How to compare email and word passes of textboxes with the database

I already have this code:

   <?php
   ...
   $dbconn = mysqli_connect($servername, $username, $password, $dbname)or die("Failed to connect to database:" . mysqli_error($conn));

    $email = mysqli_real_escape_string($dbconn, $_POST['login']);
    $password = mysqli_real_escape_string($dbconn, $_POST['senha']);

    if (!empty($email) && !empty($password))
    {

    $query = "SELECT (email, password) FROM Paciente WHERE email = '$email' AND password = SHA('$password') ";
    $data = mysqli_query($dbconn, $query);
    $result = mysqli_num_rows($dbname);
    printf("Number of rows %d \n", $result);
    if ($result == 1) {

        $row = mysqli_fetch_array($data);
        $email = $row('login');
        $password = $row('senha');
        header("location: marcar_consulta_online.html");
    } else {

        echo "A password e/ou email estão erradas";
    }

    }
    else
    {

        echo ' Deve preencher com o seu email e password';
        ?>

    <?php
    }
    mysqli_close($dbcon);
    ?>

   no outro código tenho: 

   <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
    <p style="font-size: 20px"> <font face= "Verdana">
        Email:<INPUT type="text" name="login" size=35><br><br>
        Password:<INPUT type="password" name="senha" size=30>
    </p></font>

    <input type="submit" value="Login" name="botao_login" class="botao_login"/></FORM>

When I click the button it writes the message: 'You must fill in your email and password', which should only happen if the fields are empty.