Почему то не работает код

Почему то не работает код и выводит сообщение "Username/password combination incorrect", даже если я ввел правильные Username и Password

 <?php
    session_start();
    // Connect to DB.
    $db = mysqli_connect("localhost", "root", "", "soks");
    if (isset($_POST['login_btn'])) {
        $username=mysqli_real_escape_string($db,$_POST['username']);
        $password=mysqli_real_escape_string($db,$_POST['password']);
        $password =md5($password);
        $sql = "SELECT * FROM users WHERE username='username' AND password='$password'";
        $result = mysqli_query($db,$sql);
        if(mysqli_num_rows($result) == 1) {
            $_SESSION['message'] = "You are now logged in";
            $_SESSION['username'] = $username;
            header("location: home.php");
        }else{
            echo "Username/password combination incorrect";
            $_SESSION['message'] = "Username/password combination incorrect";
        }
    }
?>
<!DOCTYPE html>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="login.css">
    <meta charset="utf-8">
    <title>Sign in</title>
</head>
<body>
<div class="header">
    <hl>Sign in</hl>
</div>
<form class="form" method="post" action="login.php">
    <table>
        <tr>
            <td class="text">Username:</td>
            <td><input  type="text" name="username" class="textInput"></td>
        </tr>
        <tr>
            <td class="text">Password:</td>
            <td><input  type="password" name="password" class="textInput"></td>
        </tr>
        <tr>
            <td></td>
            <td><input class="reg" type="submit" name="login_btn" value="Login"></td>
        </tr>

    </table>
</form>
</body>
</html>