How can I make a SQL Injection for the following: (This is a login page) Login

How can I make a SQL Injection for the following:

(This is a login page)

$servername = "localhost";

$username = "root";

$password = "";

$dbname = "firstprojectdatabase";

// connection

$conn = mysqli_connect($servername, $username, $password, $dbname);

// Check connection

if (mysqli_connect_error()) {

die("Database connection failed: " . mysqli_connect_error());

}

if ($_POST){

$uname = $_POST["username"];

$pass = $_POST["password"];

$sql = "SELECT * FROM firsttable WHERE username = '$uname' AND password = '$pass'";

$result = mysqli_query($conn, $sql);

if(mysqli_num_rows($result)==1){

echo "WELCOME!";

} else {

echo "Incorrect password or username";

}

}

?>