@Cups ; is correct, we at Sitepoint like to provide examples, but ones that are meaningful and won't result in bad practices being continued further. He simply asked that you provide a better more secured example which really just needed a few tweaks.
By changing the following lines:
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$user_id = $_SESSION['user_id'];
To their appropriate more secure ones
$username = mysql_real_escape_string($_REQUEST['username']);
$password = mysql_real_escape_string($_REQUEST['password']);
$user_id = mysql_real_escape_string($_SESSION['user_id']);
Would introducing the original poster to PDO be better? Definitely.
@Marsi ;, if you would like to see blogaddition's example using PDO, let me know. I could probably work on that later today.