Použijte:
$query = sprintf("SELECT u.*
FROM USERS u
WHERE u.user_name = '%s'
AND u.password = '%s'
AND u.user_type = '%s' ",
mysql_real_escape_string($_POST['user_name']),
mysql_real_escape_string($_POST['password']),
mysql_real_escape_string($_POST['user_type']) );
$result = mysql_query($query);