登录页面验证~~~~ 求救

if ($_POST["admin"]!=""){				$admin=$_POST["admin"];		$pwd=$_POST["pwd"];		 		$conn = new com("ADODB.Connection");  		$connstr="DRIVER=Microsoft Access Driver (*.mdb);DBQ=".realpath("../../YCHB85SAD87/#YCHB85SAD87.mdb");				$conn->open($connstr);				$sql="select * from admin where admin='$admin' and pwd='$pwd'";		$rs = new com("ADODB.RecordSet");		$rs->Open($sql,$conn,1,1);					  if(! $rs->eof){  			session_start();  			$_SESSION['username']=$rs['username']; 			 echo "<script>alert('登录成功！');window.location='main1.asp';</script>"; 			}  			else{ 			echo "<script>alert('登录失败！');history.back();</script>";  			}					}