mysql - Can anyone help me figure out the meaning of this php error message? -

possible duplicate:
can me figure out wrong code?

here code

$con = mysql_connect("localhost", "root", '');  if (!$con) {     die('cannot make connection'); }   mysql_select_db('yumbox_table', $con) or die('cannot make connection');     isset($_post['user_name'], $_post['password'], $_post['user_type']);  $data = mysql_query("select *                         users                        user_name == ($_post['user_name'])                          , ($_post['password'])                          , ($_post['user_type'])") or die(mysql_error());  $info = mysql_fetch_array($data); $count = mysql_numrows($data);  if ($count == 1) {     echo("success!!"); } else {     echo("big friggin failure!!"); }  mysql_close($con); 

whenever run code, receive following message:

you need escape post values before insert put them query. should escape post values before use them in database query.

instead of this:

$data = mysql_query("select * users user_name == ($_post['user_name']) , ($_post['password']) , ($_post['user_type'])" 

do this:

$user_name = mysql_real_escape_string($_post['user_name']); $password = mysql_real_escape_string($_post['password']); $user_type = mysql_real_escape_string($_post['user_type']); $data = mysql_query("select * users user_name == '$user_name' , password == '$password' , user_type == '$user_type'"); 

note assuming columns in table 'user_name', 'password', , 'user_type'.