Please do this community a favor and delete your post.
I can think 1 trillion ways to exploit such an poorly-written algorithm.
For instance: What happens if $_POST["username"] is 'or' '1'='1' -- ' ?
I'd suggest you to learn the basics of input serialization before rushing into writing code like this. Your Interpreter will not complain but your database handles the data differently.