Too many quotation marks in mysql

Question

my problem is too many quotation marks.

$come = mysql_query("SELECT * FROM users WHERE email="$_POST['email']" and password="$_POST['password']" ");

Then I tried this but it doesn't work ...

$come = mysql_query("SELECT * FROM users WHERE email="/$_POST['email']/" and password="/$_POST['password']/" ");

Please help me :/

Answer 1

$come = mysql_query("SELECT * FROM users WHERE email='".$_POST['email']."' and password='".$_POST['password']."' ");

Try this it should fix your issue. But mysql is deprecated consider mysqli or pdo.