Password and username displaying in input fields?

Question

I have a silly problem that i just cant figure out. when i refresh my login page the password and username appears in the input fields. here is my code:

<?php include_once "includes/scripts.php"; ?>
<?php
session_start();
include_once ("includes/connect.php");
if (isset($_SESSION['logged_in'])) {
    header('location: admin_cms.php');
}else{
    if (isset($_POST['username'], $_POST['password'])){
        $username = $_POST['username'];
        $password = md5($_POST['password']);
        if (empty($username) or empty($password)){
            $error = '<p>NOTE: Fields are blank</p>';   
        }else{
            $query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password =?");
            $query->bindValue(1, $username);
            $query->bindValue(2, $password);
            $query->execute();
            $num = $query->rowCount();
            if ($num == 1){
                $_SESSION['logged_in'] = true;
                header('location: admin_cms.php');
                exit();
            }else{
                $error = "<p>NOTE: The username or password is incorrect</p>";  
            }
        }
    }
    ?>
    <div id="login_container">
        <br><img src="images/camelhorst_logo_full.png" style="margin-top:38px;">
        <h1>LOGIN<img src="images/three_column_grid_line.png" alt="line"></h1>
        <form  acton = "admin.php" method="post" autocompleate="off">
            <label>Username:</label>
            <input type="text" name="username" placeholder="Your Username" required>
            <label>Password:</label>
            <input type="password" name="password" placeholder="Your Password" required>
            <input type="submit"  value="Login" name="submit_login">
        </form>
        <?php if (isset($error))
        {echo $error;}?>
      <p id="copyright_admin"> © CAMELHORSE CREATIVE STUDIO 2013 </p>
    </div><!--login_container-->

    <?php } ?>
</body>
</html>

Please can someone help me with this and also if anyone sees a issue that might be a security issue please correct me?

Answer 1

at the end of the inputs put autocomplete="off"

example

 <input type="password" name="password" placeholder="Your Password" required autocomplete="off">

Place Holder may also be filling it so you could remove that

 <input type="password" name="password" required autocomplete="off">

You can also put the autocomplete="off" in the form tag