Thank you! This will be great to learn from. Better a little late, than never
Your php is not bad enough to laugh at
You may already know this but you can place functions in functions.
$user = stripslashes(mysql_real_escape_string($user));// Strip slashes & Remove bad characters
$pass = stripslashes(mysql_real_escape_string($pass));
....
$result=$mysqli->query("SELECT * FROM users WHERE nick='$user' and parola='$pass'");
I like php because of how 'dynamic' the usability of the syntax is.
Cheers