<?php
$connect = mysql_connect("localhost","User","Passwort");
$db = mysql_select_db("Datenbank");
$select = mysql_query("SELECT `ID` FROM `Tabelle` WHERE `UserID` = '" . addslashes($_POST["User"]) . "' AND `Passwort` = '" . addslashes($_POST["Passwort2"]) . "'");
$row = mysql_fetch_array($select);
mysql_close($connect);
if ($row) {
   header("Location: http://www.addy.de/Test/datei2.php");
   session_start();                     //Start der Session
   session_register("XID") ;            //Registrieren der Variablen
   $XID == $row["ID"];                  //Variable mit Daten füttern
} else {
   echo("Passwort falsch");
   }
?>