$query= mysql_query("SELECT *** FROM *** where ***='".mysql_real_escape_string(***)."'") or die (mysql_error());