mysqli_query inputs via variable

Question

I\'m trying to add information to a MySQL table using the following PHP code. (The input the name and text from an HTML5 basic web form.) Probably a syntax issue?

Answer 1

First of all: you should use mysqli prepared statements to prevent SQL injection attacks. It is not safe to use user input within a query without proper escaping. Prepared statements are useful to prevent this.

Second: you should learn how string quoting works in PHP, single quoted strings and double quoted strings are different

I would recommend to read the PHP documentation about string quoting.