELECT COUNT (*) AS num FROM `managers` WHERE `username` = :username and `password` = :password ";
$result = $connection->prepare($sql);
$result->bindParam(":username" ,$_POST['username']);
$result->bindParam(":password" ,$_POST['password']);
$result->execute();
$num=$result->fetchColumn();
if($num > 0){
header("location:index.php");
}else{
header("location:login.php");
}