MD5密码未从db中选择

Question

if(isset($_POST['login']))
{
    $pass = md5($_POST['password']);
    $ch="SELECT * FROM membership WHERE email='$_POST[email]' AND    password='$pass'";
    $mych=mysqli_query($database,$ch) or die(mysqli_error($database));
    $counter=mysqli_num_rows($mych);
    if($counter>0)
    { 
        $_SESSION['userEmail']=$_POST['email'];
        $_SESSION['start'] = time();

        // Record now logged in time
        $_SESSION['expire'] = $_SESSION['start'] + (5 * 60) ; 

        // ending a session in 5  minutes from the starting time
        header("Location:userDashboard/");  
    }else{
       $qstring = '?status=err';
       $_SESSION['LoginAlert']="User Account Not Exist";
       header("Location:login.php".$qstring);   
    }
}