PHP / MySQL question?

[Andy]

when assigning a MySQL query to a PHP var should you encolse it in speach marks like;

$insertcomment = "INSERT INTO comments (name,date,comment) values ('"$name"','"$date"','"$comment"')";

or like:

$insertcomment = INSERT INTO comments (name,date,comment) values ($name,$date,$comment);

 

[PhonicUK]

You put them in escaped quotes /"or in single quotes '

$insertcomment = "INSERT INTO comments (name,date,comment) values ('$name','$date','$comment')";

Also, make sure that $name $date and $comment have mysql_real_escape_string() run on them first to make sure that any data in them doesn't affect the SQL query.