PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
better use mysql_escape_string than strip_tags.
It's better to test the existence (and length) of username and password before querying mysql. If you do so and records are returned, e.g. tested by mysql_num_rows*, WHERE username='$username' AND password='$password' already asured that login/password were correct, so there's no need to check equality again with php.
header("Location: secure.php");
what happens if someone requests this page directly without passing the login?
$sql = "SELECT count(*) FROM general_access WHERE username='$username' AND password='$password'";
$result = mysql_query(...) ...
// if the number of records matching username and password is 1 that login was successful
$loggedIn = (array_shift(mysql_fetch_row($result)) ==1);